Hack Red Con 2024
-
End the Burnout - 3 things your CISO wishes you knew.
Mark Thacker
-
Doors, Cameras, and Mantraps: Oh, my!
Dylan "The Magician" Baklor
-
Registration Opens
Oct. 25
-
Opening Ceremony
Oct. 25
-
Keynote Round Table - Ed Skoudis, Dave Kennedy, Ken Nevers, Amanda Berlin
Oct. 25
-
Intro to Infrastructure Automation for Offensive Security
Alex MartirosyanOct. 25
-
Securing Derby 150
Jason PaytonOct. 25
-
Creating Intelligence From Malware Samples
Jon "Wally" Prather and Jeff SmealOct. 25
-
CISO Roundtable
Oct. 25
-
Tough Adversary? Don’t Blame Sun Tzu
Dr. Gregory CarpenterOct. 25
Celina Stewart
Celina Stewart is an expert in cyber risk management at Neuvik, a cybersecurity services company. In her current role, she leads Neuvik’s Integrated Risk Management service line, translating technical findings from Red Team Assessments to cogent, tactical strategies to buy-down business risk. Celina specializes in designing and optimizing cybersecurity programs, taking a risk-based approach to program strategy, organization and operating model design, and alignment of technical controls to reduce business risk. Prior to joining Neuvik, Celina worked for McKinsey & Company, where she was a founding member of the cybersecurity practice. In this role, she served Fortune 500+ clients to develop cybersecurity strategy, to optimize cyber program performance, and to integrate cybersecurity with enterprise risk management. Her research has been published in McKinsey on Risk and other publications.
Workshop Description:
Offensive testing – and penetration testing in particular – has become increasingly commoditized, with organizations increasingly narrowing scope, tightening timelines, and limiting access. As a result, it can be difficult – even for teams with top offensive security talent – to get executive buy-in for findings remediation or to demonstrate distinctive value from offensive testing.
This workshop enables offensive testing teams bridge this gap by using framing that will resonate: business risk. By taking a risk-based approach to critical phases of testing – planning, reconnaissance, reporting – offensive teams can gain buy-in and demonstrate distinctive value, tying all findings to risks that strategic decision makers will understand and prioritize.
In this workshop, we’ll explore tactical actions offensive teams can take to leverage this approach for each phase of testing. Attendees will receive tactical tips on how to quickly identify risks, leveraging existing Blue Team risk management documentation and threat modeling. Then, we’ll step through a case example to demonstrate how to incorporate risk into key phases of the testing process. Lastly, we’ll discuss how to frame findings in terms of risk, ensuring executive buy-in and tying findings to business value.
