In the last decade, the size, severity and frequency of data breaches continues to grow. We have seen millions of customer records, intellectual property and trade secrets being stolen from organizations around the world. In many cases, these attacks were successful, despite previous investments in these organizations security response centers to security incidents (CSIRT) dedicated to preventing such attacks. Regardless of these investments, the true nature and scope of these violations, it was often not known until third party consultants were engaged outside. CIRTs Why Many seem to be failing in its primary task? Often CIRTs internal employee or simply have kept neccessário the talent to detect and mitigate threats made against their organizations. This presentation will provide a case study on the development of a CSIRT team within a large multinational company. Provide guidance and lessons learned to the real world, we will focus on the various necessary for personal CSIRT expertise, as well as the structure and organizational culture neccessary to succeed.