Hacking The Enterprise

Presented at BruCON 0x08 (2016), Oct. 28, 2016, 1:30 p.m. (240 minutes)

This workshop is not about how to digitally raid an enterprise, just to make sure your expectations are set right :) Compliance, rules, and regulations oftentimes lead to frustration for security professionals every day. While these areas don’t contribute toward security on their own, they are part of the reality we live with. Instead of rowing against the stream, the professionals that get stuff done in their organizations are those that are able to leverage those pesky frameworks, laws, and other regulatory requirements to defend budgets, report about security to their management, and build security organizations with a long term view. In this 4 hour workshop, we will lay out the approaches that have worked for us in organizations around the globe (without breaking any NDAs, obviously ;-)) and that can prepare you to become a better negotiator when it matters, be a better, well-rounded security professional, and become an asset to your organization. Topics that will be covered are: - Integrating penetration testing into a risk management framework - Making the most out of your environments’ data - Building and maintaining a security metrics framework - Privacy as a driver for security - Making your security program a reality by leveraging what you already have (instead of buying things you don’t really need) - Becoming the trusted advisor to both your operational peers and your C-level leadership. - Making compliance work

Presenters:

• Wim Remes
• Nathan Magniez

Links:

• https://brucon0x082016.sched.com/event/8YCG/hacking-the-enterprise

Similar Presentations:

• AppSec USA 2015 / Ah mom, why do I need to eat my vegetables?
• Black Hat USA 2010 / Security is Not a Four Letter Word
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??