Branson Matheson is a 23-year veteran in unix and security who has worked for the US Navy, NASA, TSA, and internet search engines. He founded sandSecurity to provide IT security audits, support, and training. In his talk, he will discuss how reactive security systems have become more important than proactive ones given tools that enable penetration testing. He will cover the anatomy of a penetration in three steps from the hacker's perspective to the sysadmin's involvement. The talk aims to provide knowledge on minimizing impacts in a production environment. Branson has previously given this talk and teaches the topic locally, updating it with current information.

1. Name: Branson Matheson (sand)
Bio:
Branson is a 23 year veteran of unix and security. He started as a cryptologist for the US Navy and has
since worked on NASA Shuttle Projects, TSA security and monitoring systems, internet search engines
and continues to support many open-source projects. He founded sandSecurity to provide policy and
technical audits, support and training for IT Security, System Administrators and internet and unix
Developers. Branson has his CEH, GSEC, GCIH and several other credentials, but generally likes to
spend time answering the question 'I bet you can't.. '.
TOPIC: TTL of a Penetration
Abstract
In the world of information security, it's not a matter of how anymore.. it's a matter of when. With the
advent of penetration tools such as Metaspolit, AutoPwn, etc.; and day-to-day use of in-secure
operating systems, applications and websites; reactive systems have become more important than
proactive systems. Discovery of penetration by out-of-band processes and being able to determine the
when and how to then mitigate the particular attack has become a stronger requirement than active
defense. I will discuss the basic precepts of this idea and expand with various types of tools that help
resolve the issue. Attendees should be able to walk away from this discussion and apply the
knowledge immediately within their environment.
Outline
1. Who I am
2. Us vs Them – statistics on users, sysadmins and hackers reinforcing the need to be involved
3. Anatomy of a penetration in 3 steps: hacker, hacked and then sysadmin getting oinvolved.
4. Minimizing impacts: specific steps to take to lower risk in a production environment
5. Q&A
Previously Given
I gave this talk at CarolinaCon about 1 year ago, and teach this as a topic at local events in the
Tidewater area. I have been constantly updating and refining the talk with current news and
information, and feel it's ready for a larger conference.