Modernizing Incident Response Using Techniques that Scale - Eric Capuano, Whitney Champion

Traditional digital forensics and incident response (DFIR) techniques often fall short, struggling to keep up with the speed and scale required by modern environments. This talk explores the limitations of these traditional methods, examining why they can be slow and challenging to scale effectively. Attendees will gain insight into innovative open source tools and techniques that enable faster, more scalable incident response processes—helping teams respond to incidents with greater agility. Digital Forensics and Incident Response (DFIR) teams face unprecedented challenges in today's large, distributed, and complex IT environments. The exponential growth of data, cloud-native architectures, and sophisticated attack techniques demands a fundamental shift in our incident response approach. Traditional methods often resemble post-incident autopsies, while defenders need to engage threats proactively—before significant damage occurs. This presentation will explore: Current challenges with traditional DFIR approaches in modern environments Why legacy forensics tools and methodologies often fail to scale The impact of cloud computing and containerization on incident response Modern techniques for rapid triage and investigation at scale Automation strategies to handle high-volume investigations How all of this can be accomplished with 100% free and open source tooling Attendees will learn practical strategies for modernizing their incident response capabilities, focusing on techniques they can implement immediately to improve investigation efficiency and effectiveness. The presentation will demonstrate modern open source tools and workflows that help teams tackle increasingly complex incidents while maintaining investigation quality. Whether you're a seasoned incident responder looking to scale your capabilities or an organization building a modern security operations center, this talk will provide valuable insights into the future of incident response. Eric Capuano Eric Capuano is a Director at LimaCharlie and a SANS DFIR Instructor with over a decade of experience in Security Operations, Digital Forensics, and Incident Response. He began his Information Security career as a Tactics Developer for the United States Air Force, later transitioning to Cyber Warfare Operations. After his military service, Eric led cybersecurity operations across private and government sectors, including serving as CTO of Recon Infosec, a company he founded to deliver enterprise-grade security to organizations of all sizes. In 2016, he developed OpenSOC, a blue team CTF that has trained thousands of SOC and IR professionals worldwide. Eric also managed the Security Operations Center for the Texas Department of Public Safety, where he established the agency's first CSIRT. In his spare time, Eric shares technical training labs on his blog at https://blog.ecapuano.com. His certifications include GIAC, GCFE, GCFA, CEH, Security+, Linux+, LPIC-1, PCNSE, and A+. Whitney Champion Whitney is a Security Architect, Advisor, Trainer, and co-founder of Recon InfoSec. She is a seasoned architect and engineer with over 15 years of experience in designing and automating large-scale security infrastructure. She began her journey as a web and flash developer and sysadmin in the 90s and early 2000s, and after college became a security analyst for the Navy. Her work spans across building advanced security platforms, managing complex multi-environment deployments, and architecting comprehensive solutions that integrate cutting-edge tools and technologies. This includes building, automating, and maintaining the range environments and platforms used to drive and support our trainings. With extensive experience in both the private and public sectors, she excels at automating and orchestrating massive environments and streamlining security operations. Whitney’s passion for security and infrastructure drives her to continuously innovate and enhance the efficiency of security teams and operations. Her certifications include RHCA, RHCE, RHCVA, CISSP, CEH, Security+, Linux+, among others.

Edward Snowden Reveals How They Spy on You
▶︎

Edward Snowden Reveals How They Spy on You

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

Converging Security and Resilient Data Is the Currency of the Agentic Era | VeeamON 2026
▶︎

Converging Security and Resilient Data Is the Currency of the Agentic Era | VeeamON 2026

Anti-Forensics - You are doing it wrong (Believe me, I'm an IR consultant) - Stephan Berger
▶︎

Anti-Forensics - You are doing it wrong (Believe me, I'm an IR consultant) - Stephan Berger

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
▶︎

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro

What Happened to Sun Microsystems? Why the Tech Giant Disappeared
▶︎

What Happened to Sun Microsystems? Why the Tech Giant Disappeared

THESE Apps Are SPYING on You — Shut Them Off NOW!
▶︎

THESE Apps Are SPYING on You — Shut Them Off NOW!

How To Think SO CLEARLY People Assume You're A Genius
▶︎

How To Think SO CLEARLY People Assume You're A Genius

Meet the Former CIA Agent Who Wants to Abolish the CIA
▶︎

Meet the Former CIA Agent Who Wants to Abolish the CIA

Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint
▶︎

Why Israel is the World's Top Hacking Nation | VICE: Cyberwar | Blueprint

NIST Cybersecurity Framework Explained
▶︎

NIST Cybersecurity Framework Explained

mRNA COVID shots linked to blood clots? McCullough stuns Senate with explosive claims | 2025 REWIND
▶︎

mRNA COVID shots linked to blood clots? McCullough stuns Senate with explosive claims | 2025 REWIND

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found

Stealthy Persistence in Enterprise Environments - Alexander Andersson - Security Fest 2026
▶︎

Stealthy Persistence in Enterprise Environments - Alexander Andersson - Security Fest 2026

Hack the Gap - Closing the CTI Divide Between Small Teams and Big Players - Chandler McClellan
▶︎

Hack the Gap - Closing the CTI Divide Between Small Teams and Big Players - Chandler McClellan

Penetration Tests on Video Surveillance Networks - Claire Vacherot - Security Fest 2026
▶︎

Penetration Tests on Video Surveillance Networks - Claire Vacherot - Security Fest 2026

Hacking Big Iron: When Modern Security Assumptions Fail on Mainframes -  Adam Toscher - SF2026
▶︎

Hacking Big Iron: When Modern Security Assumptions Fail on Mainframes - Adam Toscher - SF2026

This Hacker Kept Embarrassing the FBI
▶︎

This Hacker Kept Embarrassing the FBI

Is the AfD a threat to Germany? Mehdi Hasan & Maximilian Krah | Head to Head
▶︎

Is the AfD a threat to Germany? Mehdi Hasan & Maximilian Krah | Head to Head

The Biggest Lies in Cybersecurity
▶︎

The Biggest Lies in Cybersecurity