Marko Buuri
Marko has worked for over 20 years in IT and cybersecurity across companies, public sector, and as a consultant to many industries. Most recently, he has shaped and operated TIBER-FI and other cyber resilience initiatives at the Bank of Finland.
Session
Red team testing has evolved from underground art to regulated operations, and if you're hoping to deliver these services professionally, you should know the game has completely changed. The financial sector's adoption of TIBER-EU offers a masterclass in what works in structured adversary simulation.
This talk is for practitioners delivering threat intelligence and red team testing services who want to understand how regulatory frameworks are reshaping client expectations and project dynamics. While TIBER-EU emerged from financial sector requirements, its methodologies offer valuable lessons for any industry serious about adversary simulation.
You'll discover the hidden complexities of "threat-led" testing, why many threat intelligence reports fail to drive realistic attack scenarios, and how to navigate the minefield of control teams, blue teams, and regulatory oversight. We'll explore the craft skills that separate professional adversary simulation from basic penetration testing: building credible threat actor personas, designing scenarios that test resilience rather than find vulnerabilities, and managing the delicate dance of "leg-ups" and purple teaming.
Whether you're expanding into the threat intelligence and red team testing services market, or simply curious about the professionalization of red teaming, this session offers practical insights from these complex engagements.