Thinking Like a Cyber Attacker: Strategies for Defense

Increasingly, enterprises are discovering that the best way to test and defend their organization is to view their IT environment from the perspective of an attacker. But how do you predict an attacker's motives and simulate their methods, and how do you know that you aren’t overlooking key vulnerabilities? In this Dark Reading webinar, experts discuss methods for testing your security’s mettle by thinking like your adversary.

Available:
Thu, Jun 06, 2019 10:00 AM PDT / 01:00 PM EDT
Duration:
1h 00min

Attend this webinar and you'll learn how to:

  • Tell the difference between the assets most valuable to your organization and the assets most valuable to attackers
  • Better understand attackers' tools and techniques, and how they vary by attack type
  • Get the most out of your cybersecurity investments by better prioritizing your defenses

Featured Speakers

  • Chris Eng
    Chris Eng
    Chief Research Officer
    Veracode

    Chris Eng is Chief Research Officer at Veracode. A founding member of the Veracode team, he currently leads all security research initiatives including applied research, product security, and Veracode Labs. Chris has led projects breaking, building, and defending software in a career spanning nearly two decades. In addition to research, he consults frequently with stakeholders to advance application security initiatives. Chris is a frequent speaker and occasional review board member at premier industry conferences. Bloomberg, Fox Business, CBS, and other prominent media outlets have featured Chris in their coverage.

    Prior to Veracode, Chris was technical director at Symantec (formerly @stake) and an engineer at the National Security Agency. Chris holds a B.S. in Electrical Engineering and Computer Science from the University of California.

  • Gal Shpantzer
    Gal Shpantzer
    Independent Security Professional

    Gal Shpantzer has over 15 years of experience as an independent security professional and is a trusted advisor to CISOs of large corporations, technology and pharma startups, Ivy League universities and non-profits/NGOs. Since 2014, Gal has focused on emerging threats to availability as well as confidentiality (ransomware and destructive attacks). Gal has been involved in multiple SANS Institute projects since 2002, including co-editing the SANS Newsbites, revising the E-Warfare course and presenting on cyberstalking, CAPTCHAs, endpoint security and hardware roots of trust. In 2009, he founded and led the privacy subgroup of the NIST Smart Grid cybersecurity task group, resulting in the privacy chapter of NIST IR 7628. He is a co-author of the Managing Mobile Device Security chapter in the 6th ed. Vol 4 of the Information Security Management Handbook (2010) with the late Dr. Eugene Schultz, and is a technical editor of an upcoming O'Reilly book on defensive security (2017). Gal collaborated with Dr. Christophe Veltsos to present the ongoing Security Outliers project, focusing on the role of culture in risk management at RSA, CSI, BSides and Baythreat conferences. Most recently, he was involved as a subject matter expert in the development of the U.S. Department of Energy’s Electric Sector Cybersecurity Capability Maturity Model (ESC2M2) in 2012, and is launching the Incident Response Execution Standard project late 2016. Gal was also involved in the Infosec Burnout research project and co-presented on this topic at BSides-Las Vegas and RSA.

  • Sara Peters
    Sara Peters
    Senior Editor
    Dark Reading

    Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.

Sponsored By