*Analyze all intrusions to determine lessons learned and identify requires changes to security procedures, technology, or training (Task ID: R1-9631)

*Develop an attack technique table. (Task ID: R1-9616)

*Attend applicable training and/or sit the associated certification (Task ID: R1-9231)

*Attend industry conferences and events such as Black Hat, etc. (Task ID: R1-9233)

*Coordinate presentations on latest threats to management and senior management. (Task ID: R1-9415)

*Develop schedule to have all IR specialists complete training to refresh and keep knowledge current (Task ID: R1-9411)

*Review all internal incidents for the purposes of staying current in threats and how to best analyze (Task ID: R1-9414)

*Train information collection, analysis, and dissemination (Task ID: R1-9235)

*Train personnel on how to utilize the vulnerability scanning solution. (Task ID: R1-9286)

*Train various security/attack/monitoring courses for all employees. Mandate annual attendance to ensure widespread understanding and baseline requirements (Task ID: R1-9217)

*Attend or listen to presentation at security conferences such as Black Hat, DEFCON, Shoocon, and Toorcon (Task ID: R1-9224)

*Implement training for how to correlate alerts from normal communication to abnormal communicate (Task ID: R1-9586)

*Train non-security team members (CXO, Legal, etc.) on how to follow incident response procedure/plans (Task ID: R1-9590)

*Understand the company's incident response process and procedures . (Task ID: R1-9183)