Malware Unicorn invited Kelly and I to present at Dead Drop SF on the topic of red teaming. Summarized some thoughts on approaching table top exercises, threat-based scenario testing, and continuous security via always running monitoring of asset changes and vulnerability assessment. Demonstrated a few tools developed by our team:
When it comes to cybersecurity, the victim mindset is all too pervasive. Everyone is convinced a breach is imminent - and that this attitude justifies over-investing in defenses instead of focusing on emerging threats. In this presentation, we will discuss why this approach is unsustainable and why red teaming is worth your organization's time and money in addition to the ways most organizations are compromised. As well, we will touch upon what you must consider before embarking on a red team engagement.
(This was originally presented on November 6, 2018 as a Practicing Law Institute SFO seminar with Vinnie.)
My friend Brianna and I also had an epic debate at NBT. JSON Derulo was my alter ego arguing for continuous security testing and red teaming being the future as opposed to point-in-time testing by taking the adversary perspective: