No one can argue that the cyberthreat landscape hasn't changed dramatically in the last few years; the security mantra today is shifting from 'prevent a penetration' to 'when we get penetrated'. However, many security professionals continue to view incident management & response as technology problems and focus primarily on the security tools and technologies such as SIEM, security analytics and forensics that we view as the core of an incident response capability. While a technology-driven approach may have worked when times were simpler and incidents only occurred once in a blue moon, today's fast-paced, broad-based and sophisticated attack environment, combined with the ever growing complexity of our IT infrastructures and technologies, means that a modern incident response capability needs to be able to handle a wide range of constant attacks and almost certain penetrations quickly and effectively, which in turn mandates a much more structured and more broadly supported incident response capability. This session will provide details and guidance on the various people, processes and technologies necessary to support a modern comprehensive IT security incident management capability in today's modern threat environment.