SlideShare a Scribd company logo

The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond

Download as PPTX, PDF
S
SophiaPalmira

The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond presented by Ben Dankers, SVP Security & Privacy Services for CynergisTek, and moderated by Mike McCune.

Business
1 of 24
CTEK SUMMIT 2020
CTEK SUMMIT 2020 The Next Normal: New CTEK Services Support Adapting in 2020 & Beyond 2 This Photo by by KariHak is licensed under CC BY 2.0
CTEK SUMMIT 2020 3 Ben Denkers SVP of Security & Privacy Services, CynergisTek • 20 years of experience information security and consulting from a variety of industries and has been recognized as a frontline leader. • An extensive track record of success delivering the vision, key leadership, and strategies to take business performance and IT security to new levels of performance. • Prior to CynergisTek, he was the VP of North America Consulting at Cylance.
CTEK SUMMIT 2020 Managed Security Validation™Collaborative Evolution of CTEK Advantage Partner Program (CAPP) Assess + Build & Manage Ability to Validate Control Effectiveness Predictable Budget Dynamic & Flexible 3-yr Program A Security & Privacy Journey to Reduce Risk and Show Progress Over Time 4
CTEK SUMMIT 2020 5 VALIDATE Confirm the Effectiveness of People, Processes & Technology ASSESS Identify Gaps & Define the Go-Forward Roadmap BUILD Develop Policies & Procedures MANAGE Outsource Responsibility & Oversight SECURITY & PRIVACY JOURNEY Managed Security Validation™ CTEK Advantage Partner Program (CAPP)Evolution of CAPP to Provide More Advanced Value-add Services Remediation Roadmap with Actionable Next Steps & Support
CTEK SUMMIT 2020 Advanced Offerings 6 CTEK Service To Support Security Control Validation Assessment Measuring the ROI and Security Controls (or people, technology) API Sentry New Regulations Around & Interoperability 24/7 Adversary Validation Increased Threat Landscape with Normal (remote workforce, ransomware & telehealth)
CTEK SUMMIT 2020 New Offering: Security Control Validation Assessment (SCVA) • CTEK leverages technology to test implemented safeguards on their effectiveness using real world attack simulation. • You will be able to gain insight into which tools are providing protection and where the gaps are. (ROI) • Reliably prove detection and response capabilities for both internal security operations and managed security service providers. 7
CTEK SUMMIT 2020 SVCA Self Assessment: • How do you know your if safeguards and controls are configured or working as planned? • Are you missing crucial technology in your stack or lacking compensating controls? • Is your SOC / MSSP identifying everything they should? Do you have a way to validate? • How would your technical controls hold up against a ransomware attack, data exfiltration attempt or similar threat? 8 This Photo by Unknown Author is licensed under CC BY-ND
CTEK SUMMIT 2020 How does a SCVA work? 9 1. Agent VMs ( ) are deployed in key areas of the network. 2. Inoculated attacks are then sent between agents across the implemented safeguards. (firewall in this example) 3. Logs are captured from the safeguard or SIEM and analyzed. 4. Technology reports on whether the safeguard missed or identified the attack, logged the attack, and/or prevented the attack. 5. Reports are aligned to the MITRE ATT&CK framework for managing and tracking
CTEK SUMMIT 2020 SCVA in Action 10
CTEK SUMMIT 2020 New Offering: API Sentry • CTEK provides continuous and on demand API testing capabilities. • Testing is based on the actual API business logic and custom playbooks are then created to build the attack chain. • Findings and recommendations can be fully implemented into a devops or security ticketing solution. • Quarterly strategic touchpoints help ensure your API security program is maturing. 1 1 Powered by APIsec
CTEK SUMMIT 2020 What is an API? An application program interface (API) defines business logic that allows for interaction between services and systems. 12
CTEK SUMMIT 2020 API Sentry “The Need” • Vulnerable API’s can lead to ePHI data compromise. • Traditional vulnerability scanning methods do not identify or prevent risks. • The skillset needed to assess is hard to find and expensive to staff. • Very Important: Providers and payers need to be ready to share their most protected patient data with 3rd party applications. (Interoperability ) 13
CTEK SUMMIT 2020 Have you ever reviewed your APIs? How does your security program identify APIs in use? Would you know if an API is capable of being compromised? If you’re developing applications with APIs, how are you ensuring APIs are secure? API Sentry : Self Assessment 14
CTEK SUMMIT 2020 Partnership Advantage CTEK & APIsec 15
CTEK SUMMIT 2020 24/7 Adversary Validation What percentage of vulnerabilities do you actually patch?
CTEK SUMMIT 2020 Continuous Attack Validation Attack Checkpoints Customer has full control over the exploit lifecycle. Agentless Standalone attack platform with no agents to install. Automated Continuously running 24/7 and managed by the CTEK RedTeam BrainTrust. No False Positives Results are parsed and validated prior to customer delivery to ensure accuracy. Robust Reporting Reporting allows to see what devices were exploited and what level of access was granted. Stable Exploitation Only proven reliable exploit code is used. New Offering: 24/7 Adversary Validation 17
CTEK SUMMIT 2020 Quick Level Setting… Vulnerability Scanning: Technology that utilizes a database of findings to identify if systems and services are potentially susceptible to vulnerabilities. Pentesting: The art of exploiting networks, applications and other devices with the goal to identify weakness in technology, processes or the human element. 18
CTEK SUMMIT 2020 Vulnerability Scans Aren’t Enough! 19
CTEK SUMMIT 2020 The Need: 24/7 Adversary Validation 20 • Remote workforce now equals a new breed of threats. • Attack surfaces are continually changing. • Visibility is lacking as it relates to opportunities for lateral movement and privilege escalation. • Traditional methods of pentesting assessments are only a point in time only. • Budgeting for a Red/Purple team is expensive, and resources are hard to come by.
CTEK SUMMIT 2020 How Does CTEK Solve the Problem? • Automated and on demand 24/7 pentesting in your organization managed by the CTEK Red Team focus on active exploitation and lateral movement. • Access to the CTEK BrainTrust who partners with you to provide additional context and remediation support as issues and solutions are identified. • Allows for prioritization of remediation and integration into ticketing solution to allow organizations to track the lifecycle. 21
CTEK SUMMIT 2020 Define The Attack Surface Which network segments do you want to attack first? 01 Identify / Execute Exploit Paths How can the exploit be leveraged to move laterally or aid in a different attack chain? Remediation Review Track remediation as it integrates within your workflow. 05 Set Exploit Parameters What do you want to happen when an exploit opportunity has been identified? 02 Findings and Analysis Generation Generate a report with an analysis of the hack. 04 Weekly / Quarterly Touch Points Have access to the CTEK Braintrust to understand progress and to help shape focus. 0306 Service Overview 22
CTEK SUMMIT 2020 Key Takeaways Security Control Validation CTEK API Sentry Solution 24/7 Adversary Validation 23
CTEK SUMMIT 2020 THANK YOU Ben Denkers SVP, Security and Privacy 760-577-1310 Benjamin.Denkers@Cynergistek.com 24

