A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


We're a Shooting Gallery, Now What? - Joseph Tegg Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

We're a Shooting Gallery, Now What?
Joseph Tegg
Derbycon 2016

The Red Team / Pentest Team just handed our CISO a report that says the network is a ?Shooting Gallery?. Sure, we test, just like everyone else. We use internal or 3rd party pentest / red teams to evaluate our security controls and policies in an effort to reduce the risk exposure, and the results are always the same. This discussion will shine the light on one of the often overlooked critical processes in a mature vulnerability management program: looking past individual findings to discover root causes and address the true systemic problems that make the enterprise network a perennial shooting gallery.

Joe has been involved in information technology and security for over 20 years. Starting with a simple challenge to root a shelled server, morphing into a unix sysadmin, and diving into enterprise vulnerability management. Now, as a passionate Rapid7 senior security consultant, he has experience in all aspects of risk assessment, mitigation strategy and processes. He provides strategic insight, asks the difficult questions, and drives the conversations that Vulnerability Management teams should be having with their CISOs and CIOs. As a Florida native, urban redneck, backcountry explorer, experienced technical cave diver, and father, his demeanor and delivery can be thought provoking, educating and hilariously awkward at the same time.

@AvgJoeSecurity

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast