Do you outsource security services to an MSSP? Do you know if they're really providing the service they claim? Or if you have an internal SOC, have you measured how well they perform? If you get some alerts, are they catching them all? If you get no alerts, does that mean you're not being attacked? Did alerts stop because you've improved security or because they've let some analysts go to save money? In this talk I,ll walk through some practical ways that you can test and verify your MSSP or even internal tools, to make sure you,re getting the protection you,re paying for. We'll discuss specific types of validation you can perform, tips and tricks to automate the process, and outline some of the tools available to simplify the process.

Bio: Nathan Sweaney is a security consultant for Secure Ideas. By day he tests pens and by night he seeks to rid the world of invalid political and religious opinions on Facebook. Ransomware that lands on his computer simply gives up and sends him Bitcoin. Nathan's beard is rumored to have been the inspiration for Chewbacca's son Lumpawaroo.

Back to ShowMeCon 2018 video list