Gabe Bello
Gabe is a senior security engineer with experience in endpoint security, SaaS security, DLP, and threat detection. He focuses on enterprise threats to high-tech businesses, building scalable engineering solutions to materially reduce risk for organizations. He also volunteers time with Columbus State University and with extracurricular organizations in the community towards Cybersecurity students looking to enter the field.
Gabe holds a B.S. in Computer Science from Columbus State University and a M.S. in Cybersecurity from NYU.
Sessions
Trust in our security vendors is fundamental for every security organization in the world. We trust them to provide material value to our programs, to develop new features to address emerging security challenges, and to not cause fleet-wide BSOD outages on Fridays. After a cybersecurity company’s recent global outage, EDR customers understand (now more than ever) the necessity of building operational resilience into their deployments. In this talk, we will discuss the base architecture of EDR agents and how this inherently-privileged sensor presents unique risks to customers. We will dive deep into the principles of operational resilience, weighing security risk against operational risk, and provide guidance on customer-driven controls that tangibly reduce operational risk of privileged agents. We describe the shared-responsibility between an EDR vendor and its customers through a threat model of an agent’s deployment at a company. Rebuilding trust requires transparency from technology and leadership, and operational resilience requires we don’t trust the agent to fail gracefully!
Whether it’s proof of concept attacks, dev-environment data exposure, or full-blown leaked customer credentials, one thing is clear – SaaS applications continue to be a growing threat vector for vendors and customers alike. SaaS customers are often playing catch up to the latest attacks for a given application, chasing down ghost tenants and struggling to maintain security best practices across the enterprise. In this talk, we discuss our successes and failures implementing an enterprise-scale SaaS configuration management program. We cover topics such as overcoming technical limitations of vendor APIs, educating app owners to be security champions of their tools, building a robust monitoring platform to identify posture drift for our apps, stack ranking your crown jewel apps to prioritize work, identifying key metrics that security leadership cares about, as well as the woes of non-burdensome ticketing for app owners to manage their security risk alongside their other expected job functions. We share a multi-year roadmap that takes us from near-zero protection or visibility to operationalized KTLO with quantitative value at each step. Securing SaaS apps from risky configurations such as ghost admins, SSO-bypass and weak MFA is a mountainous task when you may have anywhere from dozens to thousands of apps across your company. It takes a village!