An unfortunate number of enterprises build their foundations on a false sense
of security. They’ve implemented technical defensive measures, written policies,
and have procedures for response – and they feel ‘secure’. The problem is –
until they’ve actively tested these out in real-world scenarios much like
disaster recovery drills, they have no idea how well-prepared they really are
for when the worst strikes. Perhaps more importantly, they have no idea where
things will strain and break and as a result cannot compensate.
As Information Security leaders often find themselves playing whack-a-mole with
compliance, business requirements and resource challenges it can be easy to fall
into a sense that everything is under control because on paper the security
posture looks good – but how certain are you? Validating human and technical
controls, policy elements and response procedures is vital to the prepared
enterprise. It is true that the only way to design a safe vehicle is to
repeatedly crash and re-design it until it meets minimum safety requirements,
but all of this must be done before the car is allowed to crash in a real wreck.
Unfortunately, most enterprises simply go by what they’ve planned on paper and
it’s not until they wreck in the real world do they find out how poorly prepared
they are.
This talk exposes the massive gaps in typical corporate “security” and discusses
a step by step approach to making the most of Red Team exercises and a
non-restrictive approach to security posture validation. Whether you’re a
security manager, executive, or someone who just really cares about their
security posture – you will hear how, what, and when on real security testing.
Rafal Los
Rafal Los, Security Strategist for Hewlett-Packard Software, brings a pragmatic
approach to enterprise security. Combining over a decade of technical,
consulting and management skills in the Information Security field, he uses his
experience to build bridges between technology and people. As a sought-after
writer and speaker he currently focuses on the various strategic aspects of
enterprise security and emerging technologies to empower business to be agile.
He advocates a focus on sound security fundamentals and is a contributor to open
standards and organizations volunteering his time to groups such as OWASP and
the Cloud Security Alliance. His blog, Following the White Rabbit, is his unique
perspective on the various aspects of enterprise security, emerging
technologies, and current events and can be found at http://hp.com/go/white-rabbit.
Prior to joining HP, Los defined what became the software security program and
served as a regional security lead at a Global Fortune 100 contributing to the
global organization’s security and risk-management strategy internally and
externally. Rafal prides himself on being able to add a ‘tint of corporate
realism’ to information security.
Rafal received his B. S. in Computer Information Systems from Concordia
University, River Forest, Ill.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek