2019 National Cyber Summit

Summit Speaker Joe Vest

Session Information

Threat Gets a Vote - Applying a Threat-Based Approach to Security Testing
Wednesday, June 06, 2018 03:30PM - 04:15PM
Designing, building, deploying, operating, and managing a comprehensive security program is not an easy task. Pressures from every direction including: customers, compliance, management, peers, budget, public opinion, and news all influence or drive a security program. Although this process is complex and challenging, organizations are able to overcome these pressures to design and implement what is considered a robust security program. These programs pass audit and compliance checks, have robust patch management systems, conduct vulnerability assessments and penetration tests, and generally have good security hygiene. These are all great steps in defending a network from attack. Unfortunately, they still fall short achieving the primary goal of preventing, detecting, and responding to real threats. Why? What is missing?
This presentation dives into the shortcomings of security operations planning, design, implementation, and testing and how applying a threat-based security testing program can reduce these gaps to ultimately improve the state of security.
South Hall - Ballroom 2
Mr. Joe Vest photo
Mr. Joe Vest
Senior Operator
SpecterOps
Joe Vest has been involved with the information technology industry for over 17 years with a focus on red teaming, penetration testing and application security. In 2014, Joe co-founded the security consulting company MINIS LLC. In late 2017, MINIS merged with SpecterOps, greatly expanding the reach and influence of adversary emulation and mitigation through a unique insight into the cyber adversary mindset. Joe has vast experience as a leader, instructor, and developer in the cyber security field including, risk and compliance and red team operations. As a former technical lead for a DoD red team, he has extensive knowledge of cyber based threats and their tactics, techniques, and procedures including threat emulation and threat detection. Joe is the instructor and co-author of the SANS SEC564 Red Team Operations and Threat Emulation course. As a leading security professional, he has achieved numerous security certifications: OSCP, CISSP-ISSMP, CISA, GPEN, GCIH, GWAPT, GMOB, CEH, Security+

Twitter: @joevest
Linkedin: https://www.linkedin.com/in/joe-vest