Plan. Create Playbooks. Respond.

We're expecting 500+ CISO, Manager and Analyst attendees in this concentrated yet focused community event. Join us!


About IR18

IR18 is a conference for cybersecurity professionals to learn and develop playbooks to improve Incident Response processes.

  • 30+ hours of practical training on today’s best practices in incident response topics
  • 36 breakout sessions designed for all levels of experience
  • Learn practical operations tips and best practices from industry leaders
  • Leave the conference with a developed incident response plan

Community-Driven conference for all levels of cybersecurity professionals!


Information Security Executives

Information Security Executives will have a great opportunity to share best practices in cybersecurity with their peers. IR18 will provide a collaborative space to discuss and learn how to bridge the gap between technology and business to ensure high potential in security teams.



Managers will learn techniques and develop playbooks to manage security teams in an efficient and cost-effective manner. Customized playbooks will improve security team's preparedness to cyber-incidents and attacks.

Security Analysts


Analysts will improve their knowledge about different systems logs, security alerts, and proper response to incidents to ensure their organization’s safety. Analysts will gather knowledge to implement incident response playbooks within their organizations.

IR18 Agenda



Aaron Sherman

Sr. Director of Cyber Threat Intelligence at Braintrace


Dean Sapp

Chief Information Security Officer at Braintrace


Jeff Blevins

Cyber Incident Management at Capital One


Marita Fowler

Senior Security Analyst at Capital One


Sean Spaniol

Chief Technology Officer at Capital One


Steven Grossman

VP of Strategy and Enablement at Bay Dynamics


Tony Cole

Chief Technology Officer at Attivo Networks, Inc

Key Note Speakers


Michael Johnson | Senior Vice President, Chief Information Security Officer (CISO)

Michael Johnson is Senior Vice President, Chief Information Security Officer (CISO) for Capital One Financial Corporation, where he leads and manages cyber, information security, cybersecurity operations, and security technology innovation. Michael partners closely across all of the diversified banking company’s business lines on cyber risk management, cloud security engineering, operations, and architecture and standards. Michael previously served as the Chief Information Officer (CIO) for the U.S. Department of Energy (DOE), where he led and managed cybersecurity, cyber enterprise integration, enterprise information resources management, cyber supply chain risk management, and headquarters information technology operations. Previously Michael served in key cyber-focused executive roles in the U.S. Government and Intelligence Community (IC) at the Office of the Director of National Intelligence (ODNI), the Department of Homeland Security (DHS), and the White House Executive Office of the President.



Joseph Loomis | Founder and CTO, Cybersponse

Joseph Loomis is the Founder & CTO of Security Operations Technology, CyberSponse, Inc. Joe is a proven serial security entrepreneur with successful startup exits and has provided security based technology for companies like Apple, Microsoft, Novartis, Sony, LG, Pfizer and many others. Mr. Loomis is well versed in Cyber Security methodologies, incident response and leverages his relationships to help define visionary and innovative product offerings for the information security sector. Joe is often seen speaking on national news networks to include CNBC, FOX, CNN and a few others. Joe works closely with multiple government agencies in his cooperative efforts combating Cybercrime and Cybersecurity. Joe is driven by a deep passion for helping others in need, mentoring other entrepreneurs and helping the next founder build their business.


Philippe Courtot | CEO, Qualys

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor’s Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe.


Boyden Rohner | Head of Security Ops, DHS

Boyden is the Director of Cybersecurity Operations for the Information Security Office at the Department of Homeland Security (DHS). In this role, Boyden oversees the DHS Enterprise Cybersecurity Operations Center which prevents, detects, and responds to cyber threats targeting DHS. Previously, Boyden worked at the National Security Council Staff in direct support of the President of the United States and the National and Homeland Security Advisors. Prior, Boyden managed the production of the daily intelligence and operations brief for three Homeland Security Secretaries. Before joining DHS, Boyden served on three destroyers as a Surface Warfare Officer in the United States Navy and deployed to the Middle East in support of Operations Enduring and Iraqi Freedom. Boyden holds a Bachelor of Science from the United States Naval Academy, a certificate in Executive Leadership from the Kennedy School of Government at Harvard University, and Masters of Public Administration from American University.

Why Should You Attend?

Build playbooks for your organization by working with the best in the industry

Leave with operational Incident Response plan by using the best tools

Learn how to build efficient and effective processes

Sharpen your skills by cyber wargaming against the best in incident response

Venue Information

The Renaissance Arlington Capital View Hotel, Crystal City is conveniently located less then 2 miles from both the Pentagon and Reagan National Airport. Furthermore, this new 4-star hotel is 5 minutes away from the heart of Washington, D.C.


2800 South Potomac Ave.
Arlington, VA 22202

The Incident Response Conference (IR18) is being held at the Renaissance Arlington Capital View Hotel, Crystal City. IR18 has reserved a block of rooms at the Renaissance Arlington Capital View at a group rate of $179 USD per night (plus tax). Please make sure to reserve your room now as the block will fill quickly. Reservation requests for the IR18 Annual Summit will be accepted through Tuesday, August 14, 2018. The block is available up to this date or until filled. Reservations requests received after August 21 are on vacancy and price availability. Reserve your room here or call 703-413-1300 and reference "Incident Response Consortium" for the discounted rate.

Renaissance Arlington Capital View

Be a Part of the New Community!

Do not miss this opportunity to be part of history! Join the cybersecurity community and be part of inspiring change in improving incident response process!

Stay Connected on  

Join the Incident Response Consortium Slack Channel to be a part of the conversation.

Register Below


IR18 is a free event. All registrants must use their corporate or government email address to attend.
Any registrants using personal email accounts will be denied entry.

Please select only one ticket option on registration site.

This is an IR Consortium Members Only event.
For more information, click here.

Our Mission

IRC is the first non-profit, industry managed and community-driven organization focused on practical customized incident response plan development, operational capabilities and the skills necessary for effective cybersecurity. All organizational levels from C-Suite to Analysts are encouraged to engage in the community. IR’s mission is to ensure that the best practices in incident response skills, playbooks and management are shared amongst the community to improve cybersecurity across all organizational levels. There are too many tools and point solutions that do not result in better security. Cybersecurity has a people and process problem: IRC is here to provide a platform for the cyber community to solve these difficult challenges together and build plans to make us all more secure.