As Chief Security Officer(CSO) at Mandiant, customers and colleagues often ask about creating or improving their computer incident response teams (CIRTs). Prior to joining Mandiant a year ago, I created and led the General Electric CIRT (GE-CIRT), starting with myself and ending with 40 analysts in early 2011. When I designed and built the CIRT, I believed it was important to secure internal and external support and recognition for our efforts. We benefited from a strong internal champion in the form of the company's Chief Information Security Officer, Grady Summers (now a Vice President with Mandiant), as well as support from our Chief Information Officer. As part of my strategy to build an external presence, I sought involvement with the Forum of Incident Response and Security Teams (FIRST). In this post I will explain why I thought FIRST was important to my CIRT.Read more...
Entries filed under 'NGFIRST'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.