Recommended

CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
Infosec
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
awish11
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
West Monroe Partners
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
EnergySec
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new exam
Infosec
 
Isaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryIsaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industry
Infosec
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
Infosec
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive Team
John D. Johnson
 

Recommended

CompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the examCompTIA PenTest+: Everything you need to know about the exam
CompTIA PenTest+: Everything you need to know about the exam
Infosec
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
awish11
 
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
FFIEC and NIST: What You Need to Know About Two Prevalent New IT Security Com...
West Monroe Partners
 
Industry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working TogetherIndustry Reliability and Security Standards Working Together
Industry Reliability and Security Standards Working Together
EnergySec
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new exam
Infosec
 
Isaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industryIsaca career paths - the highest paying certifications in the industry
Isaca career paths - the highest paying certifications in the industry
Infosec
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
Infosec
 
Presenting Metrics to the Executive Team
Presenting Metrics to the Executive TeamPresenting Metrics to the Executive Team
Presenting Metrics to the Executive Team
John D. Johnson
 
Measuring and Managing Credit Risk With Machine Learning and Artificial Intel...
Measuring and Managing Credit Risk With Machine Learning and Artificial Intel...Measuring and Managing Credit Risk With Machine Learning and Artificial Intel...
Measuring and Managing Credit Risk With Machine Learning and Artificial Intel...
accenture
 
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
Infosec
 
CompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateCompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 update
Infosec
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
Chaitanya Bhatt
 
Intelligent Security: Defending the Digital Business
Intelligent Security: Defending the Digital BusinessIntelligent Security: Defending the Digital Business
Intelligent Security: Defending the Digital Business
accenture
 
Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009
edcervantes
 
Outsourcing Technology Vendor Evaluation Selection best practices
Outsourcing Technology Vendor Evaluation Selection best practicesOutsourcing Technology Vendor Evaluation Selection best practices
Outsourcing Technology Vendor Evaluation Selection best practices
Charles Bedard
 
