Blue to Red: Traversing the Spectrum

Presented at Black Hat Europe 2019, Dec. 4, 2019, 9:30 a.m. (60 minutes).

The rising demand for talent to fill thousands of open roles in the security industry has resulted in one significant consequence: overspecialization. This can hinder someone from thinking about the larger picture of security challenges they face and can sometimes be an obstacle to progress. It’s time to get back to basics: Strong fundamentals in InfoSec and computer science are critical when pivoting from one security challenge to the next. In this talk, Amanda will discuss her non-conventional career path in security --from a forensic technician in government, a malware researcher in the private sector, to an offensive engineer on the red team at Facebook--and how a solid grounding in foundational security skills has been an important thread among each role.

It’s important now more than ever to strike the right balance between relying on tooling frameworks and pulling from your security fundamentals. In an industry that evolves at hyper speed, having a strong understanding of the basics, such as computer architecture, code compilation, data structures and algorithms is invaluable --and these skills never have an expiration date.

Another core skill in the toolbox of security fundamentals is an adversarial mindset. The joy of picking things apart and dreaming up out-of-the-box solutions to tackle a thorny problem is a requirement for successful hacking. Amanda will discuss how this is not only essential in red teaming, but in all security roles across the spectrum.


Presenters:

  • Amanda Rousseau - Offensive Security Engineer, Facebook
    Amanda Rousseau is an offensive security engineer on the red team at Facebook. She has been working in the information security industry for 10 years with experience in malware reverse engineering, detection development, and computer forensics. Before Facebook, she was a malware researcher at Endgame and FireEye, and a computer forensic examiner at the U.S. Department of Defense Cyber Crime Center. Amanda is active in the security community and provides reverse engineering trainings, volunteers on DEF CON's Review Board and has spoken at conferences including Black Hat, DEF CON, CanSecWest, 44Con, WiCys, and RSA. She has a master’s degree in information systems engineering from Johns Hopkins University.

Links:

Similar Presentations: