A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Red Teaming your Risk Management Framework - Keith Pachulski BSides Philadelphia 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Red Teaming your Risk Management Framework
Keith Pachulski
@sec0ps
BSides Philadelphia 2016

While most red team talks focus on the tools and tactics, this talk with take a compliance slant. Focusing on the NIST 800-53a revision 4 assessment framework, we will explain how the government definesred team testing. Afterwards, we will walk through all of the controls in the NIST risk management framework that are met using red team exercises. This can be used by CISO/CIO personnel to justify red team exercises or sales people to better focus their efforts from a technical approach to a compliance approach.

Keith Pachulski, Security Officer for Health Network Laboratories (HNL) and Security Consultant. Keith has over 23 years of experience in physical and information security realms. He is currently responsible for the development and management of the information security program at HNL. Previously he was responsible for the management and performance of onsite red team tests for Dell - SecureWorks. Additionally he performed physical and electronic penetration tests, web application assessments and wireless assessments. Prior to that, he was a CSO overseeing the operations of 13 companies and created/managed a Managed Security Services program for a private sector company supporting clients internationally. He has extensive experience working in the Federal sector performing vulnerability assessments, penetration testing and compliance assessments.

Recorded at BSides Philly 2016

Back to BSides Philly video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast