According to the Verizon data breech report, most of the attacks in the news were not that difficult, and would have been prevented with practical security fundamentals, yet, we continue to see all of these large companies failing at the fundamentals of defense? Why!

In this presentation I will discuss the importance for developing robust ingress and egress filtering to mitigate the threat of sophisticated malware. I will discuss the steps you need to take to defend from the majority of the known attacks. I will show the need and importance for analyzing your systems live memory. The talk will conclude with essential endpoint protections to deploy now! It is time we test the skills of the hacktivists and start at least doing the fundamentals right. Before we worry about the APT, let’s get the Basic Persistent Threat (BPT) taken care of!

Bio:

Kevin Cardwell served as the leader of a 5 person DoD Red Team that achieved a 100% success rate at compromising systems and networks for six straight years. He has conducted over 500 security assessments across the globe. His expertise is in finding weaknesses and determining ways clients can mitigate or limit the impact of these weaknesses.

He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia and the UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense and Advanced Penetration Testing courses. He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer Forensics. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences. He has chaired the Cybercrime and Cyberdefense Summit in Oman and was Executive Chairman of the Oil and Gas Cyberdefense Summit. He is author of Bactrack: Testing Wireless Network Security and Building Virtual Pentesting Labs for Advanced Penetration Testing.  He holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy and Training Development Plan for the first Government CERT in the country of Oman that recently was rated as the top CERT for the Middle East. he serves as a professional training consultant to the Oman Information Technology Authority, and developed the team to man the first Commercial Security Operations Center in the country of Oman.  He has worked extensively with banks and financial institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure architecture and implementing requirements to meet compliance. He currently provides consultancy to Commercial companies, governments, major banks and financial institutions in the Gulf region to include the Muscat Securities Market (MSM) and the Central Bank of Oman. Additionally, he provides training and consultancy to the Oman CERT and the SOC team in the monitoring and incident identification of intrusions and incidents within the Gulf region.

Back to ShowMeCon 2014 video list