After the AAR: Turning Lessons Learned into Actions

Presented at Diana Initiative 2023, Aug. 7, 2023, 2 p.m. (90 minutes)

Your organization just completed a cyber tabletop exercise. Now what? Things change quickly in a real-life crisis scenario, and flexibility is critical for strong cyber resilience. In this workshop, participants will brainstorm how to improve its cyber processes and policies after a cyber tabletop exercise. Participants will role-play as C-suite decision-makers in a fictitious organization and develop action items to enhance their Tactics, Techniques, and Procedures (TTP). For more information, please visit: https://www.dianainitiative.org/after-the-aar/

Presenters:

• Frank Clowes - JPMorgan Chase & Co.
  Frank Clowes is an Executive Director and the Global Head of JPMorgan Chase & Co.'s Cybersecurity Red Team where he conducts adversary emulation operations to evaluate and improve the firm's security controls. By donning the hat of an adversary to locate and then remediate discovered weaknesses, Frank is able to say that he "breaks into banks for a living." Frank joined JPMorgan Chase & Co. in 2018 after spending 13 years as a senior leader and hacker for the National Security Agency's Tailored Access Operations. While at the NSA, Frank received awards such as the National Intelligence Exceptional Achievement Medal, multiple National Intelligence Meritorious Unit Citations, and the Global War on Terrorism Expeditionary Medal. Frank received a B.S. in Computer Science with a minor in Mathematics from The Pennsylvania State University. He currently resides in Wilmington, Delaware where he volunteers as President of the Delaware Symphony Orchestra. He is also involved in the broader information security community by volunteering at some of the world's largest information security conferences such as DEF CON and ShmooCon.
• Mone' Ross - JPMorgan Chase & Co.
  Mone' Ross is a Vice President at JPMorgan Chase & Co., where she leads its top-tier cyber client engagement tabletop exercise function. In her role, she advises global clients, vendors, and executive business/technology leaders on enhancing cyber preparedness, validating incident response plans, and testing existing controls. Mone's expertise and career journey have helped her obtain invaluable transferrable skills. Previously, she was a strategist for the U.S. House of Representatives, a cyber intelligence operations program manager supporting the U.S. Coast Guard, and a guest lecturer at Michigan State University. Mone' holds a Bachelor of Arts from Michigan State University and a Master of Professional Studies from Georgetown University. She is a proud native of Detroit, Michigan, and resides in Washington, DC.

Links:

• https://thedianainitiative2023.sched.com/event/1OKdU/after-the-aar-turning-lessons-learned-into-actions

Similar Presentations:

• GrrCON 2017 / Cyber, Cyber, Cyber - Using the killchain to accomplish something
• DEF CON 19 (2011) / An Insider's Look at International Cyber Security Threats and Trends