Incident Response
Speaker
Mark Lynd has facilitated over 150 incident response tabletop exercises across SLED, commercial, and enterprise organizations. He has held the CIO or CISO title five times and has personally managed breach notifications, ransomware responses, and cyber crisis situations. His keynotes and tabletop exercises are built on operational experience, not theory. Fee range: $15,000–$50,000+.
150+ Exercises. Real Breach Experience. No Theory.
Most incident response speakers have studied breaches. Mark Lynd has managed them — as the CIO or CISO who had to make the call, notify the board, coordinate with legal, and lead the team through the crisis.
He has facilitated over 150 incident response tabletop exercises across SLED, commercial, and enterprise organizations. He has seen every failure mode: plans that look good on paper but collapse under pressure, teams that freeze, executives who go off-script, and communication breakdowns that turn a containable incident into a catastrophe.
His keynotes and tabletop exercises are built on that experience. Not on frameworks, certifications, or case studies from other organizations.
Incident Response Keynote Topics
When the Breach Happens: Leading Your Organization Through a Cyber Crisis
A real-world walkthrough of what happens in the first 72 hours of a cyber incident. Mark covers the decisions that matter, the mistakes that make things worse, and how to lead your team when everything is on fire.
Best for: Security conferences, CISO summits, executive leadership events
Length: 45–60 minutes
Ransomware: Pay, Negotiate, or Recover — What the Playbooks Don't Tell You
The ransomware decision is more complex than any playbook captures. Mark covers the real factors that drive the pay/negotiate/recover decision, how to prepare before the attack, and how to communicate with the board and regulators when it happens.
Best for: Security conferences, risk management events, insurance industry forums
Length: 45–90 minutes
Building an Incident Response Plan That Works Under Pressure
Most IR plans fail their first real test. Mark explains why — and how to build a plan that holds up when the team is stressed, the systems are down, and the clock is running. Includes tabletop exercise design principles.
Best for: Security teams, CISO events, compliance and risk conferences
Length: 45–60 minutes
Why Organizations Book Mark Lynd for Incident Response
150+ incident response tabletop exercises facilitated across SLED, commercial, and enterprise
5x CIO/CISO — has personally managed breach notifications and ransomware responses
#1 ranked global cybersecurity thought leader — Thinkers360 2022–2023
Author of Cyber War: One Scenario — a realistic incident response scenario in narrative form
Available for keynotes, tabletop facilitation, or combined engagements
Customizes every engagement to the organization's industry, size, and threat profile
Frequently Asked Questions
What is an incident response speaker?
An incident response speaker delivers keynotes and facilitates tabletop exercises on how organizations detect, contain, and recover from cyber incidents. Mark Lynd has facilitated 150+ incident response tabletop exercises across SLED, commercial, and enterprise organizations.
What incident response topics does Mark Lynd cover?
Ransomware response and recovery, breach notification and legal obligations, building an incident response plan that works under pressure, tabletop exercise design and facilitation, and the human factors in cyber crisis management.
Can Mark Lynd facilitate a tabletop exercise as well as keynote?
Yes. Mark offers both keynote presentations and hands-on tabletop exercise facilitation. Many organizations book him for a combined engagement: a keynote to set the strategic context, followed by a facilitated tabletop to test the team's response.
How much does an incident response speaker cost?
Mark Lynd's fees range from $15,000 to $50,000+ depending on engagement type (keynote, tabletop, or combined), customization, and travel.