Last year, the Conti ransomware group was a victim of their own style of operations when their playbook and other sensitive information ended up online.
Stay for a story ripped straight from a recent incident response engagement, where the threat actor did something rather unexpected after being paid the ransom: they actually left behind some notes on how to shore up defenses!
In this talk we will cover some PowerShell history but will mostly focus on the tool itself – both the IDE and basic command-line version.
We will see what you get “out of the box”, how we can add more function by downloading modules, and how we can create aliases and if we have to broach the subject of PowerShell programming.
All are encouraged to follow along and try the examples.
Student participation is encouraged – all are welcome to follow along on their own computers.
If there is space and time, I may be willing to be available for students who continue on their own and have questions or problems.
As hard as it might be to imagine, some teams are actively struggling with security throughout the SDLC. For folks who might not have security completely honed in, it can be overwhelming to even know how to start thinking about security for your web applications.
Fortunately, there is an awesome nonprofit community of security-focused professionals who have done a lot of work making it straightforward to correctly design and implement secure apps: Open Web Application Security Project, aka OWASP!
This talk will guide you through various tools OWASP makes freely available to test your application and make sure your apps stay secure.
This discussion covers how to get into the fields from a zero starting point and how to pursue initial employment. It then delves into promotion paths and escalating responsibilities to identify career paths and help viewers identify goal setting opportunities.
In this global, competitive marketplace, understanding where you are going and how you need to get there is essential to knowing what your career path is and how it relates to your personal preferences and objectives.
Using the NIST CSF and CMMI frameworks, we will walk through all the steps in an assessment process including determination, purchasing, execution, reporting, and certification. We will examine what goes into the maturity ratings, and how to conduct the assessment in a diplomatic manner to provide value and be efficient.
Attendees will obtain an solid understanding of what constitutes a quality framework assessment and what garbage looks like using examples drawn from 30 years of work at some of the largest, most exacting companies in the world.
As our organizations mature it is important for leaders in other parts of the organization to become invested in ensuring the safety of the organization’s data. This is what policies are for. Codifying the intent of leadership to require certain things be done for the good of the entire organization. As security professionals it is our job to help leadership understand the risks facing the organization and what can be done to help reduce that risk and obtain the buy in of leadership.
If we, as cybersecurity leaders and professionals in our organizations can help our peers in other parts of the organization understand risk and develop policies that help reduce those risks we will be making a huge step forward in improving and maturing the practice of cybersecurity.
*this is a work in progress and will be update, without notice.