Plan. Create Playbooks. Respond.

We're expecting 500+ CISO, Manager and Analyst attendees in this concentrated yet focused community event. Join us!


About IR18

IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes.

  • 30+ hours of practical training on today’s best practices in incident response topics
  • 36 breakout sessions designed for all levels of experience
  • Learn practical operations tips and best practices from industry leaders
  • Leave the conference with a developed incident response plan

Community-Driven conference for all levels of cybersecurity professionals!


Information Security Executives

Information Security Executives will have a great opportunity to share best practices in cybersecurity with their peers. IR18 will provide a collaborative space to discuss and learn how to bridge the gap between technology and business to ensure high potential in security teams.



Managers will learn techniques and develop playbooks to manage security teams in an efficient and cost-effective manner. Customized playbooks will improve security team's preparedness to cyber-incidents and attacks.

Security Analysts


Analysts will improve their knowledge about different systems logs, security alerts, and proper response to incidents to ensure their organization’s safety. Analysts will gather knowledge to implement incident response playbooks within their organizations.

IR18 Agenda



Aaron Sherman

Sr. Director of Cyber Threat Intelligence at Braintrace


Dean Sapp

Chief Information Security Officer at Braintrace


Jeff Blevins

Manager, Cyber Incident Management at Capital One


Marita Fowler

Senior SOC Analyst at Capital One


Sean Spaniol

Director, Global Incident Response at Capital One


Steven Grossman

VP of Strategy and Enablement at Bay Dynamics


Tony Cole

Chief Technology Officer at Attivo Networks


Chris Carlson

Vice President, Product Management at Qualys


Dustin Childs

Zero Day Initiative Communications at Trend Micro


Greg Hoglund

VP of Enterprise Security at Symantec


Howie Howerton

Global Solutions Architect at Trend Micro


Kimberly Watson

Technical Director at IACD


Mark Jaster

Founder & CEO at 418 Intelligence Corp


Paul Laskowski

Cyber Engineer & Section Supervisor at IACD


Roberto Sanchez

Director of Threat & Sharing Analysis at Anomali


Woody Walton

Solutions Architect at Elastic Search


Abhishek Narula

Executive Vice President at CyberSponse


FNU Bharathram

Business System Analyst at CyberSponse


Chris Rucci

Senior Hunter at Defense Point Security


Josh Day

Senior Hunter at Defense Point Security


Michael Echols

Founder & CEO at MAX Cybersecurity


Brandon Levene

Head Of Applied Intelligence at VirusTotal


James Haughom

IR Analyst & Malware Researcher at XOR Security

Key Note Speakers


Michael Johnson | Chief Information Security Officer (CISO), Capital One

Michael Johnson is Senior Vice President, Chief Information Security Officer (CISO) for Capital One Financial Corporation, where he leads and manages cyber, information security, cybersecurity operations, and security technology innovation. Michael partners closely across all of the diversified banking company’s business lines on cyber risk management, cloud security engineering, operations, and architecture and standards. Michael previously served as the Chief Information Officer (CIO) for the U.S. Department of Energy (DOE), where he led and managed cybersecurity, cyber enterprise integration, enterprise information resources management, cyber supply chain risk management, and headquarters information technology operations. Previously Michael served in key cyber-focused executive roles in the U.S. Government and Intelligence Community (IC) at the Office of the Director of National Intelligence (ODNI), the Department of Homeland Security (DHS), and the White House Executive Office of the President.

Key Note Speaker

Rick Howard | Chief Security Officer, Palo Alto Networks

Rick is the Chief Security Officer (CSO) for Palo Alto Networks where he oversees the company’s internal security program, leads the Palo Alto Networks Threat Intelligence Team (Unit 42), directs the company’s efforts on the Cyber Threat Alliance Information Sharing Group, and hosts the Cybersecurity Canon Project. His prior jobs include the CISO for TASC, the GM of iDefense, the SOC Director at Counterpane and the Commander of the U.S. Army’s Computer Emergency Response Team. Rick holds a Master of Computer Science degree from the Naval Postgraduate School and an engineering degree from the US Military Academy.

Key Note Speaker

Ryan Corey | CEO & Co-Founder, Cybrary

Ryan is the Co-Founder and CEO of Cybrary, the world’s first crowdsourced platform for cyber security and IT learning. With over a decade of experience in the IT training space, previously serving as the VP of Marketing and Sales for TrainACE, Ryan is skilled at building data-driven, efficient growth businesses. In 2006 Ryan founded All Around the Home, an online demand generation website for home contractors, which was acquired by Quinstreet in 2008. Ryan has served as an instructor for the Certified Internet Marketing Practitioner certification and as a member of the EC-Council Digital Marketing Advisory Board. In addition to leading Cybrary’s vision, Ryan currently sits on the Board of Directors for the Incident Response Consortium and has a passion for advising early-stage startup founders.



Joseph Loomis | Founder and CTO, CyberSponse

Joseph Loomis is the Founder & CTO of Security Operations Technology, CyberSponse, Inc. Joe is a proven serial security entrepreneur with successful startup exits and has provided security based technology for companies like Apple, Microsoft, Novartis, Sony, LG, Pfizer and many others. Mr. Loomis is well versed in Cyber Security methodologies, incident response and leverages his relationships to help define visionary and innovative product offerings for the information security sector. Joe is often seen speaking on national news networks to include CNBC, FOX, CNN and a few others. Joe works closely with multiple government agencies in his cooperative efforts combating Cybercrime and Cybersecurity. Joe is driven by a deep passion for helping others in need, mentoring other entrepreneurs and helping the next founder build their business.


Philippe Courtot | CEO, Qualys

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor’s Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe.


Boyden Rohner | Head of Security Ops, DHS

Boyden is the Director of Cybersecurity Operations for the Information Security Office at the Department of Homeland Security (DHS). In this role, Boyden oversees the DHS Enterprise Cybersecurity Operations Center which prevents, detects, and responds to cyber threats targeting DHS. Previously, Boyden worked at the National Security Council Staff in direct support of the President of the United States and the National and Homeland Security Advisors. Prior, Boyden managed the production of the daily intelligence and operations brief for three Homeland Security Secretaries. Before joining DHS, Boyden served on three destroyers as a Surface Warfare Officer in the United States Navy and deployed to the Middle East in support of Operations Enduring and Iraqi Freedom. Boyden holds a Bachelor of Science from the United States Naval Academy, a certificate in Executive Leadership from the Kennedy School of Government at Harvard University, and Masters of Public Administration from American University.


Ed Cabrera | Chief Cyber Security Officer, Trend Micro

As the Chief Cybersecurity Officer at Trend Micro, Ed Cabrera is responsible for analyzing emerging cyber threats to develop innovative and resilient enterprise risk management strategies for Fortune 500 clients and strategic partners. Before joining Trend Micro, Ed was a 20-year veteran and former CISO of the United States Secret Service with experience leading information security, cyber investigative, and protective programs in support of the Secret Service integrated mission.


Sean Spaniol | Director, Global Incident Response, Capital One

As Director of the Global Cyber Incident Response Team (CIRT) at Capital One Financial Corporation, Sean is responsible for cyber incident management, containment, remediation, and other advanced analysis capabilities covering the Capital One global digital footprint. Prior to his time at Capital One, Sean was selected to transform a less mature SOC for the Department of Energy. In this role, Sean’s 24x7 SOC team supported approximately 100 sites representing over 100k employees. Sean then transitioned into a position where he was responsible for managing budget, front office and policy support as the contractor program lead. Sean was responsible for the contractor team executing the cyber operations mission, and was directly involved with developing strategic plans to enhance the operation, reporting to the Deputy CIO for Cyber. Sean’s experience also includes support to the DHS/US-CERT and LE/CI community supporting national and multinational efforts to disrupt targeted cyber campaigns impacting the United States Government and domestic critical infrastructure. In addition to current enrollment in the Carnegie Mellon CISO Certificate Program, Sean has completed the Executive MBA Program at NYU Stern, a cyber security certificate program at Stanford, and received his B.S. in Information Technology from Central Michigan University.


