@slandail

Know your opponent and know yourself. It held true for Sun Tzu 2500 years ago, and it holds true for pen testers today. A pen tester who has worked in sec ops role has a distinct advantage, especially if that pen tester has a solid grasp of the good, the bad, and the ugly of identity and access management (IAM) in an enterprise setting. For red teams, this presentation will cover pen testing tips and tricks to circumvent weak or missing IAM controls. For blue teams, we'll also cover the steps you can take to shore up your IAM controls and catch pen testers in the act. Purple teaming, FTW!

By night, I'm a husband, father, writer, filmmaker, martial artist, musician, and gamer. I think it's fair to say that I've earned every gray hair in my beard, having spent my career fulfilling infosec roles in consulting, higher education, retail, and public utilities. I like to share what I've learned over the years with local and regional information security professional organizations, as well as attendees at larger information security conferences. In addition to writing articles like this one, I teach information security courses, both domestically and internationally. At the end of the day, I just want to help folks get one step closer to doing what they want to do securely.

Back to BSides Cleveland 2018 video list