The Great Wall of China wasn’t built in a day and a great offensive strategy doesn’t happen overnight. This session will go over building blocks (sprints) with your end goal in mind – staying one step ahead of your opponent and preventing cyber-attacks before they happen. During this session, you will learn manageable steps in terms of sprints that you can take to not only build but also validate a strong proactive game plan. Ethical Hacker and Red Team Veteran, Morgan Habecker, will cover: How to identify your organization’s security gaps Strategies to break down your offensive opponent Why and when to use a Red Team, and where a Third Party should come into play

1. CTEK SUMMER SERIES
Be Ready. Be Resilient. Validate.
F O U R B U I L D I N G B L O C K S T O S TAY O N E S T E P A H E A D O F Y O U R O P P O N E N T

2. Jordan DeWall
R E D T E A M C O N S U LTA N T
MEET OUR SPEAKERS
I N D U S T R Y T H O U G H T L E A D E R S
Morgan Habecker
M A N A G E R O F R E D T E A M S E R V I C E S
2
BE READY. BE RESILIENT. VALIDATE.
• BS in Network Security
• 8 years enterprise security
experience
• Specialty: Web / SE / Network
Penetration
• Army / NavyVeteran
• 12 years as a Penetration
Tester
• Specialty: Physical / SE /
Network Penetration

3. 3
POLL QUESTION #1
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
BE READY. BE RESILIENT. VALIDATE.

4. 4
POLL QUESTION #2
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
BE READY. BE RESILIENT. VALIDATE.

5. BREACHES IN 2020
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
5
Hacking
63%
SE
31%
Physical
6%
3950 Breaches in 2020
17% involved Malware
8% Involved Authorized users
Avg cost of breaches was $3.86M
19 breaches
in June 2021
SCRIPPS
• $75m
• 147k Users

6. INCIDENT BREAKDOWN
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
6
Perpetrated
by External
Actors
Involved
Phishing
Were
Organized
Criminal
Groups
Involved
Internal
Actors
Were
Financially
Motivated
Used Stolen or
Compromised
Credentials
Used
Ransomware
70% 37% 27% 22%
86%
30%
55%

7. 7
POLL QUESTION #3
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
BE READY. BE RESILIENT. VALIDATE.

8. WHAT IS A RED TEAM
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
8
Can use MITRE
ATT&CK for
scenario-driven
attacks
Typically
conducted in a
double-blind
assessment
Tests
organization to
validate security
controls against
people &
processes
Used to
accomplish
validation of an
organization's
defensive
capabilities
Specifically designed
to test your resilience
to an advanced threat
Red Team

9. WHY DO YOU NEED A RED TEAM?
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
9
1. Malicious actors have gotten, and keep getting better
2. Organizations have moved into a reactive structure
3. We have more and more to protect
4. To Simulate Advanced Persistent Threats
5. To validate security controls
6. To test your resilience and provide reporting

10. 10
POLL QUESTION #4
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
BE READY. BE RESILIENT. VALIDATE.

11. 11
POLL QUESTION #5
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
BE READY. BE RESILIENT. VALIDATE.

12. WHY A ROADMAP?
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
12
Security is a
journey
We are your smart car;
you are the driver.
You have the wheel,
but we will try to guide
you to the right path.
Identify gaps
and use sprints
to close them
Roadmap ends
with a full Red
Team
assessment
Uses custom
assessments to
identify the best
benefits

13. STRATEGIES TO BREAKDOWN OPPONENT
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
13
Detect React Contain Defend

14. FOUR BUILDING BLOCKS FOR RED TEAM READINESS
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
14
Compliance &
GAP Analysis
Implement
Threat Detection
& Management
Pentesting &
Managed
Services
Red Team
Analysis

15. IDENTIFY
critical
assets
FIND
the gaps in
your security
PRIORITIZ
E next steps
to maximize
benefit
NOT INTENDED FOR PUBLIC RELEASE
15
BLOCK I: COMPLIANCE & GAP ANALYSIS
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T

16. PERFORM
vulnerability
scans
PLAN
implement
or tune
appropriate
monitoring
INITIATE
remediation
plan for
issues as
they arise
NOT INTENDED FOR PUBLIC RELEASE
16
BLOCK 2: IMPLEMENT THREAT DETECTION & MANAGEMENT
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T

17. SCHEDULE & utilize
broad, targeted pentests
to identify problem areas
& bottlenecks
USE managed services to
get a complete picture &
maintain visibility
NOT INTENDED FOR PUBLIC RELEASE
17
BLOCK 3: PENTESTING & MANAGED SERVICES
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T

18. NOT INTENDED FOR PUBLIC RELEASE
18
BLOCK 4: RED TEAM ANALYSIS
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
PREPARE
& conduct a
Red Team
engagement
CONDUCT
to simulate a
real-world
attack
INITIATE a
remediation
plan for
issues

19. NOT INTENDED FOR PUBLIC RELEASE
19
THE JOURNEY
R E S I L I E N C E V A L I D A T I O N

20. Using this strategy, you should be able to:
 Consistently defend your assets, data, and people against a malicious actor
 Grow confidently
 Continue securing your most critical assets
 Work closely with the Red Team to understand what was done, when, and how you can
detect those activities in the future
• Reports are graded based the pillars
• Could you detect the threat?
• Did you react to the threat effectively?
• Could you contain the threat?
• Could you defend your asset(s) from the threat?
 Create a remediation plan and adjust IDS/IPS
OUTCOME
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
20

21. • Conduct all outlined blocks using all of CynergisTek's combined consulting
experience
• Gets you on your way to Red Team Resilience
THE RED TEAM ROADMAP
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
21

22. • Build a roadmap Start with scanning and other "managed services"
• Perform gap analysis across the whole organization
• Prioritize the gaps
• Validate your remediation
NEXT STEPS FOR HEALTHCARE
S T A Y O N E S T E P A H E A D O F Y O U R O P P O N E N T
NOT INTENDED FOR PUBLIC RELEASE
22

23. cynergistek.com
C Y N E R G I S T E K R E S O U R C E S : P O D C A S T | V I D E O S | B L O G
We are here to help!
Thank you.
J O R D A N . D E W A L L @ C Y N E R G I S T E K . C O M
M O R G A N . H A B E C K E R @ C Y N E R G I S T E K . C O
M