A presentation I gave at the 2020 National Cyber Crime Conference in July 2020. I should note: I had a bit of a summer cold during this presentation, and there are more “filler words” than normal. Overall, it turned out good and the response from attendees was great!
An adversarial approach to risk identification and mitigation of an organizations most valuable assets; people. Specifically people and their open source digital foot print (MITRE ATT&CK 1266, 1275). Organizations participate in penetration testing and risk assessments, often times with a large chasm between the typical software/hardware solutions, and the ever present human element. With the proliferation of doxxing in the mainstream media, organizations and individuals need to be more aware of the adversary mind set and methodology, as well as the steps to simulate these attacks.
Going beyond the attack simulation, organizations desperately need the ability to define and properly classify the associated risks, and identify steps to contain and remediate those risks. This talk aims to give listeners an eye opening view into adversary simulation activities as it pertains to digital foot prints, but also will provide a crash course into the how and why of not only simulating the attack, but also highlighting methods to prevent and remediate our most important assets being compromised.