Disaster recovery, emergency response and business continuity plans are usually developed when no disaster exists. We think we?ve covered all contingencies. We think we?ve trained all the appropriate players. We?ve tested. We?ve re-tested. We think we?re ready to face whatever event there is looming out their with our name on it! The real world has a nasty habit of triggering disasters at the least opportune time, often featuring a twist that throws plans into disarray. This presentation focuses on three reasonable, real-world BCP plans, each of which had a fatal flaw. We will discuss elements that should be in a plan beyond the normal guidance from the Disaster Recovery Institute (DRI) and a set of actions that should be included in planning and preparation.

Valerie Thomas is an Executive Consultant and Security Ninja with Securicon, LLC. Ms. Thomas is a passionate security professional with a diverse technical and management background in vulnerability assessment, penetration testing, social engineering, and security compliance. Her strong educational and leadership background enables her to quickly employ new information and concepts in an operational environment. She has not only worked extensively in vulnerability and penetration assessment roles, she has also worked extensively in social engineering, data loss prevention and intrusion monitoring and prevention. Ms. Thomas is a recognized information security authority. Her recent speaking engagements have included conferences around the United States, as well as conferences in Europe and Asia. Valerie has spoken at DerbyCon, DefCon Shmoocon, Nordic Security Conference, BSides, and many others. In addition to many whitepapers and articles, Valerie recently co-authored the book from Syngress Publishing, titled Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats, currently available through Amazon and other sources. Harry Regan has close to 40 years experience in technology, security and privacy and has participated with a dozen new technology companies. Harry?s career began with a role in Operations Analysis and Industrial Engineering working with telecom traffic routing, chemical process control, rail operations and analyses of oil and gas operations.. In the mid 1990s, Harry joined NASDAQ as Director of Information Security Technology. In early, 2000, he joined LogicTier managing physical and cyber security for both the corporation and its customers and worked on the emergency response plan for the 2002 Salt Lake Olympics. After 9/11, Harry increasingly focused on the security issues surrounding critical infrastructure. Harry currently serves as VP of Security Consulting Services for Securicon, LLC.

@hacktress09 , @geezbox

Back to Derbycon 2016 video list