The Digital Innovation Award - Companjon
The Digital Innovation Award - CompanjonThe Digital Innovation Award - Companjon
The Digital Innovation Award - Companjon
The Digital Insurer
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentation
lucydavidson
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Ignyte Assurance Platform
 
CDCATInsurance 2016
CDCATInsurance 2016CDCATInsurance 2016
CDCATInsurance 2016
Andrew McQuade
 
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
South Tyrol Free Software Conference
 
Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture
Ajay Kumar Uppal
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
EnterpriseGRC Solutions, Inc.
 
Escrow Presentation Final
Escrow Presentation FinalEscrow Presentation Final
Escrow Presentation Final
Tony_Clarke
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
Cigital
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
Pierre Audoin Consultants
 
PenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certificationPenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certification
Infosec
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
Steve Arnold
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
SurfWatch Labs
 

More Related Content

What's hot

CompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateCompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 update
Infosec
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentation
lucydavidson
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Ignyte Assurance Platform
 
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
South Tyrol Free Software Conference
 
Escrow Presentation Final
Escrow Presentation FinalEscrow Presentation Final
Escrow Presentation Final
Tony_Clarke
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
Pierre Audoin Consultants
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
Steve Arnold
 

What's hot (20)

Measuring and Managing Credit Risk With Machine Learning and Artificial Intel...
Measuring and Managing Credit Risk With Machine Learning and Artificial Intel...Measuring and Managing Credit Risk With Machine Learning and Artificial Intel...
Measuring and Managing Credit Risk With Machine Learning and Artificial Intel...
 
CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013CompTIA Managed Services Community Meeting: ChannelCon 2013
CompTIA Managed Services Community Meeting: ChannelCon 2013
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
 
CompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 updateCompTIA Security+: Everything you need to know about the SY0-601 update
CompTIA Security+: Everything you need to know about the SY0-601 update
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
 
Intelligent Security: Defending the Digital Business
Intelligent Security: Defending the Digital BusinessIntelligent Security: Defending the Digital Business
Intelligent Security: Defending the Digital Business
 
Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009Deloitte Global Security Survey 2009
Deloitte Global Security Survey 2009
 
Outsourcing Technology Vendor Evaluation Selection best practices
Outsourcing Technology Vendor Evaluation Selection best practicesOutsourcing Technology Vendor Evaluation Selection best practices
Outsourcing Technology Vendor Evaluation Selection best practices
 
The Digital Innovation Award - Companjon
The Digital Innovation Award - CompanjonThe Digital Innovation Award - Companjon
The Digital Innovation Award - Companjon
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentation
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
CDCATInsurance 2016
CDCATInsurance 2016CDCATInsurance 2016
CDCATInsurance 2016
 
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
SFScon21 - Cédric Thomas - The OW2 Market Readiness Levels method. A tool for...
 
Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture Business value of Enterprise Security Architecture
Business value of Enterprise Security Architecture
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
Escrow Presentation Final
Escrow Presentation FinalEscrow Presentation Final
Escrow Presentation Final
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
 
Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises?
 
PenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certificationPenTest+: Everything you need to know about CompTIA’s new certification
PenTest+: Everything you need to know about CompTIA’s new certification
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 

Similar to The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond

Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Building a Foundation for NetSecOps Partnerships with Network Automation
Building a Foundation for NetSecOps Partnerships with Network AutomationBuilding a Foundation for NetSecOps Partnerships with Network Automation
Building a Foundation for NetSecOps Partnerships with Network Automation
Enterprise Management Associates
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Ulf Mattsson
 
Iaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems usingIaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems using
Iaetsd Iaetsd
 

Similar to The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond (20)

How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
How to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT StackHow to Monitor Digital Dependencies Across Your Modern IT Stack
How to Monitor Digital Dependencies Across Your Modern IT Stack
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
 
Accenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber ResilienceAccenture Security CG&S Cyber Resilience
Accenture Security CG&S Cyber Resilience
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
 
stackconf 2021 | Data Driven Security
stackconf 2021 | Data Driven Securitystackconf 2021 | Data Driven Security
stackconf 2021 | Data Driven Security
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery
 
Moving Enterprise Applications to the Cloud
Moving Enterprise Applications to the CloudMoving Enterprise Applications to the Cloud
Moving Enterprise Applications to the Cloud
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
 
Building a Foundation for NetSecOps Partnerships with Network Automation
Building a Foundation for NetSecOps Partnerships with Network AutomationBuilding a Foundation for NetSecOps Partnerships with Network Automation
Building a Foundation for NetSecOps Partnerships with Network Automation
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply Chain
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Iaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems usingIaetsd design and implementation of secure cloud systems using
Iaetsd design and implementation of secure cloud systems using
 

More from SophiaPalmira

What Has Changed Since COVID-19?
What Has Changed Since COVID-19?What Has Changed Since COVID-19?
What Has Changed Since COVID-19?
SophiaPalmira
 

More from SophiaPalmira (8)

Privacy Threats in Healthcare - It Could Happen to You
Privacy Threats in Healthcare - It Could Happen to YouPrivacy Threats in Healthcare - It Could Happen to You
Privacy Threats in Healthcare - It Could Happen to You
 
Network Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case StudyNetwork Connected Medical Devices - A Case Study
Network Connected Medical Devices - A Case Study
 
What Has Changed Since COVID-19?
What Has Changed Since COVID-19?What Has Changed Since COVID-19?
What Has Changed Since COVID-19?
 
Final Thoughts: Yours, Mine, & Ours
Final Thoughts: Yours, Mine, & OursFinal Thoughts: Yours, Mine, & Ours
Final Thoughts: Yours, Mine, & Ours
 
Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...
Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...
Moving Forward: Setting The Direction - A Findings Review of CTEK’s 2020 Annu...
 
Ted's Talk
Ted's TalkTed's Talk
Ted's Talk
 
Say What!? Yes, Security & Privacy Can Work Together
Say What!? Yes, Security & Privacy Can Work TogetherSay What!? Yes, Security & Privacy Can Work Together
Say What!? Yes, Security & Privacy Can Work Together
 
Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...
Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...
Opening Keynote: How a Pandemic Can Inform Our Response to a Major Cyber Secu...
 

Recently uploaded

Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 

Recently uploaded (20)

Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 

The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond

  • 2. CTEK SUMMIT 2020 The Next Normal: New CTEK Services Support Adapting in 2020 & Beyond 2 This Photo by by KariHak is licensed under CC BY 2.0
  • 3. CTEK SUMMIT 2020 3 Ben Denkers SVP of Security & Privacy Services, CynergisTek • 20 years of experience information security and consulting from a variety of industries and has been recognized as a frontline leader. • An extensive track record of success delivering the vision, key leadership, and strategies to take business performance and IT security to new levels of performance. • Prior to CynergisTek, he was the VP of North America Consulting at Cylance.
  • 4. CTEK SUMMIT 2020 Managed Security Validation™Collaborative Evolution of CTEK Advantage Partner Program (CAPP) Assess + Build & Manage Ability to Validate Control Effectiveness Predictable Budget Dynamic & Flexible 3-yr Program A Security & Privacy Journey to Reduce Risk and Show Progress Over Time 4
  • 5. CTEK SUMMIT 2020 5 VALIDATE Confirm the Effectiveness of People, Processes & Technology ASSESS Identify Gaps & Define the Go-Forward Roadmap BUILD Develop Policies & Procedures MANAGE Outsource Responsibility & Oversight SECURITY & PRIVACY JOURNEY Managed Security Validation™ CTEK Advantage Partner Program (CAPP)Evolution of CAPP to Provide More Advanced Value-add Services Remediation Roadmap with Actionable Next Steps & Support
  • 6. CTEK SUMMIT 2020 Advanced Offerings 6 CTEK Service To Support Security Control Validation Assessment Measuring the ROI and Security Controls (or people, technology) API Sentry New Regulations Around & Interoperability 24/7 Adversary Validation Increased Threat Landscape with Normal (remote workforce, ransomware & telehealth)
  • 7. CTEK SUMMIT 2020 New Offering: Security Control Validation Assessment (SCVA) • CTEK leverages technology to test implemented safeguards on their effectiveness using real world attack simulation. • You will be able to gain insight into which tools are providing protection and where the gaps are. (ROI) • Reliably prove detection and response capabilities for both internal security operations and managed security service providers. 7
  • 8. CTEK SUMMIT 2020 SVCA Self Assessment: • How do you know your if safeguards and controls are configured or working as planned? • Are you missing crucial technology in your stack or lacking compensating controls? • Is your SOC / MSSP identifying everything they should? Do you have a way to validate? • How would your technical controls hold up against a ransomware attack, data exfiltration attempt or similar threat? 8 This Photo by Unknown Author is licensed under CC BY-ND
  • 9. CTEK SUMMIT 2020 How does a SCVA work? 9 1. Agent VMs ( ) are deployed in key areas of the network. 2. Inoculated attacks are then sent between agents across the implemented safeguards. (firewall in this example) 3. Logs are captured from the safeguard or SIEM and analyzed. 4. Technology reports on whether the safeguard missed or identified the attack, logged the attack, and/or prevented the attack. 5. Reports are aligned to the MITRE ATT&CK framework for managing and tracking
  • 11. CTEK SUMMIT 2020 New Offering: API Sentry • CTEK provides continuous and on demand API testing capabilities. • Testing is based on the actual API business logic and custom playbooks are then created to build the attack chain. • Findings and recommendations can be fully implemented into a devops or security ticketing solution. • Quarterly strategic touchpoints help ensure your API security program is maturing. 1 1 Powered by APIsec
  • 12. CTEK SUMMIT 2020 What is an API? An application program interface (API) defines business logic that allows for interaction between services and systems. 12
  • 13. CTEK SUMMIT 2020 API Sentry “The Need” • Vulnerable API’s can lead to ePHI data compromise. • Traditional vulnerability scanning methods do not identify or prevent risks. • The skillset needed to assess is hard to find and expensive to staff. • Very Important: Providers and payers need to be ready to share their most protected patient data with 3rd party applications. (Interoperability ) 13
  • 14. CTEK SUMMIT 2020 Have you ever reviewed your APIs? How does your security program identify APIs in use? Would you know if an API is capable of being compromised? If you’re developing applications with APIs, how are you ensuring APIs are secure? API Sentry : Self Assessment 14
  • 16. CTEK SUMMIT 2020 24/7 Adversary Validation What percentage of vulnerabilities do you actually patch?
  • 17. CTEK SUMMIT 2020 Continuous Attack Validation Attack Checkpoints Customer has full control over the exploit lifecycle. Agentless Standalone attack platform with no agents to install. Automated Continuously running 24/7 and managed by the CTEK RedTeam BrainTrust. No False Positives Results are parsed and validated prior to customer delivery to ensure accuracy. Robust Reporting Reporting allows to see what devices were exploited and what level of access was granted. Stable Exploitation Only proven reliable exploit code is used. New Offering: 24/7 Adversary Validation 17
  • 18. CTEK SUMMIT 2020 Quick Level Setting… Vulnerability Scanning: Technology that utilizes a database of findings to identify if systems and services are potentially susceptible to vulnerabilities. Pentesting: The art of exploiting networks, applications and other devices with the goal to identify weakness in technology, processes or the human element. 18
  • 20. CTEK SUMMIT 2020 The Need: 24/7 Adversary Validation 20 • Remote workforce now equals a new breed of threats. • Attack surfaces are continually changing. • Visibility is lacking as it relates to opportunities for lateral movement and privilege escalation. • Traditional methods of pentesting assessments are only a point in time only. • Budgeting for a Red/Purple team is expensive, and resources are hard to come by.
  • 21. CTEK SUMMIT 2020 How Does CTEK Solve the Problem? • Automated and on demand 24/7 pentesting in your organization managed by the CTEK Red Team focus on active exploitation and lateral movement. • Access to the CTEK BrainTrust who partners with you to provide additional context and remediation support as issues and solutions are identified. • Allows for prioritization of remediation and integration into ticketing solution to allow organizations to track the lifecycle. 21
  • 22. CTEK SUMMIT 2020 Define The Attack Surface Which network segments do you want to attack first? 01 Identify / Execute Exploit Paths How can the exploit be leveraged to move laterally or aid in a different attack chain? Remediation Review Track remediation as it integrates within your workflow. 05 Set Exploit Parameters What do you want to happen when an exploit opportunity has been identified? 02 Findings and Analysis Generation Generate a report with an analysis of the hack. 04 Weekly / Quarterly Touch Points Have access to the CTEK Braintrust to understand progress and to help shape focus. 0306 Service Overview 22
  • 23. CTEK SUMMIT 2020 Key Takeaways Security Control Validation CTEK API Sentry Solution 24/7 Adversary Validation 23
  • 24. CTEK SUMMIT 2020 THANK YOU Ben Denkers SVP, Security and Privacy 760-577-1310 Benjamin.Denkers@Cynergistek.com 24

Editor's Notes

  1. Think everytime you login to Facebook and the 100000 candy crush requests you get.