Nazar Tymoshyk

Nazar has a Ph.D. degree in cybersecurity and he's a founder & CEO at UnderDefense, a boutique offense & defense cybersecurity firm with HQ in Lviv, Western Ukraine, offices in NYC, San Francisco, Vienna, Malta, employing 35 security engineers.
His company is an elite Splunk Professional Services partner, serving clients in EU with processing 500GB of security logs per day, driving elite SOC and IDR team.
Nazar has a rich experience leading technology companies to the next stages of growth and innovation. Prior to starting his own company, Nazar leads a Security Center of Excellence at SoftServe for 7.5 years, as IT Security on Eleks, as Linux/Novell administrator in Lviv Polytechnic.
Nazar used to work as an associate professor teaching Network, Web Security and Exploitation techniques for over 2 years, lecturer in Lviv IT School, delivering lectures for Ukrainian Catholic University, Lviv Polytechnic, speaking on at least 15 conferences annually.

The speaker's profile picture


Automation in modern Incident Detection & Response (IDR) process
Nazar Tymoshyk

Incident Detection & Response requires People - to Think, Tools - to provide data and analytics and Processes - to avoid fuckups and assure the quality. But with more alerts, the analysis takes more time, decisions and moreover - actions need to be taken immediately. Attackers actively use automation, so Defenders should also optimize their processes.

In our presentation, we'd like to share with the community our lessons learned. Our focus would be on practical moments, the challenges we faced and the simple working solutions we discovered.

We plan to challenge the audience with simple but vital questions that will help to establish a good communication bridge to make this delivery effective and valuable for engineers to improve their defense. We'd like to discuss also a variety of actions to be taken after the incident is confirmed.
Come and take it.

Main Hall