Offensive Vendor Reviews

Presented at ToorCamp 2014, July 10, 2014, 3 p.m. (20 minutes).

How do you choose who your company trusts? It is said that the best defense is a good offense, so why are so many organizations not offensive in their defense? Offensive Vendor Reviews looks at how companies deal with risk from outside companies. I look at some examples of where vendor reviews fail, and give some ideas of how to perform a vendor review. An Offensive Vendor Review is the practice of gathering real information on the companies your business uses the services of. Do you know who is on your network using your resources? Do you know how good their security is? Most importantly how do you sell this to management? Learn how to answer these questions and more in Offensive Vendor Reviews. While most content in this talk are related to research and practices developed at my employer they do not necessarily represent the views of said company.

Presenters:

• Carl Sue
  Carl Sue is an experienced security professional with primary focuses in Application Security and Penetration Testing. With experience in the finance industry, Carl currently works as internal Application security for an accounting SAAS application. Security interests include Application security, Penetration Testing, Rounded Security Methodology, and Red Team. I'm always interested in talking about technology especially in the areas of bio augmentation, life extension, human computer interfaces, and cryptography. Carl has been active in the security community for over 6 years and has spoken at events in the past including toorcon, and toorcamp.

Similar Presentations:

• Notacon 2 (2005) / Security & the COTS vendor - an attempt at getting one to understand the other
• Diana Initiative 2022 / Vendor Risk Management for Beginners
• BSidesSF 2019 / Vendor Security: Where Our Data Goes We Follow