About Lauren Pearce

Portrait of Lauren Pearce

Lauren Pearce

  • Director of Incident Response and Forensics

Lauren serves as the Director of Incident Response and Forensics at [redacted] where she’s frequently found on the front lines, leading incident response efforts on behalf of clients. Prior to joining [redacted], Lauren worked at Los Alamos National Laboratory where she specialized in malware analysis as a member and occasional leader of the incident response team. She enjoys teaching technical content and has experience teaching malware analysis to students ranging from private sector managers to US military and everything in between. She holds a BS and MS in Computer Criminology - Computer Science and a BA in International Affairs, all from Florida State University.

Latest from Lauren

Detecting Ransomware, the Defense in Depth Way

Ransomware is one of the greatest threats facing modern networks and it is tearing through the small to medium businesses. This blog post will address detecting ransomware in a vendor neutral format. Most of the detections discussed can be implemented with tools ranging from the most sophisticated XDR to a combination of Sysmon and Elastic Stack. A Quick Note on Live off the Land Detection Once inside a network, attackers may leverage systems administration tools already present in a tactic known as “living off the land”.

Defense in Depth: Go Deeper

What is Defense in Depth? Simply put, defense in depth is the use of layers of security controls to protect a network. The best defense is a multi-pronged, layered defense, both on the physical battlefield and in the digital world. Cyber attackers have your business or organization under the microscope, waiting for a misstep or an easy access point to maximum damage. To get ahead of these potential threats, you need defense in depth (DiD).

How to Create an Effective Cyber Security Incident Response Plan

When your critical data is under attack, you don’t have time to waste. Incident response helps you respond effectively, and understanding the lifecycle is vital to a powerful defense. Formulating an incident response plan can be the difference between a quick resolution and significant financial consequences for your business in the event of a cyberattack. While you can start with the Cybersecurity and Infrastructure Security Agency (CISA)’s quickstart guide to incident response plans, we’ve created a complete explanation below.

The Incident Response (IR) Process & Lifecycle

Incident response focuses on how organizations deal with data breaches. Cybersecurity incident response plans work to minimize damage to systems and data in the event of a cyber attack, data breach, or outage. Having an effective incident response program is crucial for any organization to recover with minimal disruption in the event of an incident. Learn more about incident response and how to create an incident response plan. What Is Incident Response?

A Guide to Lateral Movement in Cybersecurity

When it comes to cybersecurity, it’s important to understand the tools, techniques, and thought processes of threat actors. Once adversaries have initial access to a network, lateral movement allows them to extend access and maintain persistence by compromising additional hosts in the network of their target organization. Threat actors can gather information about the company’s user activity and credentials, location of important data, and leverage methods for escalating privilege to successfully complete their attack, theft or espionage activities.

BianLian Ransomware Gang Gives It a Go!

Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. We observed the actor deploying custom malware that was written in the Go programming language, which posed some initial, but not insurmountable, reverse-engineering challenges. BianLian used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations.

Speak with our technical team.