Brad Garnett

Director/GM, Incident Response


Brad Garnett (GCFE, GCFA, GNFA, GCTI) is the Director/ GM for the Talos Incident Response team and is responsible for the overall strategy and Incident Response Services business globally for Cisco. He joined Cisco in 2016 and helped build Cisco's market-leading incident response retainer business. Brad works with global organizations and government entities around the world on incident preparedness, tactical response to computer intrusions, and emerging cyber threats. Brad can uniquely assist executives and key stakeholders with maneuvering assumed cyber risk from a business impacting cybersecurity incident. Brad began his cybersecurity career, while working in U.S. law enforcement. From leading exercises to simulate a major cyber attack to the U.S. power grid and supporting his team on the world's largest stage at Super Bowl 56, Brad sees cyber through unique lens. His vast experience, training, and education come from a blend of his law enforcement, academia, and DFIR (Digital Forensics & Incident Response) background. Brad has served on the board of directors for his local public education foundation and is a TEDx speaker. In 2021, Brad joined the groundbreaking Ransomware Task Force, which is helping shape public policy and strategies for businesses in the fight against ransomware globally to this day. When Brad is not supporting his team in their fight against advanced adversaries targeting fortune 500 environments,he enjoys his family, flying airplanes, foreign policy, working out, airshows, and coaching football.


December 3, 2018


Compromise Assessment vs Threat Hunting

5 min read

While table top exercises are always a hot commodity for our customers, proactive threat hunting and compromise assessments are becoming increasingly popular through our Cisco Incident Response Readiness & Retainer service.

February 28, 2018


The Power of Logging in Incident Response

4 min read

A deep dive into logging as an often-overlooked but powerful tool for incident detection and response “Lack of instrumentation or insufficient logging” is often a phrase used on incident response...

May 10, 2017


Triage Forensics: Leveraging Digital Forensics during Incident Response

4 min read

You have just been notified by a “TLA” (Three Letter Agency), a law enforcement agency, that your organization has suffered a data breach. Depending on your Threat Management Maturity level, you will either approach this methodically or ad-hoc. A TLA notification will generally involve leveraging the expertise of an Incident Response team, either your internal […]