Structuring (cyber) incident root-cause investigations: a practical walk-through

Description

Product Security teams (aka PSIRTs) face a common challenge: how to structure an incident root-cause investigation that ensures alignment with stakeholders’ or regulatory requirements?

This 25‑minute session (plus 5 min Q&A) provides a practical example on how to structure a product incident response process, scope outputs, choose tools based on forensic and threat‑driven requirements, and encode repeatable investigation workflows using the opensource framework DFIQ.

Real examples show how high‑level investigative questions map to forensic artifacts and techniques. Based on the recent work of a team redesigning their investigation process and toolset, this talk delivers practical value to anyone building or refining incident-response and digital-forensics workflows.

Joao Collier de Mendonca

Root-cause all the things!

João’s mission at Siemens Healthineers AG is to enable medical device resilience by leveraging insights gained from the analysis of cyber incidents. His core tools in this mission are digital forensics and cyber threat intelligence. In previous roles, he investigated high-profile security breaches, developed network-based tools for threat detection, and promoted collaboration across diverse industry peers. He is a strong advocate for the idea that cybersecurity challenges can only be effectively addressed through cooperation and knowledge exchange.

https://www.linkedin.com/in/joaocmendonca/