If you have any special accessibility needs, please let us know at email@example.com before the Hackin’ Cast that you plan to attend and we will do our best to accommodate your needs.
|The Business Context of Offensive Security | Keyaan J Williams | 2-Hours
Successful UAB football coach “Bear” Bryant famously noted that “Offense sells tickets and defense wins championships.” This is true in football and in cybersecurity. Most championship-winning teams in the Super Bowl era had good offense and excellent defense, but it was the defense that often made a difference! Everyone in the security profession must recognize the value of strong defensive capabilities. The best defense comes from mature governance, risk management, and compliance (GRC) programs that are often boring and mundane. Penetration testing, red teaming, and threat hunting may be flashy and exciting to security professionals. However, buy-in and support from non-technical business leaders is difficult when security is disconnected from their priorities. A strong defense built around models like NIST 800-39 or ISO 31000 can connect business, IT, and security strategies in a way that engages the entire organization in security practices. This improves defense. It improves the value provided by conducting offensive security. Ultimately, it helps an organization win the cyber defense championship.|
Join the WWHF Discord Server to participate with the presenters and other attendees during the Hackin' Cast: https://discord.gg/wwhf
|6/30/2021||13:00 EDT||1.5 hours||Register|
|Technically Compliant – Evolving the Offensive Capabilities of your Compliance Team | Ean Meyer | 1 Hour
Compliance is often used as the predictable punchline to a joke about security. It’s viewed as the less technical cousin real security only plays with because their parents tell them to, “Now go play with the OCR HIPAA auditor. They only come once a year! See, look, they know about firewalls too. You like firewalls!” The trajectory of compliance’s expertise mirrors other fields. Take, for example, nursing. The relationship to the incorrect perception of nurses potential in the 1960s and 70s reminds us of a today’s compliance programs. Now nurses have advanced degrees, some can write prescriptions and diagnose possible problems. Nurses now function much more like doctors. Their value was refined and recognized. To achieve the same evolution, compliance professionals need to function more like penetration testers. Compliance must be technical. We need to move from checkbox compliance to offensive compliance! |
During this hour, we will discuss the idea and need for offensive compliance, treating the compliance framework as the target that needs to be tested. What are its weaknesses? How could it be “exploited”? How can we prove the environment we’re evaluating is giving a true representation of not only its controls but the systems that need to comply? We will discuss how to apply penetration testing tactics and tools to control validation, why this is important, and why the phrase “accurate and complete” may be the most powerful tool in the security toolbox. It’s time to create technical offensive compliance analysts, and we will talk about how!
Join the WWHF Discord Community to participate in discussion with the presenter and attendees: https://discord.gg/wwhf
|7/14/2021||13:00 EDT||1 hour||Register|