One of the greatest shortfalls we have in information & cyber security is we overlook our objective and become fixated on process over outcome . Whilst compliance, governance and standards have aided in lifting broader baselines, our disregard for the threat leaves us ill-prepared and inefficient. I have spent the past 15 years focusing on threat driven activities including penetration testing, red teaming and understanding how threat actors behave. I wanted to share some of my insights, approaches to threat modelling as well as employing red team activities to inform and prepare our organisations.
Key activities of the session will include:
A framing of context and understanding historical employment of threat driven activities.
The nature, evolution and current employment of threat modelling activities.
Experiences from the front line: how we conduct adversarial activities, including tactics, techniques and engagement strategies.
Ongoing activities, sustainment, deliverables and considerations.
By the end of this session, attendees will have an appreciation for threat focused activities within cyber security.
understanding of historical and current application of threat driven strategies
awareness of information, resource requirements and methods for employment of threat driven activities.
Introduction to adversarial tactics, techniques and procedures.
Director & Principal Consultant,
Mercury Information Security Services Pty Ltd
You must be logged in and own this session in order to