2021 National Cyber Summit
The NCS planning committee has been faced with making difficult decisions as it pertains to the 2021 event. It is our ultimate goal to produce an in-person event. Therefore, we are excited to announce that the Summit will take place on September 28-30, 2021. We will continue to monitor COVID-19 conditions and take necessary action if needed to transition to a hybrid or virtual format.
skip navigation

Summit Speaker Joe Vest

Session Information

Threat Gets a Vote - Applying a Threat-Based Approach to Security Testing
Wednesday, June 6, 2018 3:30 p.m. - 4:15 p.m.
Designing, building, deploying, operating, and managing a comprehensive security program is not an easy task. Pressures from every direction including: customers, compliance, management, peers, budget, public opinion, and news all influence or drive a security program. Although this process is complex and challenging, organizations are able to overcome these pressures to design and implement what is considered a robust security program. These programs pass audit and compliance checks, have robust patch management systems, conduct vulnerability assessments and penetration tests, and generally have good security hygiene. These are all great steps in defending a network from attack. Unfortunately, they still fall short achieving the primary goal of preventing, detecting, and responding to real threats. Why? What is missing?
This presentation dives into the shortcomings of security operations planning, design, implementation, and testing and how applying a threat-based security testing program can reduce these gaps to ultimately improve the state of security.
South Hall - Ballroom 2
Mr. Joe Vest photo
Mr. Joe Vest
Senior Operator
Joe Vest has been involved with the information technology industry for over 17 years with a focus on red teaming, penetration testing and application security. In 2014, Joe co-founded the security consulting company MINIS LLC. In late 2017, MINIS merged with SpecterOps, greatly expanding the reach and influence of adversary emulation and mitigation through a unique insight into the cyber adversary mindset. Joe has vast experience as a leader, instructor, and developer in the cyber security field including, risk and compliance and red team operations. As a former technical lead for a DoD red team, he has extensive knowledge of cyber based threats and their tactics, techniques, and procedures including threat emulation and threat detection. Joe is the instructor and co-author of the SANS SEC564 Red Team Operations and Threat Emulation course. As a leading security professional, he has achieved numerous security certifications: OSCP, CISSP-ISSMP, CISA, GPEN, GCIH, GWAPT, GMOB, CEH, Security+

Twitter: @joevest
Linkedin: https://www.linkedin.com/in/joe-vest