Security Orchestration, Automation and Response (SOAR): Operating at Attacker Speed

Brian Genz, Jason Lange, and Ben Zimmerman

Brian Genz, Jason Lange, and Ben Zimmerman

Speaker Bio

Brian Genz is a Security Architect focused on security orchestration, automaton and response (SOAR), threat hunting, cyber threat intelligence, and security data science at Northwestern Mutual. He brings experience in the defense intelligence, manufacturing, and financial / insurance sectors and has worked in the areas of incident response, digital forensics, vulnerability management, and security architecture consulting.  Degrees and certifications include: MBA, M.S. in Information Technology Management, GREM, GNFA, GCFA, GCIH, CISSP.

Jason Lange is a Senior Security Engineer for Northwestern Mutual specializing in Incident Response and Digital Forensics. He has over 14 years IT experience with the last 6 years focusing on cyber security in the healthcare, financial, and consulting industries.  Jason built the forensic practice for a major healthcare provider in WI, organized the 2016 CheddarCon and has worked to improve incident response teams at several local companies.  He holds an associates degree in computer networking and a bachelors in information security as well as CISSP, GCIH and GCFE certifications.

Ben Zimmermann has been working in the DFIR space for the past 7 years. His experience includes working for multiple Fortune 500 companies on their Incident Response and Digital Forensics teams.  During this time, he assisted in investigating an $13 million dollar cyberattack.  He has worked numerous cases including HR/eDiscovery, employee data exfiltration and CP cases.  He holds his CISSP, GCIH (GIAC Certified Incident Handler), and GCFE (GIAC Certified Forensic Examiner).


We face a shortage of qualified information security professionals, a high volume of security alerts, and a dynamic threat landscape rapidly evolving toward automated attacks. Security Orchestration, Automation and Response (SOAR) enables defenders to operate at attacker speed by codifying detection and response expertise into automation playbooks. This talk will examine the core components of SOAR, the skills required to design and implement it in your organization, common use cases in detection and response, and potential opportunities for security control testing in a defense-in-depth environment.