Speaker Cape Town

Jason Jordaan, principal forensic scientist and MD, DFIRLABS

Jason Jordaan

Principal Forensic Analyst, DFIR Labs

Jason Jordaan's forensic career began in 1991, is considered a leading authority in the field of digital forensics and cybercrime investigation and prevention by his peers, both in South Africa and Internationally. As the principal forensic analyst of DFIRLABS, a specialist digital forensics and incident response service provider, he is responsible for the leadership of the practice, digital forensics quality assurance, complex digital forensics engagements, research and development, and digital forensic practitioner training and proficiency, and regularly testifies as an expert witness. Prior to this he was the national head of the Cyber Forensic Laboratory of the Special Investigating Unit, South Africa's national public sector anti-corruption agency.

Jason is also an internationally respected researcher and trainer in the field of digital forensics, where he is the first African to have been admitted into the DFIR faculty of the prestigious SANS Institute, as well as the first African to become a certified instructor for the International Association of Computer Investigative Specialists. He regularly teaches digital forensics to both law enforcement and the private sector in the United States, Europe and the Middle East. He has a MSc (Computer Science) Cum Laude, a MTech (Forensics Investigation), a BComHons (Information Systems), BSc (Criminal Justice Computer Science) Summa Cum Laude, and a BTech (Policing). He is a Certified Forensic Computer Examiner, a Certified Fraud Examiner, a Professional Member of the Institute of Information Technology Professionals of South Africa, a Professional Member of the Chartered Society of Forensic Science, a GIAC Computer Forensic Examiner, a GIAC Computer Forensic Analyst, and a GIAC Certified Incident Handler. He teaches digital forensics and incident response at on the Rhodes University MSc degree in Information Security and serves on the advisory board of the Department of Computer Science and the University of Pretoria. He serves on the assessment board of the Netherlands Register for Court Experts where he is responsible for assessing the competency of expert witnesses in the field of digital forensics in Dutch courts.

Jason Jordaan will be speaking on the following topic:

Is incident response broken? Why traditional incident response is not stopping cyber breaches

The news is filled with stories of massive data breaches and other cyber-attacks directed at organisations, in both the public and private sectors. When organisations discover that they have been attacked or are currently under attack, they often respond to the incident using a variety of incident response and digital forensic strategies, most often designed to try and stop the attack and prevent it happening again. However, despite the incident response process, many of the organisations attacked are rapidly reattacked and compromised again and again, often by the same threat actors. So, what is going wrong? Is there a problem with how we do incident response? The harsh reality is that traditional incident response is failing us, and we need to have an honest reflection of why it is failing.
Traditional incident response was developed in an era where the adversaries were not the same ones that we face now; the threat landscape was in many ways simpler and easier to address. The threats have changed and so too must our approach to incident response. Using data from some of the large incidents happening around the globe, Jason will explore the disjoint between what you need to do when responding to an incident versus how you actually respond to and deal with an incident. He will also examine the conflict between security and business operations when it comes to responding to an incident and highlight the real business risks of current incident response practices.

  • Understanding the purpose of incident response and how to be effective in responding to an incident
  • Identifying the actual risks to an organisation through current incident response practices
  • How to bring security and management together for effective incident response
  • Understanding the relationship between incident response and threat hunting

Event Sponsor

Diamond Sponsor

Platinum Sponsors

Security Survey & Executive Roundtable Sponsor

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Display Sponsors

Showcase Sponsor


Endorsed by