Assumed Breach – A Better Model

  • Thursday, 21 Jul 2022 11:30AM SST (21 Jul 2022 03:30 UTC)
  • Speaker: Tim Medin

Security teams should not operate under the assumption that a breach will happen, but when. The fresh twist on penetration testing puts an attacker (good guy/gal) on your systems running under the context of an authorized user. The goal is to simulate a compromised system or a rogue trusted insider. The goals of the test should be focused on the business risk and how insecurities, vulnerabilities, and misconfigurations can impact the data and processes vital to the organization. Goals are on the business and their realistic risk, not around technical wins and slow (and costly) initial access.

Tim is the Founder and CEO of Red Siege Information Security and is also a Senior Instructor, Course Author, and MSISE Program Director at SANS Institute. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. He has gained information security experience in a variety of industries including previous positions in control systems, higher education, financial services, and manufacturing. Tim is an experienced international speaker, having presented to organizations around the world. Tim is the creator of the Kerberoasting, a widely utilized Red Team penetration test technique to extract kerberos tickets to offline attack the password of enterprise service accounts. 

A SANS instructor since 2012, Tim is currently the program director for the SANS Master of Science in Information Security Engineering (MSISE) curriculum, as well as a principal instructor and course author. In the classroom, you'll find him teaching SEC560: Network Penetration Testing and Ethical Hacking, of which he is also lead author. Join him In Person at SANS Cyber Defence Japan August and SANS October Singapore 2022.

Translated Recordings are now available.