Independent security contractor.
#1 photography account about hacking.
Previously:
@BishopFox Red Team
@risk3sixty Pentesting Practice Lead
website | https://ryanbasden.com |
github | https://github.com/rybaz |
https://twitter.com/_rybaz |
Independent security contractor.
#1 photography account about hacking.
Previously:
@BishopFox Red Team
@risk3sixty Pentesting Practice Lead
website | https://ryanbasden.com |
github | https://github.com/rybaz |
https://twitter.com/_rybaz |
"In addition, ChatGPT doesn’t just itself fail to recognize the difference between fact and fiction, it presents these answers to people who are themselves unable to discern the difference."
Some of my favorites from Zion National Park.
Taken with Kodak Portra 400.
Your external pentest scope is ~500k possible *public* IPs. In addition to manual testing, do you run Nessus scans in the background?
Why/why not?
WTF is a purple team? What's a purple team exercise? Do purple teams even lift?
Perhaps more importantly, how can you use the outcomes of not skipping security leg day to make your company give a shit about defending itself?
I'll answer all these questions and more this coming Saturday. Be there!
For many, IT security is still perceived as a sometimes-helpful nuisance, but an all-the-time cost center. The most common exception is in compliance, often disproportionately handled by IT staff due to the technical evidence gathering requirements. And it’s hard for security staff to argue the case, since you can draw a direct line from compliance reports to revenue. A clean SOC 2 report or PCI DSS certification can determine the outcome of multi-million-dollar deals. The same cannot usually be said for a clean vulnerability assessment, penetration test, or red team report (much less a not clean one). So how can security professionals compete with compliance for budgets, and how can IT professionals garner buy-in and internal support from executives and decision makers so they can affect organizational change and improvement? This session will cover how purple teaming activities can elevate an organization beyond exception management in revenue-generating deals, to providing multiple mechanisms for demonstrating substantial ROI, and quantifiably protecting existing and future revenues. I will detail actionable approaches – with real world examples – that showcase how purple team exercises can accomplish the following: - Establishing measurable security baselines and resilience across companies and supply chains - Validating the efficacy of security investments and identifying potential areas for greater efficiency. - Providing a blueprint for organizational advancement and agility via penetration tests and red teams - Evidence-based ROI communication to leadership and stakeholders - Demonstrable and continuous protection against headline grabbing, and investor rattling, emerging threats