September 23
(Hands-On) - Day 1
This class focuses on the "purple team" approach which focuses on attacking and working on building detections based on the attacks applied. Participants will be provided with everything they need to understand how to conduct attacks as well as how to best detect them in a large environment. This class will go through the tactics, techniques, and procedures (TTPs) of attacks while building knowledge around how to write rules that focus on the behavior exhibited by them to better refine detections within an organization.
“Never trust, always verify”. Zero Trust Architectures have gained undeniable popularity in the last few years. However, questions about how to institute, integrate and manage it remain. This summit will explore different aspects of the Zero Trust framework including design, resilience and threat modeling to build a modern zero trust strategy for your organization.
Sessions Include -
Cyber-Resilience: Managing Cybersecurity as a Predictable Risk
Speaker - Derrick A. Butts, CISSP, ITIL – CEO/ Cyber-Business Transformation Advisor, Continuums Strategies
Many businesses have zero trust goals and aspiration for 2023, but the number of businesses working to achieve this level of security, will be few due to the cost. Zero trust is a portion of a cyber-resilience strategy verses just another piece of technology.
A cyber-resilience strategy incorporates zero-trust methodologies, but it also needs to include updates to business policies, procedures, business continuity planning, enhancing technologies, security risk management, and modified security awareness training. The layering of these tasks will mature your security posture and increase the chances of your data being protected and restorable during and after a cyberattack.
Extending Zero Trust to the User with a Zero Trust Workspace
Speaker - Chalan Aras, Advisory Managing Director, Deloitte & Touche LLP
Implementing Zero Trust principles across an enterprise has accelerated as cyber risks have expanded through remote and third-party users, greater use of SaaS, and acceptance of unmanaged devices for enterprise connectivity.
Past solutions centered around technologies such as VD Infrastructure and Remote Browsers but these tend to compromise UE, can be costly, and depart from familiar software tools.
We will share the concept of a ZT Workspace that brings a large range of identity, posture, and application-based controls to protect data, without the cost current solutions, including the use of off-the-shelf applications that avoid a disruptive change to user experiences.
Zero Trust Threat Modeling
Speaker - Chris Romeo, CISSP, CSSLP – CEO, Kerr Ventures
Zero trust is all the rage. Nevertheless, zero trust has vast implications for AppSec and threat modeling. Zero trust threat modeling means the death of the trust boundary and assumes attackers are in the environment, and data sources and flows can no longer hide.
Apply the concept of zero trust to threat modeling by understanding what changes and considering a threat model of the zero-trust architecture. Explore new design principles in a zero-trust threat model and apply a mnemonic and taxonomy of threats impacting zero-trust applications.
Long live the threat model but say goodbye to the trust boundary.
Zero Trust: Is Everybody a Zero Trust Solution Now?
Speaker - Vincent Romney, CISSP, CCSP – Enterprise Security Architect, Nu Skin Enterprises, Nu Skin Enterprises
Zero Trust is a buzz-phrase like no other! Seemingly every vendor is now a Zero Trust solution, and organizations who've received that "top down" edict to "go Zero Trust" are often at a loss to determine where to spend their precious security dollars. Using NIST 800-207 as our guide, we'll walk through the components of a Zero Trust architecture, and contextualize it against various vendor offerings to bring clarity to the Zero Trust argument.
Information Security requires a strategic, customer-obsessed & enterprise-wide approach but, all too often, organizations are stuck in Groundhog Day. Misunderstanding zero trust and hitting roadblocks causes organizations to optimize for what can be moved forward and call it a win. They show forward progress, but pragmatism only exacerbates the true mess, leading to more tech debt and confusion. We’ll identify key principles in the original Rainbow Series, how to escape Groundhog Day & transform a data-driven foundation into a modern Zero Trust grand strategy that delivers a culturally aligned, security & privacy by design program.
The Zero Trust Application Framework - Building Security without a Perimeter
Speaker - Nat Bongiovanni, CTO, NTT DATA Federal Services
In this presentation we will discuss Zero Trust Architecture (ZTA) and how to build ZTA applications. We will start with the seven tenets described in NIST SP 800-207 and then show an application framework for building cloud-ready Zero Trust applications. Our presentation will show how the three components of Authentication, Monitoring, and Authorization enable ZTA. We will explore the the concepts and implementation of policy decision and enforcement points as well as all other components of a ZTA. Tying it all together, we will present and example application as described in NIST SP 800-204 a, b, c.
Legal Implications, Issues, and Aspects of Zero Trust Architecture (ZTA)
Speaker - Scott Giordano, Senior AI, Privacy & Cybersecurity Attorney
There are myriad concerns when it comes to planning a executing a Zero Trust Architecture plan. Legal implications such as collecting a processing user data, complying with local and applicable data protection laws (like GDPR) , privacy issues that may involve monitoring user activities and network traffic and cross-boarder data transfers. This session will examine these issues and aspects such as:
- User consent
- Data breaches
- Contract and Agreements
- Incident response and notifications
- Compliance with industry-specific regulations
Enhance your cloud security knowledge to defend AWS & Azure infrastructure and apps through building automated detection, alerting, and response systems. This training offers hands-on lab exercises & CTF challenges (metal coins to win) for a practical learning experience.
This hands-on CTF-style training includes content for builders, security practitioners and architectects focused on implementing large scale security programs. You will Learn to defend AWS & Azure cloud infrastructure by building automated detection, alerting and response pipelines for your workloads by using native cloud services. This training focuses on building security knowledge on the cloud and for the cloud. It teaches you the fundamentals of cloud infrastructure security and focuses on building highly scalable threat detection, monitoring, and response tools by using cloud-native services like serverless, containers, object stores, IAM/AD, logic apps, SQL/KQL queries and much more.
Learning Objectives:
By the end of this training, we will be able to (applies to both AWS & Azure):
* Use cloud technologies to detect & build automated responses against IAM & AD attacks.
* Understand and mitigate advanced identity based attacks like pivoting and privilege escalation and build defense techniques against them.
* Use serverless functions to perform on-demand threat scans.
* Deploy containers to build threat detection services at scale.
* Build notification services to create detection alerts.
* Architecting multi-account log collection and alerting strategy.
* Define step functions & logic apps to implement automated forensic artifacts collection for cloud resources.
* Building cloud security response playbooks for defense evasion, persistence and lateral movements.
* Perform advanced security investigations through architecting and deploying security data-lake for real-time threat intelligence and monitoring.
* Enforce multi-cloud security strategy through assessments, compliance checks and benchmarking automation.