Blue Team Reboot: Adaptive Proactive Defence Strategy

Presented at Hackfest 2016, Nov. 4, 2016, 10 a.m. (60 minutes)

How about this: a blue team talk given by red teamers. But here's our rationale - your best defence right now is a strategic offence. The rules of the game have changed and we need to get defence up to speed.

We'll show you what the key elements are in a good defence strategy; what you can and need to be using to full advantage. We'll talk about the new "buzzwords" and how they apply: visibility; patterns; big data. There's a whole lotta data to wrangle, and you aren't seeing the whole picture if you aren't doing things right. Threat intel is about getting the big picture as it applies to you. You'll learn the importance of context and prioritization so that you can manipulate intel feeds to do your bidding. And then we'll take things further and talk about hunting the adversary, using an update on proven methodologies.

We'll show you how to understand your data, correlate threats and pin point attacks. Attendees will leave with a new understanding of the resources they have on hand, and how to leverage those into an Adaptive Proactive Defense Strategy.

Presenters:

• Cheryl Biswas / 3ncr1pt3d   as Cheryl Biswas
  Cheryl Biswas is part of KPMG Canada's cybersecurity team in threat Intel. An early love of StarTrek eventually evolved into a fascination with APTs, ICS SCADA, mainframes, Shadow It and Big Data. She wields her specialized honors degree in political science and ITIL designation as she builds bridges along with security awareness. In addition to speaking at BSidesLV, Circle City, BSidesTO and the upcoming SecTor, Cheryl has been a guest on podcasts and television, and is an active writer and blogger. You'll find her on Twitter as @3ncr1pt3d.
• Haydn Johnson
  Haydn Johnson has over 3 years of information security experience within the Big4, including network/web penetration testing, vulnerability assessments, identity and access management, and cyber threat intelligence. He has a Masters in Information Technology, the OSCP and GXPN certifications. Haydn regularly contributes to the InfoSec community primarily via Twitter and has spoken at BSides Toronto, Bsides Las Vegas, and Circle City Con. Haydn wants to be a Purple Teamer when he grows up.

Links:

• https://hackfest.ca/en/2016/speakers2016/#Cheryl
• https://infocon.org/cons/Hackfest/Hackfest 8 2016/Hackfest 2016 - Cheryl Biswas & Haydn Johnson presented Blue Team Reboot.mp4
• https://www.youtube.com/watch?v=bd9g--uq7PE

Similar Presentations:

• Still Hacking Anyway (SHA2017) / Digital personal locker: New paradigm in handling personal (health) data
• Kernelcon 2022 / The Hand That Feeds: How to Misuse Kubernetes
• DEF CON 24 (2016) / Vulnerabilities 101: How to Launch or Improve Your Vulnerability Research Game