Josh Lemon is an independent digital forensics and incident response expert in Australia. He has two decades of experience working on large and complex security incidents and investigations with large multinational organisations, government agencies, law enforcement, law firms, and local businesses to help them detect, investigate and eradicate cybercriminals and targeted threat actors from their networks. Josh is currently providing DFIR services to Uptycs as their Director of global Managed Detection and Response (MDR), helping to secure some of the largest international brands from cyberattacks. He is the co-author of the SANS Institute “Enterprise Cloud Forensics” (FOR509) and “DFIR NetWars” courses, along with being a Principal Instructor for the “Advanced Incident Response and Threat Hunting” (FOR508) and the “Advanced Network Forensics and Threat Hunting” (FOR572) courses.
Josh is passionate about helping the cybersecurity community through his work as an Advisory Board Member to Cydarm Technologies, a young Australian company making collaboration for incident response easier. Josh also presents research at international conferences, supports open-source projects, and provides voluntary support in an Advisory role to BSides Sydney.
Josh’s previous roles included Managing Director at Ankura, where he led Ankura’s APAC digital forensics and incident response practice. Director at Salesforce.com in their international Salesforce Security Response Centre, where he led the strategic response and research unit responsible for looking at new cutting-edge ways to approach incident response at scale. He was also the CSIRT Manager for the Commonwealth Bank of Australia, where he built a team of advanced responders that investigated malicious security incidents for local and international operations. Before that, he worked as a Managing Consultant for BAE Systems Applied Intelligence, where he was responsible for all technical cybersecurity services for the Asia Pacific region, including overseeing large and complex incident response and offensive security engagements.
Josh has a varied background in the cybersecurity industry ranging from; Project Management, Lead Incident Responder, Forensics Analysis, Reverse Engineering, Penetration Testing, Secure Network Design, and Software Development. He currently holds a GCFR, GREM, GCFA, GDAT, GNFA, GCIH, GPEN, GPYC and lectures on investigating cyberattacks at Universities in APAC and to international audiences for the SANS Institute.