Overzealous Admin: “I bet you can’t break in to my network! I got my stuff together…”
Pentester: “I’m just here to help out and find the weaknesses the bad guys might or have used.”
Overzealous Admin: “Well I have a corporate network with a level 8 Paladin firewall taking +2 hit points, a level 3 Rouge IDS to disarm your Smurf Attack, a level 5 Wizard SEIM solution with +3 powers of divination, and a level 2 Devoted Cleric antivirus to heal your malware infections!”
Pentester: “Um…your CEO shared all his docs on Dropbox. Didn’t your Wizard tell you?”
Lets play a game of fantasy tower defense with your infrastructure? Instead of measuring the price of your implementation, lets concentrate on if it can really protect you! If your defense isn’t mobile, agile, or technically relevant to where your users and data are then you’re still waging medieval siege warfare! Who cares about networks, servers, mobile computing, and BYOD! How about we review some modern security practices to protect what’s really important…YOUR DATA…without attending a single vendor song and dance routine. In the end, we’ll collaboratively outline a new approach to securing your assets that doesn’t focus on patching or hardening a single device or buying something. Are we doing this all wrong? You may even be convinced to throw away your firewall altogether!