BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: Hundreds of incidents\, what can we share?\n When: Friday\, Aug 12\, 10:35 - 11:25 PDT\n Where: LINQ - BLOQ (SkyTalks 303) - [1]Map\n Speakers:Brenton Morris\,Guy Barnhart-Magen\n\n SpeakerBio :Brenton Morris\n Sr Incident Responder at Profero. Brenton leads Incide nt Response\n engagements on a daily basis. From sophisticated cloud att ackers to\n ransomware events. Brenton has a unique set of combined secu rity\n research and devoper experience\, allowing him to resolve many\n cyber-attacks while fully understanding the impact on production\n sys tems.\n Twitter: [2]@_scrapbird\n\n SpeakerBio:Guy Barnhart-Magen\n With nearly 25 years of experience in the cyber-security industry\, Guy\n held various positions in both corporates and startups.\n\n In his rol e as the CTO for the Cyber crisis management firm Profero\n his focus is making incident response fast and scalable\, harnessing\n the latest te chnologies and a cloud native approach.\n\n Most recently\, he led Intel ’s Predictive Threat Analysis group who\n focused on the security of m achine learning systems and trusted\n execution environments. At Intel\, he defined the global AI security\n strategy and roadmap. He spoke at d ozens of events on the research he\n and the group have done on Security for AI systems and published\n several whitepapers on the subject.\n\n Guy is the BSidesTLV chairman and CTF lead\, a Public speaker in well\n known global security events (SAS\, t2\, 44CON\, BSidesLV\, and several\ n DefCon villages to name a few)\, and the recipient of the Cisco\n black belt” security ninja honor – Cisco’s highest\n cybersecurit y advocate rank.\n\n He started as a software developer for several secu rity startups and\n later spent eight years in the IDF. After completing his degrees in\n Electrical Engineering and Applied Mathematics\, he fo cused on security\n research\, in real-world applications.\n\n He join ed NDS (later acquired by Cisco). He led the Anti-Hacking\,\n Cryptograp hy\, and Supply Chain Security Groups (~25 people in USA and\n Israel).\ n\n Twitter: [3]@barnhartguy\n\n Description:\n There are two types of organizations\, those that were breached and\n those that are not war e yet...\n\n For most organizations\, it is easier to buy blinky lightbo xes and tick\n various compliance boxes (ISO27001 looking at you!) than improve their\n security posture.\n\n We repeatedly see in the field t hat the vast majority of incidents\n could have been contained or even p revented if the effort had been\n spent in the right place.\n\n We hav e some good statistics on what works\, what can help\, and what is\n gen erally a waste of effort with hundreds of incidents handled.\n\n Most of the organizations that we see get breached are not Fortune 500\n compan ies\; they don't have colossal security budgets - but they do\n have a d edicated team that is doing their best to make a difference.\n\n In this talk\, we will cover some of our experience in what works in\n the real world and how you can focus your efforts on getting the\n correct data to respond and close incidents fast.\n\n Invariably\, the goal is not to have 100% security (no one will fund\n that!) but to get the business b ack on its feet ASAP and resume\n business operations. Planning for that takes dedication and focus -\n but it can be done! \n\n we will focu s in our talk on the pillars that would make your incident\n response pl an work: Getting the right team in place\n Communication!\n Data colle ction\, access to systems\n Access to forensics and response tools when you need them\n\n This talk will outline common gaps and compare example s of these two\n types of organizations from actual incidents to highlig ht the\n real-life implications of lack of preparation\, which affects t he\n outcome of an incident.\n\n '\n\n 1. https://defcon.outel.org/c onsolidated_page.html#Linq\n 2. https://twitter.com/_scrapbird\n 3. ht tps://twitter.com/barnhartguy\n\n\n DTEND:20220812T182500Z DTSTART:20220812T173500Z LOCATION:SKY - LINQ - BLOQ (SkyTalks 303) SUMMARY:Hundreds of incidents\, what can we share? END:VEVENT END:VCALENDAR