Abstract: It seems that businesses are truly struggling with how to handle the threats we face as organizations when it comes to information security. From breach to breach, the techniques seem similar yet they completely rip through everything we’ve tried to protect against. As an industry, we’re fighting to define ourselves in a manner where we can actively combat the different demographics we see from attackers. This presentation will walk through what we face as organizations, both politically as well as an industry. Information security isn’t a technology problem – it’s a social issue. Until we recognize that, we will continue to see the continued breaches year after year as we continue to battle (and lose) the same types of attacks. There’s a lot of talk inside the industry on technical controls, products, adversarial simulation, and more for strengthening our defenses. These couldn’t be further away from what we really need to combat these types of attacks. This talk will also be demonstrating effective measures to combat some of the main techniques attackers use in order to attack an organization.


Bio: David Kennedy is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective. David was the former Chief Security Officer (CSO) for a Fortune 1000 company where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and Artillery. Kennedy has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. Kennedy is the co-host of the social-engineer podcast and on a number of additional podcasts. Kennedy has testified in front of Congress on two occasions on the security around government websites. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.


Twitter: @HackingDave
 

Recorded at AIDE 2015