Work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won't just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won't directly attack your PCI relevant systems to get to customer credit card data. They won't limit their attacks to those purely against your IT infrastructure. Instead - they'll look at your entire company, and they will play dirty. In this session, I'll focus on the things that plague us all (well most of us), and I'll offer some simple advice for how to try and tackle each of these areas:
Kevin is Technical Vice President for NCC Group in Austin, TX. Kevin has been a professional security consultant for over 14 years, working on diverse projects and challenging technologies for the world's largest and most demanding companies. As a Technical VP for NCC, Kevin is responsible for the expansion and growth of professional services through the development of internal Practices. He focusses on delivering complex technical engagements, managing technical people, overseeing research, marketing, sales, training and service definition. Kevin works closely with Fortune 100 companies, covering Oil & Gas, Finance and Software sectors.