The Spectrum of Security Program Building
In this current era of rapidly advancing technology, most people forget that these technology advances also apply to malicious threat-actors and the techniques they utilize. These techniques are used to breach business systems in their attempts to access, obtain, and even potentially disrupt business-critical data, for various motivating factors. 2019, from the perspective of the media, as well as most business leaders, was the year of Ransomware. Yet, for all of this advancing technology, a very large percentage of companies who reported breaches this past year attributed them to a general lack of best practices, practices that the security industry has been expressing the need to improve for well over two (2) decades.
Why are so many organizations still lacking in the “Do the Basics Better” category? Many organizations have very legitimate reasons why they cannot achieve industry best-practice levels of vulnerability management, network segmentation, and others in the “Basics” category.
This talk will cover how organizations can prioritize their security initiatives based on current adversary trends, and adapt to ensure that the “Basics” are indeed better. It will also cover the other end of the enterprise security spectrum:
- understanding who are the threat-actor groups actively targeting your industry;
- what are their motivating factors;
- what are the techniques they are currently using in the wild.
Both ends of this spectrum are crucial in strategic security program building.
About Our Speaker
Rockie Brockway serves TrustedSec as the Practice Lead of the Office of the CSO. With over 25 years of experience in designing, building and managing systems and networks; auditing and enforcing network security and policy; incident response; pentesting; adversarial simulation; assessing vulnerabilities and threats; and analyzing likelihood and business impact, Rockie teams with organizations to understand the value and location of business critical data in an effort to further enable organizational innovation, achieve business outcomes and to protect the brand.
Rockie specializes in Information Security and Business Risk Management, the inherent relationships between business goals/process, assets, threats, controls and impacts. He offers perspectives on how adversaries may find value in that data and highlights the business impact and ramifications of the theft, disruption, and/or destruction of that information.