Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Japanese Manufacturing, Killer Robots, & Effect...
Search
Scott J. Roberts
June 23, 2017
Technology
0
120
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
The talk I did with @bfist at the SANS DFIR Summit 2017.
Scott J. Roberts
June 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
720
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
36
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
120
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
130
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
81
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
73
Homemade Ramen & Threat Intelligence
sroberts
2
560
Introduction to Open Source Security Tools
sroberts
3
5k
Building Effective Threat Intelligence Sharing
sroberts
1
120
Other Decks in Technology
See All in Technology
GraphRAG グラフDBを使ったLLM生成(自作漫画DBを用いた具体例を用いて)
seaturt1e
1
150
「最速」で Gemini CLI を使いこなそう! 〜Cloud Shell/Cloud Run の活用〜 / The Fastest Way to Master the Gemini CLI — with Cloud Shell and Cloud Run
aoto
PRO
1
180
AI-Readyを目指した非構造化データのメダリオンアーキテクチャ
r_miura
1
320
可観測性は開発環境から、開発環境にもオブザーバビリティ導入のススメ
layerx
PRO
0
330
IBC 2025 動画技術関連レポート / IBC 2025 Report
cyberagentdevelopers
PRO
2
170
現場の壁を乗り越えて、 「計装注入」が拓く オブザーバビリティ / Beyond the Field Barriers: Instrumentation Injection and the Future of Observability
aoto
PRO
1
600
AI AgentをLangflowでサクッと作って、1日働かせてみた!
yano13
1
160
CNCFの視点で捉えるPlatform Engineering - 最新動向と展望 / Platform Engineering from the CNCF Perspective
hhiroshell
0
140
コンパウンド組織のCRE #cre_meetup
layerx
PRO
1
270
Databricks AI/BI Genie の「値ディクショナリー」をAmazonの奥地(S3)まで見に行く
kameitomohiro
1
410
AWS DMS で SQL Server を移行してみた/aws-dms-sql-server-migration
emiki
0
240
知覚とデザイン
rinchoku
1
590
Featured
See All Featured
RailsConf 2023
tenderlove
30
1.3k
Mobile First: as difficult as doing things right
swwweet
225
10k
Imperfection Machines: The Place of Print at Facebook
scottboms
269
13k
Rails Girls Zürich Keynote
gr2m
95
14k
Learning to Love Humans: Emotional Interface Design
aarron
274
41k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.2k
Documentation Writing (for coders)
carmenintech
75
5.1k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Building Better People: How to give real-time feedback that sticks.
wjessup
369
20k
GraphQLとの向き合い方2022年版
quramy
49
14k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
10
620
The Invisible Side of Design
smashingmag
302
51k
Transcript
Japanese Manufacturing, Killer Robots, & Effective Incident Handling With Scott
& Kevin
Introduction - Who We Are - What We’re About -
What We’re Gonna Share
Who We Are? Kevin aka @bfist Response Lead @ Heroku
Scott aka @sroberts SIRT Lead @ GitHub FOR578 Instructor
WHAT WE’RE ABOUT? MAKING INCIDENT RESPONSE MORE EFFICIENT WITH SCIENCE
ENGINEERING
WHAT WE’RE GONNA SHARE? A LOW COST, COLLABORATIVE METHOD FOR
MANAGING COMMON INCIDENT RESPONSE WORKFLOWS
You’ve Got 99 Problems - Moving up the Maturity Model
- Enable multiple responders - Provide easy to comms to stakeholders - Incidents come in waves - You’re poor and have no $$$
Project Management <REQUIRED MODEL SLIDE>
JIT (Just In Time) - Management Theory from Toyota -
Create as Needed/Not as Planned - Limits Inventory - Lots of IR Parallels
Introduction to Kanban - A factory floor level production management
tool - Spatial representation of tasks through a series of phases - Adapted to multiple non- manufacturing industries
Introduction to Kanban
None
None
Useful For.. - Short Term (JIT) Tasks Around Incidents -
Long Term Management Task for Projects & Continuous Output
Warning We use the same tool (Kanban) BUT… We use
kanban very differently (And that’s cool!!!)
Example
Platforms: GitHub Projects - Notes, artifacts, and boards in one
place - Assign cards to people - Easy API - No Built In Templating
GitHub Projects
Platforms: Trello - Kanban is their main product - Full
featured GUI - Card based discussions - Attachable Files - Many Integrations - Mature API
Trello
Incident Stages - Preparation. } Built Here - Identification -
Containment - Eradication - Recovery - Lessons Learned } Helps Here
Preparation - Build template Kanban boards for common incidents -
Start with a column for basic information sharing - Do you have things that need to be done in every incident?
Other Stages - Create a column for containment, eradication, and
recovery tasks. - Do you need to roll creds for this incident? - Do you need to revoke hardware tokens?
Example: Malware Incident
Lessons Learned - Create a column for lessons learned -
Dumping ground for the retro
Meat & Potatoes (And Simplicity) - 3 Columns - In
Progress - Done - Canceled - Assign People to Tasks - Canceled cards should have an explanation
Example
Example: Lost/Stolen Laptop
Workflows: System Triage - New - Live Response Requested -
Live Response Received - Analyzed - Remediated - Returned
Workflows: Compromised Resources - Malicious Activity Identified - Password Reset
- 2FA Verified - User Interviewed - Remediated
Workflows: Indicator Development - Backlog - Enriched - COA: Discovery
- Detection Created - COA: Detection Deployed - Detection Deprecated
Workflows: Intelligence Product Development - Planned - Analyzed - Drafted
- Edited - Released - Feedback Collected
Automation - Templates move you from managed to defined -
Repeatable & Consistent - Demonstrate Process - Reduce Admin Overhead
Wanna Try It? github.com/sroberts/incident-template
Bonus Content: The Five Whys - More Toyota Stuff -
Root Cause Analysis Methodology - Useful Retrospective Technique
Conclusion - Kanban helps make repeatable yet flexible processes -
Makes communications consistent - Powerful with a little automation
Thanks Made with <3 By Scott (@sroberts) & Kevin (@bfist)