ZIP file full of CSVs. In this session, we will explore how to use data extracted from our environments to present tactical and strategic visualizations to the organization. Beginning with ad-hoc, tactical, automated import into Microsoft Excel for use in pivot tables and charts, we will then move on to using dashboard tools like Grafana to visualize trends in measurements over time. The session will focus on demonstrations of the techniques d...

Equipped with a knowledge of how to use PowerShell, the audit/compliance/security professional can start gathering measurements of systems and networks. In this session, we use PowerShell to extract data from Windows systems, Active Directory domains, VMWare infrastructure and even Linux systems. We will also explore how to extract data from APIs provided by our security tools. Demonstrations will be used to reinforce the concepts. Objectives...

Review of the top used AWS services and which security features you dont want to forget about. Highlighting applicable CIS AWS Foundations Benchmark recommendations And calling out any other security controls that should not be overlooked

Organizations in every sector are increasingly adopting cloud offerings to build their online presence. However, although cloud providers are responsible for the security of the cloud, their customers are responsible for what they do in the cloud. Unfortunately, the providers have made the customer's job difficult by offering many services that are insecure by default. Worse yet, with each provider offering hundreds of different services and w...

Does your organization have penetration testers and a red team? Do they work closely with those performing defensive roles to improve the overall security? Far too often, pen tests and red team engagements are performed, leaving only a list of discovered vulnerabilities with no instructions on how to mitigate the findings. This is where purple teaming can be of great value to an organization. It's not a new team, rather, it's an organized effo...

A top-notch security platform requires a significant investment of money, time, and resources, so it's essential to know it's doing its job. Instead of waiting for an attack to test your security controls, on-demand, proactive testing allows you to validate that controls are acting as expected. That means you need a solution that enables you to emulate true threat actors within your environment, making penetration testing more effective and re...

As the velocity of IT operations increases, automation is becoming critical for auditors and compliance professionals. In this session, we will cover the basics of using PowerShell for common infosec, compliance and audit tasks. We will make heavy use of demonstrations to explore the object-oriented nature of the shell, important commands for getting help, and how to select, sort, filter and transform results from native Windows tools. We will...

Zero trust has become one of the hottest topics in IT and cybersecurity especially in light of the global pandemic and related work-from-home (WFH) momentum. Zero trust is garnering plenty of headlines but do users really understand zero trust technologies and where they fit? And is now the time to move zero trust from a tactical to a strategic approach that aligns to business initiatives? Join us for our webinar with ESG and Cisco as we take...

Smartphone data can be confusing. There are so many locations, timestamps, and synched data that it may be more difficult than you think to put a person at the scene of a crime or behind an activity. For this Tech Tuesday Workshop we'll walk you through a scenario where the data is confusing. We'll show you how to create your own test data, extract it, and most importantly - validate it! System Requirements: A Mac or PC with permissions to ins...

Traditional methods of cyber defense, like perimeter-based network security, have always emphasized the need of keeping adversaries out of our networks, building a fortress that would stop attackers while allowing secure access to legitimate users. In such a model, trust is typically binary: either the user is authenticated (trusted) or not. Once access is granted to a user, that level of trust is hardly re-evaluated, and when it is, it is usu...