As infosec pros we spend a lot of time thinking about how to tighten defenses and how ready we are to defend against the next attack. These are key topics to help your team be better prepared, but what happens when you don't know how cyber ready you are? Training is costly; on the job training is costly AND risky. The best defense is a good offense. Best way to defend a castle is to attack it. It is absolutely amazing what you learn about your adversaries' motives, techniques and your organization's specific defenses and vulnerabilities when you reverse roles. When is the last time you and organization simulated an attack and assumed the role of the adversary?
And even if you are comfortable with you and your team's skills, what about your organizations system administrators and developers who are not focused exclusively on security? I'm sure that many of you run into the same pushback as I do when talking to non-security IT folks, who don't see your concerns as realistic; lacking an awareness of the risks out there and methods used by attackers. The best way for people to learn and apply what they learn is through the muscle memory. InfoSec and IT professionals need to work and interact with environments that closely replicate the network, servers, software, vulnerabilities and security measures found in a real production IT environments. The complexity helps participants learn how attackers think, how they approach targets, how they exploit vulnerabilities in infrastructures and applications, and how they capture and exfiltrate data.
Classroom training and boring security awareness presentations is not enough. But if you take on the identity of attackers, you can learn how they think, how they approach targets and how they exploit current protective technologies. The best way to do this is with simulated attacks and live-fire exercises such as “capture the flag” sessions. The gamification of security education delivers more effective, immersive and interactive experience.
In this real training for free ™ webinar I will show you different ways that organizations from large to small and even individual security professionals can hone cyber security skills by playing the role of their adversaries. We will explore different options that range from complex and deep to those that are simpler to execute:
- “Capture the Flag” sessions
- Live-fire drills
- Coordinated attack simulations
Holding security war-games and other attack simulations are incredibly valuable for building skills, changing mindsets and, if held in real-time, speeding up response time. But they can also be complicated and expensive as well as difficult to quantify results and benefits. This is where our sponsor, Symantec, comes in. James Griffin will briefly show you Symantec's Security Simulation Platform, a cloud-based, virtual hacking experience that provides multi-staged attack scenarios, allowing participants to take on the identity of their adversaries. IT enables your teams to learn the tools “hands on” and receive feedback on the key areas covered, their strengths and areas of improvement.
Please join me for this eye-opening webinar. My goal is for you to take away different options for you and your organization to practice security by thinking like a hacker.