Blue teams across the world suffer from the lack of resources, short staffing, and immature tools and policies. Immature and insufficient defensive postures lead to reactive security where catching an intrusion is, at best, discovered hours after it occurs. Based upon years of experience in incident response with a major defense SOC, and performing IR across the commercial realm, this presentation highlights the classic failures and pitfalls that are continually found within networks targeted for attacks. These pitfalls are easily mitigated using best practices such as the Critical Top 20, and we’ll explore how these problems come to exist and how to secure them. Learn how to move from being reactive to being proactive and better your network’s defenses! (50 minute)
Tony Cook, a Navy veteran, has worked at Langley NASA, Joint Forces Command, Naval Cyber Operations Command, and the SPAWAR Network Security Operations Center. He has years of experience in pursuing unique targeted attacks against government assets and critical infrastructure and currently works to protect clients as an Incident Responder on the RSA Security IR team. He has numerous security certifications and is a bourbon connoisseur.