The Current State of Security, an Improv-spection

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, 3:30 p.m. (25 minutes)

"Think ""Whose Line is It Anyway"" meets InfoSec - don't expect to see many slides. This presentation is literally security theater (but this time in a good way). Sean & Nick improv their way through several current challenges in securing networks and discuss ways to improve defenses. Audience participation is mandatory and suggest topics, categories, and wacky APT names from the mundane to the bizarre. From the moment the clock starts, Sean & Nick will do what many in our industry are accused of doing anyway: making things up as we go along! We know we can give some insight, hope to make it fun, and if we’re failing, we’ll revert to props! The dynamic duo will wrap up the improv adventure with a handful of slides that highlight the best methods to defend against the current threats. These slides will summarize the useful information that Nick & Sean had subliminally been providing in between the props and ad hoc skits. Furthermore, the audience will walk away with some actionable tasks to better secure their environment. Suggested audience: skeptics, people a few beers deep, and anyone who wants a different take on the standard infosec talk while still learning some solid methods to protect against modern attacks." Sean Metcalf is founder and principal consultant at Trimarc Security, LLC (www.TrimarcSecurity.com), which focuses on mitigating, detecting, and when possible, preventing modern attack techniques. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) certification, is a Microsoft MVP, and has presented on Active Directory attack and defense at BSides, Shakacon, Black Hat, DEF CON, and DerbyCon security conferences. Sean has provided Active Directory and security expertise to government, corporate, and educational entities since Active Directory was released. He currently provides security consulting services to customers and regularly posts interesting Active Directory security information on his blog, ADSecurity.org. Follow him on Twitter @PyroTek3 Nick Carr is a senior manager of security consulting and incident response at Mandiant. Nick provides expertise as a technical investigative lead and crisis manager for large-scale intrusions. He is also responsible for several monitoring and detection initiatives within Mandiant and implementing attacker methodology detection at FireEye. Prior to joining Mandiant, Nick served as Chief of Technical Analysis and incident response team lead for DHS ICS-CERT, focusing on SCADA systems and critical infrastructure cyber attack readiness and response. A computer engineer and graduate from the Naval Postgraduate School’s Cyber Operations program, Nick has spent his career in computer security, network analysis, and intelligence roles in the U.S. Government and private industry. Sean Metcalf - @PyroTek3 Nick Carr - @ItsReallyNick

Presenters:

• Nick Carr
• Sean Metcalf

Links:

• https://www.derbycon.com/saturday-schedule/#event-150
• https://infocon.org/cons/DerbyCon/DerbyCon 7 2017/The Current State of Security an Improv spection Sean Metcalf Nick Carr.mp4

Similar Presentations:

• Black Hat USA 2016 / Beyond the MCSE: Active Directory for the Security Professional
• NolaCon 2018 / Active Directory Security: The Journey
• TROOPERS18 (2018) / Active Directory Security: The Journey