Pre-Conference Workshops – Tuesday May 8, 2018
Atomic Red Team Framework Training – 8:00 AM – 12:00 PM
Speaker(s) – Casey Smith
As organizations deploy security solutions, it becomes imperative that these solutions are tested. We have developed a series of testing capabilities that map to the MITRE ATT&CK(™). This framework is called Atomic Red Team (ART). ART is a collection of tests and tools that can be used to assess a program’s ability to detect adversary techniques so they better understand their security posture. We believe that this framework represents an excellent catalog of post-exploitation activity. The test plans we have developed are small, discrete test that allow even small security teams to begin testing their environment. The aim of these tests is to drive better detection and hunting capabilities.
In this training, students will learn the basics and how to navigate the ART framework. We will build on this foundation to develop advanced test cases utilizing recent threat reports as test cases. In final, students will walk away with the confidence to contribute back to Atomic Red Team.
Resources Required: A Windows Computer ( Laptop or Virtual Machine ), Internet Connectivity, Administrator rights to install software on the Windows Computer. Our test framework can be found here: https://github.com/redcanaryco/atomic-red-team
Auditing Cybersecurity and Data Analytics in Audit – 8:00 AM – 4:00 PM
Speaker(s) – Michael Kostanecki
During this course you will learn the details and approach of a typical Cybersecurity audit including understanding key risks and an organizations overall cyber security posture. In the second half of this course you will learn how to use Data Analytics to increase internal audit effectiveness, identify opportunities to analyze various data sources leading to powerful insights and resulting in improved decision making. These objectives will be demonstrated by reviewing a typical Cybersecurity audit workprogram along with various Data Analytic techniques and scenarios which will include real world client examples and applications with demos using ACL Analytics and other tools such as Tableau.
· Audit an organization’s cyber security posture and key risks
· Define audit evidence requests needed to evaluate an institution’s cyber security controls
· Examine ways to assess an organization’s cyber security maturity
· Recognize new and emerging cyber-attacks, threats, and vulnerabilities
· Discuss cyber security frameworks and assessment tools currently available
Data Analytics in Audit
· Create automated processes to eliminate routine manual analysis and increase internal audit effectiveness
· Learn how to use and translate data into a “story” about key characteristics or past trends
· Combine different data sources to increase opportunities for driving management insight
· How to capture data and what data to capture to achieve objective and the analyzation of data
· How to translate the data into a summary report meaningful to senior management
Cryptocurrencies, Security and You – 8:00 AM – 4:00 PM
Speaker: Jared Nishikawa, SecureSet
Starting with Bitcoin in 2009, cryptocurrencies have gradually become more and more popular across the world. At one point early on, there was a 10,000 BTC transaction that was used to purchase… two pizzas. As of this writing, that amount in Bitcoin would be worth more than 100 million USD. It’s staggering to think that a digital currency is even possible, given the rampant presence of vulnerabilities and exploits on the internet. Still, with some minor setbacks, cryptocurrencies have continued to be grow in value and popularity. To a layperson, the whole technology is all very mystifying. How does it even work? Can my digital money be stolen? What is a blockchain? In this session, we will lecture on the basics of how a cryptocurrency works. This will cover basic concepts from public key cryptography, as well as innovations in cryptocurrency research. We will also run interactive demonstrations for the audience to participate in, which will hopefully illustrate more concretely how a cryptocurrency ecosystem functions.
Topics to be covered during lecture:
· The basics of public key crypto
· Distributed consensus
· Proof of work, proof of stake
· The blockchain
· Cryptocurrency mining
Security topics for discussion:
· The 51% attack
· Cold vs hot wallets
· Keeping your coins safe
Interactive project #1:
· Networked lab environment for participants
· Minimally functional cryptocurrency
· Python code to be run on all platforms
· Brief walkthrough of code
· Simulation of mining/transactions by participants
· Discussion of cryptocurrency design
Interactive project #2:
· Explore digital signatures
· Create and verify transactions using signatures
- The basics of public key crypto
- Distributed consensus
- Proof of work, proof of stake
- The blockchain
- Cryptocurrency mining
- The 51% attack
- Cold vs hot wallets
- Keeping your coins safe
- Networked lab environment for participants
- Minimally functional cryptocurrency
- Python code to be run on all platforms
- Brief walkthrough of code
- Simulation of mining/transactions by participants
- Discussion of cryptocurrency design
- Explore digital signatures
- Create and verify transactions using signatures
Practical Dev(Sec)Ops – 8:00 AM – 4:00 PM
Speaker: DJ Schleen
This course provides a pragmatic foundation for understanding the DevOps movement, how security fits with it, and how to make the jump to DevSecOps, integrating security programs into a DevOps initiative, as well as learning how to apply DevOps principles and practices to security programs.
Lesson 1: A Brief DevOps Primer
A general introduction to the DevOps movement, how it started, what it means, why it’s important, related initiatives, and key attributes.
Lesson 2: Applied DevOps
A detailed look at DevOps in action, with an emphasis on the practical and pragmatic. Discussion of how DevOps initiatives can be started, what sort of planning and strategic elements should be considered, and key security challenges.
Lesson 3: Applied DevSecOps
Discussion will pivot to addressing security challenges within a DevOps program, including how to best leverage DevOps to improve the security program itself. A wide range of topics will be covered, including application security and secure coding, audit and compliance, vulnerability and patch management, security as code, data analytics and reporting, and unique challenges and opportunities pertaining to logging, monitoring, detection, and response.
Cloud Security Training – 1:00 PM – 4:00 PM
Speaker(s) – Mohamed Malki
The half day Cloud Security session will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.
By the end of the session you will:
- Have a solid understandingof the Cloud Computing and Security based on NIST and ISO/IEC.
- Be able to evaluate security posture of any Cloud Service Provider (CSP) Using FedRAMP and CSA CCM.
- Be able to select, design, and deploy a secure cloud services based on the business requirements
- Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security.
To maximize the benefit of the class, student needs to:
- Come with a Curious, and eager mind to learn.
- Ask, Ask, and Ask questions
- Bring their own laptops to participate in the labs and capture valuable information
- Have an AWS free account.
CISO Leadership Forum – 1:00 PM – 4:00 PM
Join your peers for an afternoon of guided discussions around four of the most relevant topics in security – IAM, Cloud Security / Devops, Security Operations and Risk & Compliance. Experts from each of these areas will walk us through innovations in their area, and solicit feedback on how these changes impact our security programs.
Security Leadership Forum participants are required to be executive/senior-level information security professionals reporting directly to the CEO, CFO, CIO or the equivalent. We are also including executive/senior-level internal audit leaders in this year’s forum. The Security Leadership Forum is designed to include participants from companies with more than 200 employees. Attendance is open to qualified executive-level direct reports of the organization’s CISO or CAE. Individuals should be responsible for information security or internal audit at the corporate or enterprise level within their organizations, be interested in discussing sensitive security issues with their peers, and be willing to share professional experiences.
- Participants will be reviewed to ensure qualifications are met and may not be permitted to participate if you don’t meet the qualifications.
CISOs and CSOs
Chief Audit Executives (CAEs)
IT Audit Leadership team
Senior Compliance Executives
Security Leadership Forum participants employed by a company that sells a security product or service must meet the following additional requirements:
- The organization must have a clear separation between the internal security or research practitioner and those involved in sales, marketing or product management.
- The organization must have a minimum of 200 employees or a minimum of 2 direct reports to the participant.
- The attendee must certify that he or she is not involved with the sales, marketing or product management of security products or offerings.