|Andrew Hay, CTO

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & CTO for LEO Cyber Security, he is responsible for the creation and driving of the strategic vision for the company.
“I” Before “R” Except After “IOC”
Just because the security industry touts indicators of compromise (IOCs) as much needed intelligence in the war on attackers, the fact is that not every IOC is valuable enough to trigger an incident response (IR) activity. All too often our provided indicators contain information of varying quality including expired attribution, dubious origin, and incomplete details. So how many IOCs are needed before you can confidently declare an incident? Using actual investigations and research, this session will help attendees better understand the true value of an individual IOC, how to quantify and utilize your collected indicators, and what constitutes an actual incident.
Schedule of Events