Victor or Victim? Strategies for Avoiding an InfoSec Cold War

Presented at DerbyCon 8.0 Evolution (2018), Oct. 6, 2018, 1 p.m. (50 minutes).

Is your internal red team withholding their TTPs from the defense? Defenders, are you constantly trying to “win” your pentests by fixing vulns on the fly? Have you been on engagements where the blue team starts blocking your ips and targeting you just to prove that they are better, or had pentesters that mock your environment on twitter like you are the butt of an InfoSec joke. These approaches are not working, not only from a personal level but from an industry level. How we choose to work with each other needs to grow if our goal is to protect those around us rather than make a name for ourselves. Come hear stories of offensive engagements done right (and really really wrong), and learn from a seasoned defender and attacker how partnerships should be forged to be most impactful. Victims complain, Victors adapt. Which are you?


Presenters:

Links:

Similar Presentations: