CypherCon 2024

What an Emergency Landing Taught Me About Incident Response

Alyssa Miller

Abstract:

No doubt most moderately mature cybersecurity programs will have an incident response plan and perform some level of testing of that plan. In aviation we attempt to establish similar preparedness with emergency checklists and drills for how we will handle the situation when things go very wrong. So what happens when it’s the real deal and suddenly we realize that plan we made is doing more to get in the way rather than help us respond? As a pilot, I was recently faced with exactly this scenario when I was forced to make an emergency landing due to engine trouble. It opened my eyes to the potential pitfalls with how we design and test our incident response plans. So come with me on this journey to hear about the emergency I experienced and the lessons that I learned from it which I feel should be incorporated into a mature and realistic incident response plan and subsequent table top and test exercises.

Alyssa Miller

Potentially a deepfake AI landing the plane.

Alyssa Miller is a hacker who, in her pre-teens, bought her first computer and hacked her way into a paid dial-up community platform. She grew up in hacker culture, finding her hacker family in IRC channels during her adolescent years. While IT was not her original career plan, she ended up working as a developer and later a penetration tester in the financial services industry. As she moved into consulting, her focus on defending technology systems and personal privacy grew to the point where she was advising fortune 100 companies on how to build comprehensive security programs.

Alyssa is now the CISO at New York based Epiq Global. Still very much a hacker to this day, she’s built on that identity to grow her career. She is an internationally recognized public speaker and author of “Cybersecurity Career Guide”. She’s an advocate for helping others make a career out of their passion for hacking and security in general. She’s also a proponent for the open sharing of ideas and perspectives on improving our technologically connected world.