Episode 157: How a Modern, Mission-Driven CIRT Operates

In episode 157 of Cybersecurity Where You Are, Sean Atkinson sits down with Matthew Grieco, Cyber Incident Response Team (CIRT) Principal Analyst at the Center for Internet Security® (CIS®), and Dustin Cox, CIRT Analyst at CIS. Together, they explore the unpredictable world of cyber incident response. From ransomware investigations to digital forensics, the team shares how they adapt to evolving threats, leverage open-source tools, and collaborate to support state and local governments. The conversation highlights the mission-driven mindset that fuels their work and the importance of continuous learning, effective communication, and teamwork in cybersecurity. Here are some highlights from our episode:

• 00:44. Introductions to Matt and Dustin
• 01:20. Inside the typically untypical day of a CIRT analyst
• 05:33. Continuous learning and teamwork as ways to keep up with evolving threats
• 07:38. Inside the cybersecurity tooling used by CIRT to support state and local governments
• 14:51. How different skillsets on the team produce a unified incident response methodology
• 19:26. The work of a mission-driven team to uncover root causes for security incidents
• 25:52. An example of a case handled by Matt and Dustin
• 30:16. How CIRT assesses potential talent and looks for problem solvers

Resources

• Multi-State Information Sharing and Analysis Center®
• The CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber Maturity
• Episode 152: Driving Response Time While Enriching Telemetry
• Episode 126: A Day in the Life of a CTI Analyst
• Combatting Ransomware

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.