Pre-Conference Workshops – Tuesday May 8, 2018
Atomic Red Team Framework Training – 8:00 AM – 12:00 PM
Speaker(s) – Casey Smith
As organizations deploy security solutions, it becomes imperative that these solutions are tested. We have developed a series of testing capabilities that map to the MITRE ATT&CK(™). This framework is called Atomic Red Team (ART). ART is a collection of tests and tools that can be used to assess a program’s ability to detect adversary techniques so they better understand their security posture. We believe that this framework represents an excellent catalog of post-exploitation activity. The test plans we have developed are small, discrete test that allow even small security teams to begin testing their environment. The aim of these tests is to drive better detection and hunting capabilities.
In this training, students will learn the basics and how to navigate the ART framework. We will build on this foundation to develop advanced test cases utilizing recent threat reports as test cases. In final, students will walk away with the confidence to contribute back to Atomic Red Team.
Resources Required: A Windows Computer ( Laptop or Virtual Machine ), Internet Connectivity, Administrator rights to install software on the Windows Computer. Our test framework can be found here: https://github.com/redcanaryco/atomic-red-team
Practical Dev(Sec)Ops – 8:00 AM – 4:00 PM
Speaker(s) – TBD
This course provides a pragmatic foundation for understanding the DevOps movement, how security fits with it, and how to make the jump to DevSecOps, integrating security programs into a DevOps initiative, as well as learning how to apply DevOps principles and practices to security programs.
Lesson 1: A Brief DevOps Primer
A general introduction to the DevOps movement, how it started, what it means, why it’s important, related initiatives, and key attributes.
Lesson 2: Applied DevOps
A detailed look at DevOps in action, with an emphasis on the practical and pragmatic. Discussion of how DevOps initiatives can be started, what sort of planning and strategic elements should be considered, and key security challenges.
Lesson 3: Applied DevSecOps
Discussion will pivot to addressing security challenges within a DevOps program, including how to best leverage DevOps to improve the security program itself. A wide range of topics will be covered, including application security and secure coding, audit and compliance, vulnerability and patch management, security as code, data analytics and reporting, and unique challenges and opportunities pertaining to logging, monitoring, detection, and response.
Auditing Cybersecurity and Data Analytics in Audit – 8:00 AM – 4:00 PM
Speaker(s) – Michael Kostanecki
During this course you will learn the details and approach of a typical Cybersecurity audit including understanding key risks and an organizations overall cyber security posture. In the second half of this course you will learn how to use Data Analytics to increase internal audit effectiveness, identify opportunities to analyze various data sources leading to powerful insights and resulting in improved decision making. These objectives will be demonstrated by reviewing a typical Cybersecurity audit workprogram along with various Data Analytic techniques and scenarios which will include real world client examples and applications with demos using ACL Analytics and other tools such as Tableau.
· Audit an organization’s cyber security posture and key risks
· Define audit evidence requests needed to evaluate an institution’s cyber security controls
· Examine ways to assess an organization’s cyber security maturity
· Recognize new and emerging cyber-attacks, threats, and vulnerabilities
· Discuss cyber security frameworks and assessment tools currently available
Data Analytics in Audit
· Create automated processes to eliminate routine manual analysis and increase internal audit effectiveness
· Learn how to use and translate data into a “story” about key characteristics or past trends
· Combine different data sources to increase opportunities for driving management insight
· How to capture data and what data to capture to achieve objective and the analyzation of data
· How to translate the data into a summary report meaningful to senior management
Cloud Security Training – 1:00 PM – 4:00 PM
Speaker(s) – Mohamed Malki
The half day Cloud Security session will immerse students/attendees into the new frontier of IT and security services delivery in the Cloud. Using proven engaged learning techniques, students will leave the session with a solid Cloud Security knowledge and skills combined with applied hands-on on the most popular Cloud Services Provider.
By the end of the session you will:
- Have a solid understandingof the Cloud Computing and Security based on NIST and ISO/IEC.
- Be able to evaluate security posture of any Cloud Service Provider (CSP) Using FedRAMP and CSA CCM.
- Be able to select, design, and deploy a secure cloud services based on the business requirements
- Use the knowledge and skill learned as a foundation to pursue popular Cloud Security Certifications such as CSA CCSK, ISC2 CCSP, and AWS Security.
To maximize the benefit of the class, student needs to:
- Come with a Curious, and eager mind to learn.
- Ask, Ask, and Ask questions
- Bring their own laptops to participate in the labs and capture valuable information
- Have an AWS free account.