Say incident response to 10 people and odds are you'll get 10 different opinions on how to do it right. It's become common knowledge that the best threat intel comes from inside an organization but what threat intel is important and what is simply noise? What is going to cause the adversary the most pain? In this talk we'll review common threat intelligence artifacts, where they come from and how to craft IOCs for maximum effect for your IR efforts
Jim Wojno is a Technical Account Manager for Tanium. Jim provides technical assistance and support to enterprise customers in the Ohio Valley / Central US region, assisting with project scoping, solution selection, proof-of-concept pilots, and production implementation across a variety of industry verticals. Jim has worked for several leading edge IT security firms such as Tanium, Mandiant/FireEye, RSA, Secureworks, McAfee and Symantec. Areas of particular focus and interest include incident response, forensics, endpoint security management and exploring new ways to make the Blue Team more effective against an ever expanding attack horizon.