2023-10-07 –, Track 2
Security relies on trust, especially when it comes to Certificate Authorities. Browsers ship with many root CAs built in, but are they all equally trustworthy? I examined over 5 billion recent TLS certificates and now I know! In this session I’ll reveal the most and least trustworthy CAs, factors influencing their trust ratings, and how to use this data to protect your organization.
David is a Staff Security Strategist on Splunk’s SURGe research team. He is also a SANS Certified Instructor, where he teaches network forensics. David has more than 20 years of experience in the information security field, primarily in incident detection and response, threat hunting, and Cyber Threat Intelligence (CTI). He is the creator of both the Pyramid of Pain and the Threat Hunting Maturity Model, both widely cited defensive security models. Really, he just wants to make security better for everyone, and he has a special interest in helping people get started in their cybersecurity careers. You can follow David on Twitter as @DavidJBianco or on Mastodon as @DavidJBianco@infosec.exchange.