Tactical Edge 2019

Rise of the Humans

I will discuss the evolution of the security industry over the past 25 years. How people, and psychology, and compassion must dominate the next 25 years

Subversion And Espionage Directed Against You

Industrial espionage is the practice of secretly gathering information about competing corporation or business interest, with the objective of placing one's own organization at a strategic or financial advantage. A common practice to achieve this advantage is to elicit information from unwitting individuals through what today is called social engineering (SE). We all hear the term SE so often that we become desensitized to it, thereby INCREASING the effectiveness of it against ourselves and organizations. Thus, will call it what it is - Human Intelligence, also known as HUMINT.

Presenting personal experiences as an Army counterintelligence agent with examples of military and industrial espionage, will examine tradecraft employed against individuals every day. We will apply lessons learned from the US military and the intelligence community by using two acronyms taught to Army counterintelligence agents: SAEDA (Subversion and Espionage Directed against the Army) and MICE (Money, Ideology, Coercion, Ego). By presenting different aspects of HUMINT collection efforts will enable individuals to possibly detect, deflect, and protect oneself from such actions.

There is no cloud, there's just someone else's regulator

Financial Institutions are one of the last industry verticals to embrace cloud, especially in Infrastructure-as-a-Service. This is for a variety of reasons. Most prominently there are significant challenges due to mass of regulations and compliance regimes banks face. I'll talk about what those issues are and how banks are addressing them.

Securing Systems: Still Crazy After All These Years

It's 2019 and we're still not sure if we have an accurate list of assets. We certainly can't guarantee they're all secure. The last penetration test was a bloodbath. Every day, we wonder if the breach will come.

The cycle of stress and worry CAN be broken, but each stage of securing systems has challenges. We'll analyze these challenges and provide strategies to address them. From asset discovery to hardening to vulnerability management - this talk will show how to build lasting confidence in the security we provide to our organizations.

Acquisitions, Mergers, and Partnerships: Performing Extensive Due Diligence using Open Source Intelligence (OSINT)

Come learn how to look beyond the ledgers and analyze FREE publicly available information to learn what questions you should be asking before you partner with, buy, or merge with another organization.

Botnets and Miners: The Weaponization of Monetization

Over the past year we have seen an evolution in botnets, from instruments of mass disruption to exploit-enhanced armies used for mining and control. Attackers have realized the wealth of resources in enterprise environments, locating cryptominers where they can profit most. But once inside those enterprise networks there are other opportunities to be mined for by both criminals and nationstate attackers.

As we move past outages to destructive payloads what should we expect when weaponization meets automation? This talk will present the evolution of botnets and miners from annoyance to adversary, and we need to reassess our attack surfaces for this growing threat.

Zero Trust & The Flaming Sword of Justice

Security breaches pervade the headlines. What was seen as a rare instance just 5 years ago now seems to occupy the daily news cycle. A lot of these data breaches are made possible due to missteps and misconfigurations. There are many security issues that are introduced into website authentication mechanisms that further compound the security issues in addition to enforcing bad behavior by the end users. Security debt is a real problem for the vast majority of organizations in the world today and the attackers will utilize this to their advantage. In addition to keeping system hygiene at front of mind defenders need to focus on proper network zone segmentation or, as it more popular term these days, zero trust networks. The old conceptual style of a castle wall and moat to defend a network was deprecated several years ago. As a result of the dissolution of the traditional perimeter a stronger focus has to be placed on the strength of authentication, authorization and trust models for the users.

The antiquated notion of an information security practitioner running through the office brandishing their flaming sword of justice above their heads screaming "thou shall not pass" has at long last reached it's denouement. Whether you are responsible for the security in a financial organization or one that makes teddy bears it is necessary to adapt and learn to trust but, verify.