Today s Rundown 1. What is Red Teaming? 2. So it s just an awesome pen test? 3. Nuts & Bolts of Red Teaming 4. Why should we care? 5.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Today s Rundown 1. What is Red Teaming? 2. So it s just an awesome pen test? 3. Nuts & Bolts of Red Teaming 4. Why should we care? 5."

Transcription

1

2 2

3 3 About Your Trainer Dakota State University faculty member Bank pen testers in a former life Instructor at Secure Banking Solution s Institute ( I m lucky; I don t have a real job like you

4 4 From Madison, SD

5 Today s Rundown 1. What is Red Teaming? 2. So it s just an awesome pen test? 3. Nuts & Bolts of Red Teaming 4. Why should we care? 5. Conclusions; Q&A

6 What is Red Teaming? Born out of the military world A true simulation of an adversary Adversary <> Pen test AKA Full scope testing AKA Tiger Teaming

7 What is Red Teaming? A hacker s doctrine is like nothing you ve seen before {time, defenses, personnel, consequences} don t matter at all Of course, we have to have limits Remember, hackers don t worry about scope

8 technology Blended Threats Social Red Teaming Physical

9 What is Red Teaming? Full scope means FULL score Partners Suppliers Vendors Customers Etc

10 What is Red Teaming? It s truly a question of scope: What do you want tested v. What you should have tested And when/where/how those actions go down

11 So it s just an awesome pen test? There are some huge differences here PT = How are you vulnerable / exploited? Red Team = How do you make money? HUUUGE difference and that s the point!

12 So it s just an awesome pen test? Think of the difference among IT staff and business staff Two ships passing in the night Pen testing hits 5-10% of your BUSINESS Certainly a higher percentage of your tech

13 So it s just an awesome pen test? Red teaming is EXTREMELY personal Would it make a difference to your business model if: The CEO was kidnapped, The web application hacked, or Physical access granted to sensitive areas?

14 So it s just an awesome pen test? Don t be dramatic, sir No, really! Is there enough out there for kidnap? Family/kids tweets, Facebook posts, pics, etc Tons of goodies out there OSINT is an entire hacker world Open Source Intelligence (not touching your systems)

15 So it s just an awesome pen test? Pen testers are nice! They will stay in scope They will play by your rules They are technology guys (you call us nerds)

16 Nuts & Bolts of Red Teaming Red Teamers are true adversaries They target CORE business functions & people Think of a museum

17 Nuts & Bolts of Red Teaming Who LOVES the exhibits? Who lives and die with the collections? Who secured the donation/loan of the items? Who is ultimately responsible for the artifacts? These are the business people!

18 Nuts & Bolts of Red Teaming Who looks over the exhibits? Talks about them from a script? Cleans around them to make them look nice? Hosts tours through them? It s a job. Out of there at 5PM. TGIF. These are the technology people! (not a bad thing, just how it works )

19 Nuts & Bolts of Red Teaming Red Teamers go for your heart 1. What bothers you? 2. What keeps you up at night? 3. How big of a fight are you willing to get in? All that will be dug up and used against you

20 Nuts & Bolts of Red Teaming Remember what PT has historically been Hunting for reds/purples in Nessus Firing exploits based on vuln scanning Signatures say you re vulnerable so do these canned exploits so I guess you are sorry about that pay me $5K

21 Nuts & Bolts of Red Teaming That level of automation is pen testing Red Teaming uses imagination Vulnerability Assessments are even worse! And I know IT guys don t want to hear all of this, but it s the truth

22 Nuts & Bolts of Red Teaming IT guys want to: do PTs pick safe/friendly vendors secure their world only What about physical & operations?

23 Nuts & Bolts of Red Teaming Red Team on site Nobody knows where/when/how/who 99% of the work is already done TONS of leakage by your vendors, personnel, competitors, job postings, BoD members, corporate events, etc

24 Why should we care? The cost per incident is CRAZY $168K in 2006 $5.4M in 2013 Only 52% of breaches involve hacking The stuff PTs are supposed to be mimicking

25 Why should we care? 80% of breaches included using weak or leaked credentials Automated scanners don t catch that stuff Total false sense of security Fraud, stolen hardware, snail mail are still #1 Hacking = 28%; web apps = 9%

26 Why should we care? And the biggest reason: your industry is ready for this Automated PTs are so 2010 Compliance is a roadmap for the bad guys Resource allocation plan

27 Why should we care? Too many firms claim they can do this This isn t a computer guy only job Current PTs are a compliance box checker Other industries are watching you Healthcare, Energy are closely watching

28 Conclusions; Q&A Love to hear from you! Love to come to your events!

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015 Cyber Threats Insights from history and current operations Prepared by Cognitio May 5, 2015 About Cognitio Cognitio is a strategic consulting and engineering firm led by a team of former senior technology

More information

Application Security Testing. Jesper Kråkhede

Application Security Testing. Jesper Kråkhede Application Security Testing Jesper Kråkhede AST 2015-10-22 2 Others call it security and try to avoid it I call it passion and dive right into it Jesper Kråkhede Worked as a security consultant for 17

More information

Best Practices Top 10: Keep your e-marketing safe from threats

Best Practices Top 10: Keep your e-marketing safe from threats Best Practices Top 10: Keep your e-marketing safe from threats Months of work on a marketing campaign can go down the drain in a matter of minutes thanks to an unforeseen vulnerability on your campaign

More information

White Hats and Ethical Hacking: What You ve Been Doing Wrong. FocusOn CyberSecurity 30 March 2016

White Hats and Ethical Hacking: What You ve Been Doing Wrong. FocusOn CyberSecurity 30 March 2016 White Hats and Ethical Hacking: What You ve Been Doing Wrong FocusOn CyberSecurity 30 March 2016 Overview Vulnerability assessments and penetration testing What goes wrong The future of penetration testing

More information

REAL SECURITY IS DIRTY

REAL SECURITY IS DIRTY REAL SECURITY IS DIRTY INFORMATION SECURITY AND RISK MANAGEMENT ARE PURSUITS OF BRUTAL SELF- REFLECTION. The most logical business decisions come from facing ugly truths. Before any business spends a dime

More information

How to Justify Your Security Assessment Budget

How to Justify Your Security Assessment Budget 2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice

More information

Why You Need to Test All Your Cloud, Mobile and Web Applications

Why You Need to Test All Your Cloud, Mobile and Web Applications Why You Need to Test All Your Cloud, Introduction In a recent survey of security executives, more than 70 percent of respondents acknowledged that they are performing vulnerability tests on fewer than

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

A Simple Guide to Successful. Penetration Testing

A Simple Guide to Successful. Penetration Testing A Simple Guide to Successful Penetration Testing Table of Contents Penetration Testing, Simplified. Scanning is Not Testing. Test Well. Test Often. Pen Test to Avoid a Mess. Six-phase Methodology. A Few

More information

WHITE PAPER: THREAT INTELLIGENCE RANKING

WHITE PAPER: THREAT INTELLIGENCE RANKING WHITE PAPER: THREAT INTELLIGENCE RANKING SEPTEMBER 2015 2 HOW WELL DO YOU KNOW YOUR THREAT DATA? HOW THREAT INTELLIGENCE FEED MODELING CAN SAVE MONEY AND PREVENT BREACHES Who are the bad guys? What makes

More information

Big Data and Security: At the Edge of Prediction

Big Data and Security: At the Edge of Prediction Big Data and Security: At the Edge of Prediction Mark Seward Splunk Inc. Fred Wilmot Splunk Inc. Session ID: Session Classification: SPO2-T17 Intermediate The Way Cyber Adversaries Think Where is the most

More information

STAY SECURE. Application Security Testing. Jesper Kråkhede

STAY SECURE. Application Security Testing. Jesper Kråkhede VELKOMMEN! 1 STAY SECURE Application Security Testing Jesper Kråkhede 2 Security testing 2016-05-11 3 Others call it security and try to avoid it I call it passion and dive right into it Jesper Kråkhede

More information

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations

More information

IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 MIKE.ZUSMAN@CARVESYSTEMS.COM

IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 MIKE.ZUSMAN@CARVESYSTEMS.COM IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 SECURITY IS A PROCESS, NOT A STATE CARVE SYSTEMS LLC MIKE.ZUSMAN@CARVESYSTEMS.COM Carve s Roots (tl;dr)

More information

The Kids Book About Family Fighting. By Family Fighting Expert 2009 Erik Johnson www.conflictmediationcoach.com

The Kids Book About Family Fighting. By Family Fighting Expert 2009 Erik Johnson www.conflictmediationcoach.com The Kids Book About Family Fighting By Family Fighting Expert 2009 Erik Johnson www.conflictmediationcoach.com 1 When a family experiences stress or anxiety they cope by taking on roles to avoid or deflect

More information

Penetration Testing: Lessons from the Field

Penetration Testing: Lessons from the Field Penetration Testing: Lessons from the Field CORE SECURITY TECHNOLOGIES SCS SERVICES May 2009 1 Agenda: About me: Alberto Soliño Director of Security Consulting Services at Core Security One of first five

More information

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007 CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks - 5 month later Date: 19 th October 2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of

More information

Social-Engineering. Hacking a mature security program. Strategic Penetration Testing

Social-Engineering. Hacking a mature security program. Strategic Penetration Testing Social-Engineering Hacking a mature security program Strategic Penetration Testing Dave Kennedy (ReL1K) http://www.secmaniac.com twitter: Dave_ReL1K A Mature Security Program. Companies have invested a

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

Security Testing Fundamentals

Security Testing Fundamentals Security Testing Fundamentals SecAppDev 2013 Leuven, Belgium 4-8 March 2013 Confessions of a pen tester Typical scenario looks like this Customer calls and asks for a test 2-3 weeks prior to product going

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Harness Your Robot Army for Total Vulnerability Management

Harness Your Robot Army for Total Vulnerability Management Harness Your Robot Army for Total Vulnerability Management 2015 Triangle InfoSeCon Jonathan Knudsen October 8, 2015 2015 Synopsys, Inc. 1 Contents Security Is Easy Builders and Buyers Software Vulnerabilities

More information

How-To Guide: Cyber Security. Content Provided by

How-To Guide: Cyber Security. Content Provided by How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses

More information

Data Centric Security: The Village Idiot lives in the Castle

Data Centric Security: The Village Idiot lives in the Castle Data Centric Security: The Village Idiot lives in the Castle Michael A. Davis Chief Executive Officer Savid Technologies, Inc. http://www.savidtech.com Copyright 2011Savid Technologies, Inc. All Rights

More information

CYBER SECURITY: A REPORT FROM THE TRENCHES 2015 AGC NATIONAL & CHAPTER LEADERSHIP CONFERENCE MIKE.ZUSMAN@CARVESYSTEMS.COM

CYBER SECURITY: A REPORT FROM THE TRENCHES 2015 AGC NATIONAL & CHAPTER LEADERSHIP CONFERENCE MIKE.ZUSMAN@CARVESYSTEMS.COM CYBER SECURITY: A REPORT FROM THE TRENCHES 2015 AGC NATIONAL & CHAPTER LEADERSHIP CONFERENCE SECURITY IS A PROCESS, NOT A STATE CARVE SYSTEMS LLC MIKE.ZUSMAN@CARVESYSTEMS.COM How did I get here? (short

More information

Successful Strategies for QA- Based Security Testing

Successful Strategies for QA- Based Security Testing Successful Strategies for QA- Based Security Testing Rafal Los Enterprise & Cloud Security Strategist HP Software 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject

More information

Pentesting for fun... and profit! David M. N. Bryan and Rob Havelt

Pentesting for fun... and profit! David M. N. Bryan and Rob Havelt Pentesting for fun... and profit! David M. N. Bryan and Rob Havelt Agenda Who are David & Rob? Why are we experts? Why do penetration tests? What is a penetration test? What is the goal? Some says it s

More information

Corporate Security in 2016.

Corporate Security in 2016. Corporate Security in 2016. A QA Report Study Highlights According to ThreatMetrix, businesses in the UK are at greater risk of cybercrime than any other country in the world. In a recent survey carried

More information

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013 Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory

More information

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper Safeguarding data through increased awareness November 2015 1 Contents Executive Summary 3 Introduction 4 Martime Security 5 Perimeters Breached

More information

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information

More information

A Network Administrator s Guide to Web App Security

A Network Administrator s Guide to Web App Security A Network Administrator s Guide to Web App Security Speaker: Orion Cassetto, Product Marketing Manager, Incapsula Moderator: Rich Nass, OpenSystems Media Agenda Housekeeping Presentation Questions and

More information

Small Business Owners: How You Can-and Must-Protect Your Business From The IRS If You Have Payroll Tax Problems!

Small Business Owners: How You Can-and Must-Protect Your Business From The IRS If You Have Payroll Tax Problems! E N O, B O U L A Y, M A R T I N & D O N A H U E, L L P SPECIAL SMALL BUSINESS TAX REPORT Inside this Special Report Small Business Owners: How You Can-and Must-Protect Your Business From The IRS If You

More information

When you are contacting your leads it s very important to remember a few key factors:

When you are contacting your leads it s very important to remember a few key factors: How to Work MLM Experience Leads: Congratulations on your choice to start contacting people who have done some type of direct sales / home biz / network marketing business in the past and could possibly

More information

How to make more money in forex trading. 2003 W. R. Booker & Co. All rights reserved worldwide, forever and ever and ever.

How to make more money in forex trading. 2003 W. R. Booker & Co. All rights reserved worldwide, forever and ever and ever. The 10 Rules How to make more money in forex trading. 2003 W. R. Booker & Co. All rights reserved worldwide, forever and ever and ever. 2 10 Rules Page 2 Rule #1: Never lie to anyone. Never lie to yourself

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST. CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape

More information

Attribution: The Holy Grail or Waste of Time? Billy Leonard Google Should this be the end, our Holy Grail? How s that picture going to help you now? But, the pictures make me safer! We can do better. Our

More information

WHITE PAPER. Running. Windows Server 2003. in a Post-Support World. By Nick Cavalancia

WHITE PAPER. Running. Windows Server 2003. in a Post-Support World. By Nick Cavalancia Running Windows Server 2003 in a Post-Support World By Nick Cavalancia TABLE OF CONTENTS Introduction 1 The Challenge of Staying on Windows Server 2003 2 Building a Vulnerability Mitigation Strategy 4

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE: PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration

More information

The IT Advisor. Cost of Your. March 2015. Inside This Issue

The IT Advisor. Cost of Your. March 2015. Inside This Issue www.asgct.com Tel: 203-440-4413 As a business owner, you may be too busy running your business to worry about the security, reliability, stability, or problems with your computer network. ASG Information

More information

Mobile Application Security Study

Mobile Application Security Study Report Mobile Application Security Study 2013 report Table of contents 3 Report Findings 4 Research Findings 4 Privacy Issues 5 Lack of Binary Protection 5 Insecure Data Storage 5 Transport Security 6

More information

Optimizing Network Vulnerability

Optimizing Network Vulnerability SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965

More information

Internet infrastructure

Internet infrastructure Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 2015-2016 1 Topic Vulnerability and patch management (c) A. Mariën 2015-2016 2 Requirements Security principle: Everything can and will

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007 CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of contents Table of contents...

More information

Penetration Testing Services. Demonstrate Real-World Risk

Penetration Testing Services. Demonstrate Real-World Risk Penetration Testing Services Demonstrate Real-World Risk Penetration Testing Services The best way to know how intruders will actually approach your network is to simulate a real-world attack under controlled

More information

What is Penetration Testing?

What is Penetration Testing? White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking

More information

The FACTS About Consumer Internet Usage

The FACTS About Consumer Internet Usage By: Steve Boxall WebPresence4U www.webpresence4u.co.uk 0844 357 5729 steveb@webpresence4u.co.uk The FACTS About Consumer Internet Usage WebPresence4U Customer Getting Services 0844 357 5729 www.webpresence4u.co.uk

More information

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014 Security Testing Vulnerability Assessment vs Penetration Testing Gabriel Mihai Tanase, Director KPMG Romania 29 October 2014 Agenda What is? Vulnerability Assessment Penetration Testing Acting as Conclusion

More information

SHOULD I BE CONCERNED ABOUT CYBER SECURITY? OR IS THE BETTER QUESTION WHAT IS CYBER SECURITY?!!!?

SHOULD I BE CONCERNED ABOUT CYBER SECURITY? OR IS THE BETTER QUESTION WHAT IS CYBER SECURITY?!!!? SHOULD I BE CONCERNED ABOUT CYBER SECURITY? OR IS THE BETTER QUESTION WHAT IS CYBER SECURITY?!!!? What we are not going to discuss: Understand, I am not a computer guru. My knowledge is probably more limited

More information

Cyber Watch. Written by Peter Buxbaum

Cyber Watch. Written by Peter Buxbaum Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs

More information

BT Assure Threat Intelligence

BT Assure Threat Intelligence BT Assure Threat Intelligence Providing you with the intelligence to help keep your organisation safe BT Assure. Security that matters At all times, organisations are vulnerable to all kinds of cyber attacks

More information

Anthem Hack, Cracked

Anthem Hack, Cracked Anthem Hack, Cracked Failed SIEM Deployment Jolts Industry Today, with so much finger-pointing and talk about Anthem Blue Cross, security failures, who s doing what and who s getting hacked, one of the

More information

Testing Your Security A Security Testing How To From Someone Who s Likely Broken Into An Organization Just Like Yours

Testing Your Security A Security Testing How To From Someone Who s Likely Broken Into An Organization Just Like Yours Testing Your Security A Security Testing How To From Someone Who s Likely Broken Into An Organization Just Like Yours Tom Liston Senior Security Consultant InGuardians, Inc. Director InGuardians Labs tom@inguardians.com

More information

How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security

How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security PART 1 - COMPLIANCE STANDARDS PART 2 SECURITY IMPACT THEMES BUILD A MODEL THEMES MONITOR FOR FAILURE THEMES DEMONSTRATE

More information

The Penetration Testing Execution Standard (PTES) Dave Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K

The Penetration Testing Execution Standard (PTES) Dave Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K Changing Social-Engineering an Industry The Penetration Testing Execution Standard (PTES) Dave Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K Before we start Open discussion Shouldn t be

More information

How Top Home Improvement Pros Boost their Bottom Line:

How Top Home Improvement Pros Boost their Bottom Line: How Top Home Improvement Pros Boost their Bottom Line: Manage and Track Your Leads to Win More Deals and Earn More Profit CONTENTS PART I: MISSING PUZZLE PIECES PART II: HOW TO NURTURE YOUR LEADS CONCLUSION

More information

Mobile Device Mismanagement Vulnerabili*es in MDM Solu*ons and their impact

Mobile Device Mismanagement Vulnerabili*es in MDM Solu*ons and their impact Mobile Device Mismanagement Vulnerabili*es in MDM Solu*ons and their impact Stephen Breen 06 AUG 2014 Bios Stephen Breen Senior Consultant Christopher Camejo Director of Assessment Services 2 Contents

More information

MAXIMIZING THE VALUE OF YOUR NETWORK PENETRATION TESTS. Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM

MAXIMIZING THE VALUE OF YOUR NETWORK PENETRATION TESTS. Jay Ferron. CEHi, CISSP, CHFIi, C)PTEi, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM MAXIMIZING THE VALUE OF YOUR NETWORK PENETRATION TESTS Jay Ferron CEHi, CISSP, CHFIi, C)PTEi, CRISC, CVEi, MCITP, MCSE, MCT, MVP, NSA-IAM jferron@interactivesecuritytraining.com blog.mir.net 203-675-8900

More information

EMERGENT TECHNOLOGY #CRE

EMERGENT TECHNOLOGY #CRE EMERGENT TECHNOLOGY #CRE About Me Co-Founder & CEO of PropertyCapsule.com, 2011 Cloud-based Property Portfolio Tools for Deal Makers Modules for ipad, Web, Mobile, Print, Tradeshow Kiosk, Desktop & Leave-Behind

More information

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01 How to build and use a Honeypot By Ralph Edward Sutton, Jr DTEC 6873 Section 01 Abstract Everybody has gotten hacked one way or another when dealing with computers. When I ran across the idea of a honeypot

More information

The Five Most Common Cyber-Attack Myths Debunked

The Five Most Common Cyber-Attack Myths Debunked cybereason The Five Most Common Cyber-Attack Myths Debunked 2016 Cybereason. All rights reserved. 1 Cyber attacks show no sign of decreasing any time soon. If anything, hackers have expanded the type of

More information

Are You A Sitting Duck?

Are You A Sitting Duck? The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

Hobbled Penetration Testing: The Disconnect Between Testing and Real Attacks

Hobbled Penetration Testing: The Disconnect Between Testing and Real Attacks Hobbled Penetration Testing: The Disconnect Between Testing and Real Attacks Jason Wood Principal Security Consultant Secure Ideas Background Info Principal Security Consultant at Secure Ideas Penetration

More information

Penetration Testing Ninjitsu 2: Crouching Netcat, Hidden Vulnerabilities. By Ed Skoudis

Penetration Testing Ninjitsu 2: Crouching Netcat, Hidden Vulnerabilities. By Ed Skoudis Penetration Testing Ninjitsu 2: Crouching Netcat, Hidden Vulnerabilities By Ed Skoudis Copyright 2008, SANS Version 2Q08 Network Pen Testing & Ethical Hacking - 2008, Ed Skoudis 1 This Webcast and the

More information

31 TIPS FOR GENERATING B2B WEBSITE LEADS

31 TIPS FOR GENERATING B2B WEBSITE LEADS 31 TIPS FOR GENERATING B2B WEBSITE LEADS A GUIDE FOR SMALL AND MID-SIZED BUSINESSES Dianna Huff, 2013 My website s not getting any leads! As someone who works with small business owners, I hear this complaint

More information

How to Get from Scans to a Vulnerability Management Program

How to Get from Scans to a Vulnerability Management Program How to Get from Scans to a Vulnerability Management Program Gary McCully Any views or opinions presented are solely those of the author and do not necessarily represent those of SecureState LLC. Synopsis

More information

Recap of the National Corvette Museum Trip attended by the Sam Houston Corvette Club

Recap of the National Corvette Museum Trip attended by the Sam Houston Corvette Club Recap of the National Corvette Museum Trip attended by the Sam Houston Corvette Club September 23 rd 28 th, 2015 So, as the newly appointed NCM Ambassador (at the beginning of the year), I felt it was

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

Quarterly Cybersecurity BILT Meeting August 6, 2014. Meeting Minutes

Quarterly Cybersecurity BILT Meeting August 6, 2014. Meeting Minutes Quarterly Cybersecurity BILT Meeting August 6, 2014 Meeting Minutes ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Welcome

More information

[ INTRODUCTION ] A lot has changed since 1992, except for everything that hasn t. We come from a place you ve probably never heard of.

[ INTRODUCTION ] A lot has changed since 1992, except for everything that hasn t. We come from a place you ve probably never heard of. [ INTRODUCTION ] A businessman goes to see about a girl. They fall in love. They get married. The girl doesn t want to leave her family. He plants his roots and starts a business. Together they raise three

More information

Virtual Flips QUICK Start Guide

Virtual Flips QUICK Start Guide Virtual Flips QUICK Start Guide The Ultimate Virtual Real Estate wholesaling 7 step action plan By Christopher Seder Copyright 2014 VirtualFlips.com, and Christopherseder.com, All rights reserved. No part

More information

Topic 1 Lesson 1: Importance of network security

Topic 1 Lesson 1: Importance of network security Topic 1 Lesson 1: Importance of network security 1 Initial list of questions Why is network security so important? Why are today s networks so vulnerable? How does Melissa virus work? How does I love you

More information

After the Attack: RSA's Security Operations Transformed

After the Attack: RSA's Security Operations Transformed After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security

More information

Top Security Challenges Facing Credit Unions Today. Chris Gates Lares Consulting

Top Security Challenges Facing Credit Unions Today. Chris Gates Lares Consulting Top Security Challenges Facing Credit Unions Today Chris Gates Lares Consulting 24 September 2013 A Little About Me Chris Gates Employment History: Partner, Lares Senior Security Consultant-Rapid7 Network

More information

A lot has changed since 1992, except for everything that hasn t. We come from a place you ve probably never heard of.

A lot has changed since 1992, except for everything that hasn t. We come from a place you ve probably never heard of. THE MANIFESTO [ INTRODUCTION ] A businessman goes to see about a girl. They fall in love. They get married. The girl doesn t want to leave her family. He plants his roots and starts a business. Together

More information

5 Closes to a Managed Services Sale

5 Closes to a Managed Services Sale 5 Closes to a Managed Services Sale In the Managed Services environment, you most often don t close a client on one conversation or in one chance meeting. Instead, there are 5 closes that pull a prospect

More information

Welcome to the Protecting Your Identity. Training Module

Welcome to the Protecting Your Identity. Training Module Welcome to the Training Module 1 Introduction Does loss of control over your online identities bother you? 2 Objective By the end of this module, you will be able to: Identify the challenges in protecting

More information

Penetration Testing Walkthrough

Penetration Testing Walkthrough Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...

