Security automation is on everyone's wish list. It’s no wonder, given the promise and hype surrounding machine learning, artificial intelligence and how they will solve security problems. Nevertheless, getting management buy-in for automation remains a challenge especially when it comes to the unattended orchestration of security tools for incident response. In this session, a former Incident Response and Security Operations expert will discuss common automation pitfalls and how to avoid them to implement a state-of-the-art incident response program. Based on real-word incident response and computer forensic case studies, the speaker will explain what operations should and should not be automated, where automation can be used as a force multiplier and how to avoid getting caught up in the automation frenzy that creates more, not less, work for the security operations team. Finally, he will present a set of best practices that attendees can use to assess their SOC orchestration and automation needs, develop an incident response program and integrate the required infrastructure to automate workflows and case management for remediating incidents.