Ryan O'Horo
Ryan is a long-time offensive engineer, with a background in consulting. His primary expertise is in Red Team operations, offensive infrastructure, automated testing, and detection quality.
His current role involves leading detection quality management, running test platforms, and contributing to internal detection capabilities at Target Corp. At work, he's driven by finding hidden problems, and making good ideas great.
N/A
Preferred Social Media –None
Session
When you ship new detection, are you crossing your fingers in hopes you did everything correctly? When there is a subtle problem in your detection pipelines, will you learn about it before a major incident occurs?
A former Red Teamer tells the story of the years-long project undertaken to cut down on the amount of broken detection shipped by his Blue Team, and the career move that followed. Starting from the shared pain of seeing a Blue Team come up short in Red Team operations, to bringing highly integrated offensive engineering principles to Detection Engineering.
This talk walks through how to read intelligence reports critically, the process of building a realistic adversary tests based on intelligence sources, establishing a test environment, collecting and analyzing test performance, automating retest activity to detect drift in the environment, and integrating this process into an end-to-end Test-Driven Detection workflow for your team.
This talk is most suitable for detection engineers, their leaders, and those who benefit from an elevated detection engineering practice.