More information

Cybersecurity: Safeguarding Your Business in the Digital Age

Cybersecurity: Safeguarding Your Business in the Digital Age Cybersecurity: Safeguarding Your Business in the Digital Age Introduction The digitization of our society has had a powerful impact on the ways in which organizations work and relate to their customers

More information

Dallas, TX September 10. Chairman: Lance Spitzner

Dallas, TX September 10. Chairman: Lance Spitzner Dallas, TX September 10 Chairman: Lance Spitzner AGENDA All Summit Sessions will be held in the Vista Ballroom (unless noted). All approved presentations will be available online following the Summit

More information

1 Predictive Intruder monitoring and prevention

1 Predictive Intruder monitoring and prevention 1 Predictive Intruder monitoring and prevention This article explores the possibilities and the cost savings that could be gained by integrating IDS, vulnerability scanning and patch management. 1.1 What

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

31 Ways To Make Your Computer System More Secure

31 Ways To Make Your Computer System More Secure 31 Ways To Make Your Computer System More Secure Copyright 2001 Denver Tax Software, Inc. 1. Move to more secure Microsoft Windows systems. Windows NT, 2000 and XP can be made more secure than Windows

More information

The Truth About Enterprise Mobile Security Products

The Truth About Enterprise Mobile Security Products The Truth About Enterprise Mobile Security Products Presented by Jack Madden at TechTarget Information Security Decisions 2013 Welcome to my enterprise mobile security product session! Instead of printing

More information

Red Teams: Toward radical innovation

Red Teams: Toward radical innovation Red Teams: Toward radical innovation July 2005 Executive summary Red Teams assume the role of the outsider to challenge assumptions, look for unexpected alternatives and find the vulnerabilities of a new

More information

Things To Do After You ve Been Hacked

Things To Do After You ve Been Hacked Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

Big Data, Big Mess: Sound Cyber Risk Intelligence through Complete Context

Big Data, Big Mess: Sound Cyber Risk Intelligence through Complete Context Big Data, Big Mess: Sound Cyber Risk Intelligence through Complete Context Introduction When it comes to cybersecurity, perhaps nothing has been as highly touted as the answer to every executive s prayers

More information

Adventures in Insurance Land: Weaknesses in Risk Pricing & Alternatives

Adventures in Insurance Land: Weaknesses in Risk Pricing & Alternatives Adventures in Insurance Land: Weaknesses in Risk Pricing & Alternatives SESSION ID: GRC-W01 Tim West Senior Consultant Accuvant Advisory Services @west_tim Jamie Gamble Principal Consultant Accuvant LABS

More information

E-mail Marketing for Martial Arts Schools:

E-mail Marketing for Martial Arts Schools: E-mail Marketing for Martial Arts Schools: Tips, Tricks, and Strategies That Will Send a Flood of New Students into Your School Practically Overnight! By Michael Parrella CEO of Full Contact Online Marketing

More information

Top Security Challenges Facing Credit Unions Today. Chris Gates Lares Consulting

Top Security Challenges Facing Credit Unions Today. Chris Gates Lares Consulting Top Security Challenges Facing Credit Unions Today Chris Gates Lares Consulting 24 September 2013 A Little About Me Chris Gates Employment History: Partner, Lares Senior Security Consultant-Rapid7 Network

More information

"A Young Child's Point of View on Foster Care and Adoption"

A Young Child's Point of View on Foster Care and Adoption "A Young Child's Point of View on Foster Care and Adoption" Michael Trout Director, The Infant-Parent Institute Reprinted by permission Mr. Trout is a trainer and course leader in infant mental health,

More information

New Zealand Company Six full time technical staff Offices in Auckland and Wellington

New Zealand Company Six full time technical staff Offices in Auckland and Wellington INCREASING THE VALUE OF PENETRATION TESTING ABOUT YOUR PRESENTER Brett Moore Insomnia Security New Zealand Company Six full time technical staff Offices in Auckland and Wellington Penetration Testing Web

More information

Hacking: What You Need To Know. Presented by Keystone Computer Concepts

Hacking: What You Need To Know. Presented by Keystone Computer Concepts Hacking: What You Need To Know Presented by Keystone Computer Concepts Before we get started: From now on, when you view the PowerPoint presentation from any of our webinars, you ll be able to read our

More information

The Security Gap. Philip Young aka Soldier of Fortran @mainframed767

The Security Gap. Philip Young aka Soldier of Fortran @mainframed767 The Security Gap Philip Young aka Soldier of Fortran @mainframed767 DISCLAIMER All research was done under personal time. I am not here in the name of, or on behalf of, my employer. Any views expressed

More information

MAXIMUM PROTECTION, MINIMUM DOWNTIME

MAXIMUM PROTECTION, MINIMUM DOWNTIME MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is

More information