Abstract

Traditional penetration testing and red team engagements typically focus on identifying single attack paths and how organizations can fix vulnerabilities to shut those paths down. The results of these engagements are a reduced risk from eliminating a single attack path, but rarely lead to an improved defensive skill set. This talk will introduce the Threat Detection Maturity Model, a security detection and testing framework to more closely integrate red and blue team operations with the goal of measurably improving defensive capabilities. The framework is designed to measure the effectiveness of the blue team's defensive capabilities using a capability maturity model across the attack lifecycle. We'll demonstrate how "threats" are injected into an environment to enable a hunt team or SOC to improve their skill sets and validate the effectiveness of their security tooling.

Presented by

Bio

Zach is currently the lead for Cyber Threat Management at Northwestern Mutual. He has worked in offensive security for the last seven years focusing on securing financial institutions. He is active in the Milwaukee security community in which he is an OWASP Milwaukee chapter leader, a member of @MilSec, and is a member of the Wisconsin Collegiate Cyber Defense Challenge (CCDC) Red Team. He's also the creator of the open source security projects changeme and Sticky Keys Hunter.

Brian currently works on the hunt team at Northwestern Mutual. Brian is an information security professional with experience in the insurance, manufacturing, and defense intelligence sectors. He has worked in the areas of incident response, forensic analysis, vulnerability management, and security risk consulting. He currently focuses on information security threat detection and analytics at a Fortune 100 company. Professional degrees and certifications include: MBA, MSITM, CISSP, GREM, GCIH, GNFA, and GCFA. He has presented at DerbyCon, Circle City Con, Infragard, and ISACA-Kettle Moraine.