Complexities of Incident Response + Real Time Defender Velocity

Monday May 4th, 2020 / 6:30 PM (PST)

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:30 PM (PST)

WHERE: Online

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s

Sponsor: SentinelOne

Our thanks to SentinelOne for sponsoring this months meeting!

A group of defense and intelligence experts saw savvy attackers compromising endpoints seemingly at will. Traditional approaches failed to provide sufficient protection. They founded SentinelOne to develop a dramatic new approach to endpoint protection. It’s one that applies AI and machine learning to thwart known and unknown threats.

Our team understands how much endpoints matter. When attackers come after our privacy, intellectual property, infrastructure, and collaborative modes of working, they assault more than just data. We’re under attack, and so are our values. That’s why we’re dedicated to keeping our breakthrough platform ahead of threats from every vector. Gartner, NSS Labs, and industry leading organizations recognize that our approach sets us apart.

Shaq Misra
Enterprise Sales

[6:30-6:35 PM]


  • Announcements and Updates (~5 min)

[6:35-6:50 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[6:50-7:05 PM]

Sponsor Segment

  • Short presentation by our sponsor (~15 min)

[7:05-7:50 PM]

Real Time Defender Velocity

by David Gold – Sr. Director, Sales Engineering – West SentinelOne


David Gold recently joined SentinelOne as Sr. Director of Sales Engineering for the West. David has more than 15 years experience in enterprise information security and brings a strong track record of innovation and customer focus to SentinelOne. Previous to SentinelOne he was the VP of Product and VP of Solutions Architecture at ProtectWise and helped launch and build the company from stealth to a successful exit to Verizon.  David helped define the network detection and response market and has helped many organizations develop detection and response strategies and to embrace cloud delivered technologies. He has also led Firewall Product Management at McAfee and has held various roles in sales engineering, product management and support at Websense, Intel, McAfee and Secure Computing.


Organizations spend more money on cyber security tools every year, yet the number of breaches and the cost of these breaches continues to increase. A new approach is needed that relies on autonomous analysis that can respond at machine speed. By embracing automation, AI and big data analytics organizations can better prevent threats, find and detect what is missed, provide contextual linking for forensic and threat hunting – and even more importantly self heal and fully recover when necessary.

[7:50-8:40 PM]

Complexities of Incident Response


by Chris Pavan; Security Professional, Helios Group


Chris Pavan is a veteran incident responder with experience supporting the US military and working in national forensics projects. He is a previous SWSCF speaker and is heavily invested in the Phoenix cyber security community.


Chris Pavan will review a forensic case involving a vulnerable minor which touches on a lot of the standard items inherent in any cyber-security forensic case.  This particular case ran into a number of unique challenges relating to victims’ rights, the inherent bureaucracy and sometimes siloed mentality of law enforcement agencies and the complex and sometimes conflicting legal framework that must be navigated by the investigator to juggle all these competing dynamics.  The presentation will highlight some of the entrenched challenges we still need to deal with not only as cyber security professionals but as a society.




Deep Dive into the CISM Certification + Anatomy of an Incident Response

Monday April 6th, 2020 / 6 PM – 9 PM

WHO: Southwest CyberSec Forum

WHEN: 1st Monday of each month 6:00 PM – 9:00 PM

WHERE: UAT theater at 2625 W Baseline Rd, Tempe, AZ 85283

WHY: To stay current with new cyber threats, explore new security technologies, and network with your peers.

FREE: No membership fees, no RSVP’s, food and drinks provided by our sponsors.

Sponsor: Arctic Wolf Networks

Our thanks to Arctic Wolf Networks for sponsoring this months meeting!

Arctic Wolf

Through the industry’s original Concierge Security Team, Arctic Wolf provides the scalable managed cybersecurity protection IT-constrained companies need to keep their critical data, networks, web-based applications, and devices safe. Working as an extension of your internal team, highly-trained and coveted security experts deliver 24×7 cloud-based monitoring, risk management, threat detection, and response services that protect you from ever-evolving methods of cyber attack. By escalating only the issues that require action, Arctic Wolf eliminates noise, enabling your limited IT resources on other priority initiatives. Personal, predictable protection – It’s the Arctic Wolf difference

Amy Judge
Field Marketing Manager

[5:30-6:30 PM]

Pizza and Networking in the UAT common area

  • Open to the public and UAT students
  • Pizza and Drink provided.
  • No food or drink in the UAT Theater (Please)

[6:30-6:50 PM]

Announcements and Sponsor Segment

  • Announcements and Updates (~5 min)
  • Short presentation by our sponsor (~15 min)

[6:50-7:00 PM]

Cyber Security Community updates

  • Cyber threat update with Erik Graham (~15 min)

[7:00-8:00 PM]

Deep Dive into the CISM Certification

Ilene Klein

by Ilene Kein, CISSP, CISM, CIPP/US, Cybersecurity Program Coordinator Urban Area Security Initiative City of Phoenix Office of Homeland Security and Emergency Management


For over 20 years, Ilene Klein has been evangelizing security to anybody who would listen … and to management.  During this time, she built and led compliance, governance, incident response, privacy, policy, security awareness, threat intelligence, and vulnerability management programs and frameworks.  Ilene started her career as an electronics instructor and then traveled from Honolulu to Heidelberg as a systems engineer installing proprietary software for the U.S. Army and resolving system crashes before focusing on cybersecurity.  Ilene has earned multiple security and privacy certifications, and she’s won awards such as the CISM Geographic Excellence Award for earning the highest score in the North America geographical region on the December 2011 CISM examination and a 2018 Warrior Award for fighting on the “front lines” of cybersecurity.


Congratulations — You’re in cybersecurity, one of the best and most in-demand careers.  But there’s an entire alphabet soup full of cyber-related certifications out there.  During this presentation we’ll discuss the CISM certification, including what it is, how it differs from the CISSP, who might be interested in earning a CISM, the domains covered, and whether it’s worth it.

[8:00-8:45 PM]

Anatomy of an Incident Response

Niko Zivanovich

by Niko Zivanovich, Security Engineer specializing in Incident Response, Check Point Software


Niko Zivanovich is a Security Engineer for Check Point based in the South West US, specializing in Incident Response. Check Point is based in Tel Aviv, Israel and is one of the largest cyber security firms in the world. Previously at Johns Manville in Denver, Colorado working in network security and security operations focusing on ICS environments. While at Johns Manville, Niko and his colleagues helped to form the Berkshire Hathaway Information Security Group in order to facilitate the sharing of intelligence across the organization. He most recently worked for Berkshire Hathaway Inc. focusing on Incident Response preparation throughout the subsidiaries globally. He holds multiple certifications through the SANS GIAC organization.


Anatomy of an Incident Response Event An Incident Response (IR) Plan is where tools, skills and process all come together in a high pressure, time-critical environment. Advance planning and experience are critical to a successful outcome. Niko will walk through a real-world Incident Response event and highlight at each key stage in the process where specific tools, people and skills and the structured response plan came into play and the how deficiencies at any point can hobble the organization. Attendees will be able to overlay this presentation onto their own organizations capabilities and identify where they may have shortcomings in their own IR Plan.

[8:45-9:00 PM]