SexyDefense – The Red Team tore you a new one. NOW WHAT?

Presented at DerbyCon 2.0 Reunion (2012), Sept. 28, 2012, 8 p.m. (50 minutes)

Offensive talks are easy, I know. But the goal of offensive security at the end of the day is to make us better defenders. And that’s hard. Usually after the pentesters (or worst – red team) leaves, there’s a whole lot of mess of vulnerabilities, exposures, threats, risks and wounded egos. Now comes the money time – can you fix this so your security posture will actually be better the next time these guys come around?

This talk focuses mainly on what should be done (note – no what should be BOUGHT – you probably have most of what you need already in place and you just don’t know it yet).

The talk will show how to expand the spectrum of defenders from a reactive one to a proactive one, will discuss ways of performing intelligence gathering on your opponents, and modeling that would assist in focusing on an effective defense rather than a “best practice” one. Methodically, defensively, decisively. Just like the red-team can play ball cross-court, so should you!

Presenters:

• Iftach Ian Amit   as Ian Amit
  With over a decade of experience in the information security industry, Iftach Ian Amit brings a mixture of software development, OS, network and Web security expertise as Director of Services to the top-tier security consulting firm IOActive. Prior to IOActive, Ian was the VP consulting for Security Art, Ian also held Director of Security Research positions with Aladdin and Finjan, leading their security research while positioning them as leaders in the Web security market. Ian has also held leadership roles as founder and CTO of a security startup in the IDS/IPS arena, developing new techniques for attack interception, and a director at Datavantage, responsible for software development and information security, as well as designing and building a financial datacenter. Prior to Datavantage, he managed the Internet Applications as well as the UNIX departments at the security consulting firm Comsec. Ian is also the founder of the local DefCon group in Tel-Aviv DC9723, as well as one of the founding members of the PTES (Penetration Testing Execution Standard), and the IL-CERT.

Similar Presentations:

• BSidesLV 2023 / You've Gained +2 Perception! Leveling Up Your Red Team with a New Maturity Model
• DEF CON 24 (2016) / So You Think You Want To Be a Penetration Tester
• Black Hat USA 2012 / SexyDefense - Maximizing the Home-Field Advantage