Presented at
Black Hat Europe 2017,
Dec. 7, 2017, 2:15 p.m.
(25 minutes).
Most people don't have movies and TV shows made about their jobs. X-Force Red does. X-Force Red is IBM's new elite team of what the security industry calls penetration testers but most people call them hackers. It's a common misunderstanding that "hacker" refers to a computer criminal. Our team attacks networks and applications from technologies such as cloud, mobile, IoT, and just about anything else before the bad guys. In many ways, penetration testing is more challenging than what criminals do. Criminals only need to find one way in, but X-Force Red testers aim to find all the flaws in their target, then help the client fix them. Come to this session to hear some real-world stories of legal hacking… some funny, some scary.
Presenters:
-
Thomas MacKenzie
- X-Force Red Associate Partner UKI and Europe, IBM Security
Thomas MacKenzie is the Associate Partner of Europe for X-Force Red, IBM's elite security testing team. Thomas began his career in information security at a boutique firm in the North of England (UK) where he was employed as a security engineer in a web application security testing team. Following on from this position, Thomas spent the majority of his time focusing on application security at multiple companies including Trustwave's Spiderlabs, Visa Europe and finally NCC Group. In recent years, Thomas worked as the commercial manager for a dedicated transport cyber security practice within NCC Group assisting companies within the automotive, maritime, aerospace and rail industries ensure that their vehicles and connected infrastructure were secure. Thomas was the co-founder of an advisory management system called upSploit, an automated disclosure system that helped security researchers and vendors communicate vulnerability information quickly, easily and in an ethical manner. upSploit predated modern bug bounty and vulnerability management frameworks that are popular today. Speaking engagements include BlackHat, Bsides, OWASP, DC4420, 44CON and DeepSec.
Links:
Similar Presentations: