Got DA?

Penetration Tests and/or Red Team Engagements are usually aimed at getting the highest level of privileges in an organization’s Active Directory domain aka Domain Admin. However, what most teams miss or simply ignore is the fact that there are things that can be done even when you have obtained Domain Admin privilege. This talk’s primary […]

Read more

Catching and Cleaning Phish (for O365)

Attackers keep getting cleverer with their phishing attacks and if you’re a high value target or a large enterprise you’re probably also getting many targeted attempts every day. This session will cover the best practices for O365 for detecting, removing and investigating phishing attempts against an O365 tenant.

Read more

Visualizing Your Security Posture from Link, to Gateway, and Beyond

The intersections between IT, OT, and (I)IOT has continued to fuse multiple domains within the organization. And in a world where we need to fully understand our security posture and react to the world around us, visualization is key. During this presentation we will dive deep on the toolsets, tradecraft and methodologies to render (visualize) […]

Read more

Enabling Zero Trust with Artificial Intelligence

The Zero Trust security model assumes a hostile network with relentless external and internal threats. Authenticating and authorizing every device, user and network flow requires real-time algorithmic processing of telemetry from as many sources of data as possible. Applying mature machine learning data science to the Zero Trust problem provides a wholistic solution to multiple […]

Read more

The Tools of a Web App Pentester

During a web application penetration test, a tester often encounters different technology stacks and security controls implementations that requires the use of different tools and testing approaches. While commercial tools are often available for these specific scenarios – these can be hard to get in a short time frame (and can be very costly if […]

Read more

Risk Transformation: Plan-Build-Run in a World Without Time

Life is rough for a security leader! The security product landscape is increasingly complicated but seems to always lag behind malicious actor capabilities. Organizations need proven security programs that demonstrate visible ROI, but once-vaunted security concepts have been sacrificed upon the altars of speed and mobility. Organizational leadership-level involvement has never been greater, offering access […]

Read more

Step by step AWS Cloud Hacking

This talk focuses on real-life exploitation techniques in AWS cloud and the tools used to perform them. We will focus on these steps: Identify a server-side request forgery Gain access to instance meta-data credentials Enumerate IAM permissions Privilege escalation Connecting to internal VPC services via VPN Multiple tools, such as nimbostratus, enumerate-iam, Pacu and vpc-vpn-pivot […]

Read more

Revitalizing the Scotiabank SOC with Big Data Security Analytics and Automation

Behavioral analytics helps IT professionals predict and understand consumer trends, but it can also assist CISOs in understanding potential threats—and unearthing them before they wreak major havoc. Additionally, automation helps to respond rapidly, thus reducing your mean time to resolve (MTTR) and improve SOC efficiency. Join this session to discuss: Using behavior analytics as a […]

Read more

Identity – the Foundation of your Zero Trust Architecture

The evolution to a mobile and cloud-first approach to IT has made the old perimeter-centric view of security obsolete. We are opening our systems, information, and businesses to access from anywhere at any time. In this new reality we need to securely enable, manage, and govern access for all users, from employees to partners, customers, […]

Read more

Beyond the Ones and Zeros: Aligning Effective Infosec and People Leadership Principles

It was the best of times, it was the worst of times… that pretty much sums up infosec today. We can’t figure out how to align to our businesses effectively, we love our silos, and constantly hire the wrong people. This presentation will address common issues in information security and people leadership areas, giving you […]

Read more

Car Hacking on Simulation

Cars are no longer simply mechanical. While they may be getting more advanced that doesn’t mean they are immune to hacks. One particularly sensitive entry point for hacking a car is the legally required OBD II port, which is basically “the Ethernet jack for your car”. This port works on a signaling protocol called CAN […]

Read more

Using Static and Runtime Analysis to Understand Third-Party Applications

Modern software applications are complex, highly integrated collections of components, authored by dozens or even hundreds of individuals, and the rise of open source has taken this complexity to the next level. As an end-user, how well do you understand what a piece of software is *actually* doing, under the hood? Is your favorite string […]

Read more

OWASP Find Security Bugs: The community static code analyzer

The Web application development lifecycle has numerous security activities. For developers, code review is a familiar recurring activity. To support Java developers, a project was started in 2012 called, “Find Security Bugs” (FSB). It is an extension of the SpotBugs project, formerly known as FindBugs. FSB is a community static analysis tool which targets specific vulnerabilities. Over the years FSB has evolved from a limited tool to a solid coverage of bug […]

Read more

The Race Against the Adversary: How to Win in the Era of the 18 Minute Breach

This exclusive session delves into the details of some of CrowdStrike’s most eye opening breach investigations of the past year and highlights the need for speed in modern security operations centers. See new research on “breakout time” and learn how you can use the 1-10-60 Rule to benchmark your organization and see if you have […]

Read more

AI, Intelligently. A Current Look into AI in Cyber Security.

Algorithms are being used to choose who lives and who dies. Computers are being programmed to make ethical decisions that impact every facet of our lives. Based on the ethics of cyber-criminals, Check Point has made another gigantic leap forward by teaching our gateways to use algorithms to detect the DNA of Malware in an […]

Read more

Data Governance for Risk Reduction and Value Creation

In this session, we will explore how organizations can adopt a single data governance framework to discover and protect sensitive data while mitigating cyber risks, reducing storage costs and addressing increasing privacy regulations.

Read more

Your Tools are Protecting the Network but What is Protecting the Tools?

With the increased focus on cybersecurity over the past several years, organizations are proactively adopting security practices and deploying security solutions to harden their networks. This is in the hopes of not being the next victim of a security breach. The emphasis on securing the network perimeter has driven organizations to deploy multiple inline security […]

Read more

Expand your cybersecurity program with complete visibility!

As enterprises face pressure amid growing internal and external compliance requirements, these organizations are looking for ways to expand visibility throughout their environments. Mark Holub offers insights on how companies can gain visibility throughout their environments to improve asset management, software inventory, vulnerability assessment, configuration compliance and more. Using real-world examples and forward-looking principles, Mark […]

Read more

Modern MDR and Machine-Accelerated Human Response

The cybersecurity market is teeming with new tools and technologies, each promising to detect and respond to threats better than the rest. But if your business is like most, you’re probably struggling with a shortage of security-focused manpower and expertise to manage those tools with skill, speed, and precision. The reality is that effective security […]

Read more

Phishing Defense: The Art of Human Intuitive Repulsion

As human beings we often sense when things aren’t quite right. The same is true as it applies to cybersecurity. This session examines why human intuition is a key part of any organization’s phishing defense. Learn about the types of phishing attacks seen in the wild, how attackers evolve their tactics to avoid perimeter controls, […]

Read more

Chaos, order and the road forward – perspectives on evolving cybersecurity

Never before has the creation and preservation of value depended so much on effective cyber security, nor has the means to “getting security right” been so complex. Many aspects of traditional security management are urgently being reconsidered as security teams seek to stay aligned with the characteristics of the modern enterprise and ahead of the […]

Read more

The Value of Threat Intelligence

This presentation is a non-technical look at the benefits of threat intelligence and the challenges that organizations face when attempting to utilize and operationalize threat intelligence within their infrastructure. Existing resources (human and infrastructure), security tools, the difference between threat data sources and cybersecurity program maturity are just a few of the areas we will […]

Read more

Key elements to prioritizing security vulnerabilities and risks

Join Scalar, a CDW Company for a discussion on the key elements to prioritizing your security vulnerabilities and risks. Taking a holistic approach to risk management, we will help you understand how to follow best practices and manage your risk effectively and efficiently. Darren and Benjamin will go through some of the key elements that […]

Read more

Code Signing: What You Don’t Secure Can Hurt You

When you sign a piece of code, you make a statement that it comes from your trusted brand and that you stand behind it. But what happens when that trust is broken? Recent attacks underscore the importance of managing reputational risk. As attackers become increasingly skilled in the art of signing and spreading malware, technologists […]

Read more

ARUBA + ZSCALER = Better Together Network Transformation

Risk is a balance between security and usability, when security is too restrictive users naturally find ways around it. As organizations seek to improve the user experience and while maintaining the required level of security, questions of risk arise. How do we deploy Cloud solutions with direct to Internet connectivity and still maintain visibility over […]

Read more

Threats and Trends of 2019

Amidst the ever-evolving threat landscape, 2018 was a particularly nasty year that saw an increased threat of cryptojacking to the ever-expanding reach of emotet and all of its variants. In 2019 these threats – and others – have expanded their reach and shifted away from SMBs towards enterprise businesses. Join me for a dive into […]

Read more

Embracing a Risk Adaptive Approach to Data Protection

It is no surprise that many organizations are undergoing a digital transformation in response to a rapidly evolving security landscape. The migration to cloud, the rise in a mobile workforce, rapid proliferation of data and increasing need to collaborate across cloud applications present an added layer of complexity for organizations building out a security strategy. […]

Read more

Advanced security automation made simple

Security is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review a few advanced security processes and discuss how to easily automate them using common tools in the Cloud. This approach will help you and your team increase the security […]

Read more

Tony Stark and Cybersecurity

With 23 MCU movies, I have learned some valuable lessons surrounding cybersecurity. Why didn’t Jarvis run on a segmented network (Avengers: Age of Ultron)? Why didn’t Edith have 2-FactorAuthentication (Spider-Man: Far from Home)? Let’s explore how, if Shield had implemented cybersecurity frameworks such as Mitre ATT@CK, they could have saved New York with much less […]

Read more

Career Panel and Career Fair 2019

Whether you are looking for industry insight, your first job, changing careers or professional development, the Career Panel and Career Fair at SecTor 2019 is for you. Join our panelists as they answer your questions and debate how different segments of the industry are viewing the type of talent they want to gain, train and […]

Read more

Introduction to Advanced Persistent Threats

This presentation is a non-technical, introductory-level presentation of current APT threats (from a North American perspective). The focus of this presentation will be the geo-political environment that motivates APT activity from one nation-state to another. We will cover a selection of nation-state activities, focusing on the most prevalent and prolific. We will additionally cover a small selection of […]

Read more

Use the Tools You Have: Threat Detection and Hunting in Azure

As organizations continue their love affair with cloud services, critical components are increasingly exposed to threats in ways that can be easy to miss with traditional on-premises tools and technology.  On the other hand, major cloud-services providers have been stepping up their game and are (for a price!) providing the blue team with new ways […]

Read more

How much Cyber Insurance Do You Need, or Do You Need it at All?

Executives and the board face difficult decisions to determine whether cyber insurance is worth the spend and what limit to buy. Quantifying the financial costs of potential cyber incidents provides objective grounding for decision-making and reduces reliance on gut feeling, fear or intuition. However, cyber risk assessments usually don’t quantify the financial cost to the […]

Read more

Keyspace Reduction in Mechanical Locks

This quick-moving talk will cover techniques for reducing the range of combinations or keys you need to attack to successfully open a lock. There will be some math…but I’m not particularly good at math so it definitely won’t get complicated. We will cover a number of fun topics like decoding combination locks, figuring out how […]

Read more

Developing Your Career in IT Security (2018)

Whether you are looking for industry insight, your first job, changing careers or professional development, this year’s Developing Your Career in IT Security panel and networking session in the Keynote Hall on Tuesday, October 2 from 2:55pm is for you. Join our panelists as they answer your questions and debate how different segments of the […]

Read more

Behavior Analytics and Model Driven Security

Imagine using a risk score to determine whether to grant a user access to an application, a system, a device. Wouldn’t it be a huge time-saver if you could auto-approve low risk access requests instead of manually granting such requests? On the flip side, wouldn’t it be great to automatically ensure that privileged access requests […]

Read more

Weapons of a Pentester – 2018 Edition

In this session Nick will demonstrate and review a list of physical and digital tools used by professional pentesters and red teams in the industry.

Read more

The Human Firewall is on Fire – What Do You Do When the Smoke Clears?

Many enterprises are focused on prevention and are too busy with day-to-day firefights to look beyond the flames and think about how to recover. Beyond preventing attacks, organizations need to focus on detection and response. It’s no longer a matter of if you’re going to be attacked, but when. Join this session to: Learn the […]

Read more

Reinventing PC & Printer Security

It’s no longer a matter of “if”, but “when”. As the world becomes more mobile and connected, cyberattacks continue to rapidly grow in frequency and sophistication, placing your company’s data and personal information at risk. Are you protected? While organizations are aware of the growing threat, most are overly focused on security software and data […]

Read more

Extending Your Incident Response Capabilities with Sysmon

This presentation will introduce attendees to the free Sysinternals tool, Sysmon. Are you an incident responder? SOC analyst? Does your job require you to work with Windows event logs? Do you need to reconstruct attacker timelines? We will look at the Sysmon tool and compare its outputs to standard EVT logs Look at how Sysmon […]

Read more

Heimdall: Vulnerable Host Discovery and Lifecycle Monitoring Toolkit

Heimdall assumes that when a new vulnerability is disclosed, and an exploit goes public, criminals build scanners in order to detect the machines reachable on the internet which are affected by the new vulnerability. If these machines are found and compromised, they are often used by criminals for other activities (C&C panel, redirect to cloned […]

Read more

Angad: A Malware Detection Framework Using Multi-Dimensional Visualization

Angad is a framework to automate classification of an unlabeled malware dataset using multi-dimensional modelling. The input dataset is analyzed to collect various attributes which are then arranged in several feature vectors. These vectors are individually visualized, indexed and then queried for each new input file. Matching vectors are labelled as per their AV detection […]

Read more

Cybersecurity Evolution/Cost Reduction Paradox

The shift from legacy data collection and storage models to cloud has resulted in new paradigms in data management. Add to this more sophisticated and motivated adversaries, along with innovation in the manner in which they attack, and it yields a perfect storm of a complex attack surface, combined with multi-phased and multi-vector attacks. Today’s […]

Read more

Minority Report: A Predictive “Pre-crime” Approach Requires a Human Focus

In Philip K. Dick’s 1956 “The Minority Report,” murder ceased to occur due to the work of the “Pre-Crime Division,” which anticipated and prevented violent killings before they happened. Today, we are only beginning to see the impact of predictive analytics upon cybersecurity—especially for insider threat detection and prevention. Based on user interaction with data, […]

Read more

Achieving Secure Digital Transformation: Turning the Dream into Reality

As we’ve talked with more and more of our clients about their digital transformations, it has become clear that security is a key facilitator for successful transformation. For example, if an organization churns out a series of new cloud-hosted mobile applications that permit users to more effectively interact with the company, the initiative can backfire […]

Read more

Orchestrate. Automate. Accelerate.

As today’s digitally connected ecosystem continues to evolve, adapt and innovate, there has been a consistent, underlying theme across the landscape – teams are struggling to balance their increasing workloads with the limited resources at their disposal. As a result, it is becoming more difficult for Security, IT and DevOps teams to accomplish their goals, […]

Read more

Standing Up to Cryptojacking – Best Practices for Fighting Back

Cryptojacking has recently erupted onto the cybercrime scene, thanks to the surge in value in 2017 of cryptocurrencies such as Bitcoin, Monero, and Ethereum. Crooks are aggressively targeting laptops, desktops, servers, and even mobile devices. From a single device to entire networks, they infect as many devices as they can to mine for cryptocurrency on, […]

Read more

Internet of Things: Is Winter Coming?

The concept of the Internet of Things (IoT) truly represents a radical shift in how companies will operate, governments will govern, and individuals will live their lives. Microcomputetechnologies and autonomous systems will permeate our day-to-day activities. They will introduce opportunities for simplification, optimization and accuracy, and they will threaten to distribute cyber threats into the deepest […]

Read more

Streamlining Compliance Programs for Operational Security

Enterprises today face pressure to improve security posture while also satisfying growing compliance requirements. These organizations are looking for ways to both unify their controls to measure and achieve multiple compliance requirements, and ways to assess them on a continuous basis for effective reporting and risk-based decisions. Mark will offer insights on how companies can focus their efforts, […]

Read more

The Real Deal About AI

Artificial Intelligence(AI) is impacting our world in previously unimaginable ways. But how does it really work? If you are looking for the real deal about this industry buzzword, this is the talk for you. We will cover the history of this incredibly innovative technology, what it is and what it is not, the steps required […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!
Fields marked with an * are required