Eric Vandine | Global Cyber Security Operations Center Director, Capital One

Eric VanDine has held multiple positions in Information Security over the course of his career, including malware reverse engineering, network security monitoring, security engineering, and third-party risk management. Eric has led security operations teams in e-commerce and banking industries, building out security operations and developing managed security services offerings. Most recently Eric has worked for Capital One, building a global, 24x7 cyber security operations center. In his free time, Eric studies cooking techniques and the science behind food preparation.


Hugh Clapp | Senior Director, Defensive Cyber Operations, Symantec

Hugh Clapp is currently the Senior Director, Defensive Cyber Operations (DCO) at Symantec. This role serves as the global lead for detection engineering, threat hunting, incident response, cyber threat intelligence, as well as the head of the Security Operations Centers located in Sydney and the Washington DC area. Prior to joining Symantec, Hugh has provided executive leadership over multiple disciplines across cybersecurity operations & intelligence at both Capital One, and the Department of Energy. He served 20 years as a Navy Cryptologic Officer, retiring from his last position as the Deputy Director, DCO for Fleet Cyber Command. Hugh has a BS in Intelligence, a MS in Systems Engineering, and is a former cyber federal executive fellow at Carnegie Mellon University.

Why Should You Attend?

Build playbooks for your organization by working with the best in the industry

Leave with operational Incident Response plan by using the best tools

Learn how to build efficient and effective processes

Sharpen your skills by cyber wargaming against the best in incident response

Venue Information

The Renaissance Arlington Capital View Hotel, Crystal City is conveniently located less then 2 miles from both the Pentagon and Reagan National Airport. Furthermore, this new 4-star hotel is 5 minutes away from the heart of Washington, D.C.


2800 South Potomac Ave.
Arlington, VA 22202

The Incident Response Conference (IR18) is being held at the Renaissance Arlington Capital View Hotel, Crystal City. IR18 has reserved a block of rooms at the Renaissance Arlington Capital View at a group rate of $179 USD per night (plus tax). Please make sure to reserve your room now as the block will fill quickly. Reservation requests for the IR18 Annual Summit will be accepted through Tuesday, August 14, 2018. The block is available up to this date or until filled. Reservations requests received after August 21 are on vacancy and price availability. Reserve your room here or call 703-413-1300 and reference "Incident Response Consortium" for the discounted rate.
Discounted self-parking rate of $20 per vehicle per day (discounted from $30)

Renaissance Arlington Capital View

Be a Part of the New Community!

Do not miss this opportunity to be part of history! Join the cybersecurity community and be part of inspiring change in improving incident response process!

Stay Connected on  

Join the Incident Response Consortium Slack Channel to be a part of the conversation.

Register Below


IR18 is a free event. All registrants must use their corporate or government email address to attend.
Any registrants using personal email accounts will be denied entry.

Please select only one ticket option on registration site.

This is an IR Consortium Members Only event.
For more information, click here.

Our Mission

IRC is the first non-profit, industry managed and community-driven organization focused on practical customized incident response plan development, operational capabilities and the skills necessary for effective cybersecurity. All organizational levels from C-Suite to Analysts are encouraged to engage in the community. IR’s mission is to ensure that the best practices in incident response skills, playbooks and management are shared amongst the community to improve cybersecurity across all organizational levels. There are too many tools and point solutions that do not result in better security. Cybersecurity has a people and process problem: IRC is here to provide a platform for the cyber community to solve these difficult challenges together and build plans to make us all more secure.