Seth Jaffe is General Counsel and Vice President of the Incident Response Practice at LEO Cyber Security. In his role at LEO, Seth assists clients in the preparation, maturation, testing, and training of all things incident response, leveraging his fifteen years’ experience in NASA’s Mission Control to bring a unique perspective to the industry. Prior to LEO, Seth held the position of technology attorney at a major U.S. airline, where he handled data protection and privacy matters and negotiated contracts related to technology services. He was also the lead Legal team member on the Incident Response Team, tasked with developing incident response procedures and policies, facilitating effective emergency communication with other team members, and responding to actual incidents. Seth also sat on an executive steering committee charged with making strategic decisions about the company incident response plan and socializing cyber security issues to executives. Earlier in his career, Seth worked in Mission Control at NASA’s Manned Spaceflight Center, where he was certified on both the Space Shuttle and the International Space Station (“ISS”), and served the role of senior flight controller, evaluator, and instructor. In the Mission Control environment, Seth trained candidates to react to time-sensitive emergency situations. He took part in over 100 simulations and logged over 3000 hours flying the ISS, experience he draws upon in his incident response practice. Seth is also a Certified Business Continuity Professional.

Topic: Incident Response Programs - Lessons from NASA's Mission Control Center

Nearly every industry authority or governmental agency that has commented on data security has recommended an Incident Response Plan (IRP), and though these same bodies often loosely suggest the contents of said plan, few provide a concrete structure. This session explores, as a model for incident response, the NASA Mission Control environment. During the session, we will break an IRP into Policies, Procedures, Rules/Directives, and Dataset Repositories, and discuss development, uses, and document control management of each. We will also touch upon the organization of the Mission Control room itself, the unique communication structure between its members, and we will show a behind-the- scenes video of how Mission Control handled a Space Shuttle launch incident – all of which provide valuable insight into effective incident response. Your host is a former NASA flight controller, certified to fly two types of space vehicles, and an attorney charged with developing modern incident response programs.