In 2022, my org was breached by Lapsus$. We had a multimillion-dollar budget, all the products, all the bells and whistles, copious staff, etc. After the dust settled, I became obsessed with understanding how so many modern orgs had been breached in 2022. I scheduled CISO 1-1's with everyone I knew. With those I didn't know, I dove deep into the breach notifications and articles. Patterns started to emerge. Join me in discussing notes and stories from my outreach. Topics: 2FA Failure, FIDO, IAM, Github/Gitlab Security, User Awareness Training, Threat Intelligence, Supply Chain Security, Assets and risk registers, common activities post-breach (cred-rolls, breach notifications), priority segmentation for internal networks (protecting internal web control panels), bug bounty, ++
Негізгі бет Bsides2024 : Jason Haddix : Tales from the Breach
Пікірлер: 1