BSidesAugusta 2023

BSidesAugusta 2023

Hacking Demos, Dirty Secrets, Dangerous Lies, and Asset Intelligence
2023-10-07 , Track 3

Dark allies from the nightmare dimension, on an unholy crusade, have assembled a variety of hacking demonstrations for your education and amusement. Secrets and lies across IT, cloud, and embedded devices will be exposed. Strategies for advancing your asset intelligence aimed at disappointing bad actors will be illuminated. You’ll share this knowledge around the water cooler, apply these security strategies within your organization, and become that awesome person everyone wants to hang out with at office parties, regardless of that Fantastic Four shirt you keep wearing.

What happens when the industrial robot on a factory floor is overlooked in your asset inventory? We’ll demonstrate what that hack might look like and hacks against traditional IT and cloud assets. Stories from the trenches—secrets and lies involving cybercriminals, nation-state actors, and defenders—will be shared. Strategies for creating and maintaining weaponized asset intelligence that will help keep your organization “left of boom” will be detailed.

Weak asset intelligence makes organizations vulnerable to risks ranging from advanced persistent threats to advanced persistent auditors. It only takes one missed, weak device to compromise an entire organization. This weakness and low confidence in the data is frequently a function of data management overload, security tools overload, or slow, error-prone, manual efforts. It’s also challenging to correlate data across different departments, and the relevant intelligence exists in product silos. As your attack surface grows—across traditional IT, cloud, IoT, remote employee devices, and SaaS applications—instead of your asset intelligence being a weaponized source for good, it becomes a parade of horribles.

Nation-states and cybercriminals want this to continue. Cybercriminals have monetized attacks on your assets, and nation-states have built multi-million-dollar tools to target them, maintain persistence, evade detection, steal IP, and conduct sabotage. These bad actors count on you being passive and want you to fail. Disappoint them! Weaponize your asset intelligence.

Brian Contos is the Chief Strategy Officer at Sevco Security. With two IPOs & eight acquisitions, Brian has helped build some of the most successful security companies in the world. He has over 25 years in the security industry as a security company entrepreneur, board advisor, investor, and author. After getting his start with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions, including Riptech, ArcSight, Imperva, McAfee, Solera Networks, Cylance, JASK, Verodin, and Mandiant.

Brian has worked in over 50 countries across six continents. He authored the book Enemy at the Water Cooler and co-authored Physical & Logical Security Convergence with former NSA Deputy Director William Crowell. He was featured in the cyberwar documentary 5 Eyes alongside General Michael Hayden, former NSA and CIA Director. Brian writes for Forbes and regularly presents at conferences like Black Hat, RSA, OWASP, and BSides.