Hack Red Con 2024
-
End the Burnout - 3 things your CISO wishes you knew.
Mark Thacker
-
Doors, Cameras, and Mantraps: Oh, my!
Dylan "The Magician" Baklor
-
Registration Opens
Oct. 25
-
Opening Ceremony
Oct. 25
-
Keynote Round Table - Ed Skoudis, Dave Kennedy, Ken Nevers, Amanda Berlin
Oct. 25
-
Securing Derby 150
Jason PaytonOct. 25
-
Intro to Infrastructure Automation for Offensive Security
Alex MartirosyanOct. 25
-
CISO Roundtable
Oct. 25
-
Creating Intelligence From Malware Samples
Jon "Wally" Prather and Jeff SmealOct. 25
-
Tough Adversary? Don’t Blame Sun Tzu
Dr. Gregory CarpenterOct. 25
Celina Stewart is an expert in cyber risk management at Neuvik, a cybersecurity services company. In her current role, she leads Neuvik’s Integrated Risk Management service line, translating technical findings from Red Team Assessments to cogent, tactical strategies to buy-down business risk. Celina specializes in designing and optimizing cybersecurity programs, taking a risk-based approach to program strategy, organization and operating model design, and alignment of technical controls to reduce business risk. Prior to joining Neuvik, Celina worked for McKinsey & Company, where she was a founding member of the cybersecurity practice. In this role, she served Fortune 500+ clients to develop cybersecurity strategy, to optimize cyber program performance, and to integrate cybersecurity with enterprise risk management. Her research has been published in McKinsey on Risk and other publications.
At its simplest, the goal of offensive testing – and penetration tests in particular – is to identify vulnerabilities within an environment and provide remediation guidance. However, many organizations view offensive testing as a performance review, aiming to get a ‘top score’ with only a few findings.
This talk challenges that mindset, as it often distorts the true risk present in an organization – leading to a false sense of security when a “top score” is achieved. Instead, this talk reframes what a “successful” offensive test looks like. By taking a risk-based approach, offensive testing can prioritize systems tied to critical business risks – in turn ensuring that all findings truly buy-down risk.
Attendees will receive tactical guidance on how to extract the most value from their offensive testing to truly address the most pressing risks in their environment. Key topics include how to scope for impact by using a risk-based approach to prioritize systems for offensive testing and how to communicate findings in a Board-friendly manner to truly buy-down risk within the environment.
