The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Jeff Man - Online Business Systems

Students: Fall 2025, unless noted otherwise, sessions will be virtual on Zoom.

Why Attack When You Can Defend

Oct 21, 2020

Download: Video Icon MP4 Video Size: 2.0GB  
Watch on Youtube Watch on YouTube

Abstract

MITRE ATT&CK® seems to be the"next big thing". Every time I hear about it I can't help but wonder, "how doyou prevent all these attacks in the first place? Shouldn't that be the endgame?" To that end, I set out to map all the recommended "Mitigations" for allthe "Techniques" detailed in ATT&CK to see how many are already addressedby what is required in the Payment Card Industry Data Security Standard (PCIDSS). My hypothesis was all of them. The results were interesting and a little surprising, and I'm still trying to figure out how to best use the results and subsequently ATT&CK itself. I will present my findings in the briefing andhopefully generate a discussion about what to do with the results.


About the Speaker

Jeff Man
Respected Information Security advocate, advisor, evangelist, international speaker, keynoter, host of Security & Compliance Weekly, co-host on Paul's Security Weekly, Tribe of Hackers, TOH Red Team, TOHSecurity Leaders, TOH Blue Team, and currently serving in a Consulting/Advisory role for Online Business Systems. Nearly 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified NSA Cryptanalyst. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing "red team" at NSA. For the past twenty-five years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best known companies.


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!