What happens when your corporate security is breached? Your file server and backup server have been encrypted by ransomware. An attacker breaches your accounting department’s email accounts and re-routes a $200,000 wire transfer to Hong Kong. Your next-gen firewall is showing waves of malware outbreaks in your environment. This will be a discussion of how those types of breaches are investigated, what evidence is used to find the root cause, and how you can protect your company from the most common types of breaches. This talk will be interactive. Audience members will be presented with puzzles and obstacles encountered during real investigations.


Joshua Shomo is a Director at The Crypsis Group, where he supports client investigations and forensic analysis in response to cyber-attacks and other data breach incidents.

Josh was also a member of teams that took first place honors in two SANS Initiative national cyber security competitions – DFIR Netwars at the SANS Cyber Defense Initiative in 2014 in Washington, DC, and Mac Forensics at SANS Security West 2016 in San Diego.

Lightning Talks

We’ll also be doing the following lightning talks before the meeting:

  • None yet, please propose below!

Propose a Lightning Talk