Train From Home on Your Schedule with OnDemand - Special Offers Available Now


To attend this webcast, login to your SANS Account or create your Account.

How to Strengthen the "Weakest Link" with Two-Factor Authentication

  • Wednesday, March 05, 2014 at 1:00 PM EST (2014-03-05 18:00:00 UTC)
  • David Kennedy, Mark Stanislav


  • Duo Security

You can now attend the webcast using your mobile device!



Within the information security community, the users of technology are often considered to be the "weakest link" in an organization's chain of security controls. Through manipulation of a user's actions, an attacker can often gain control over systems and data simply by convincing a user that the task they are performing is safe and well-advised instead of the reality which is much more dire. As the perimeter of security continues to change, user-targeted attacks are becoming more prevalent and effective. With increasing usage of cloud solutions, attackers are more determined than ever to breach the resources of organizations by tricking end users into providing access to those accounts through phishing campaigns and other social engineering avenues.

In this web cast, Dave Kennedy (creator of the Social-Engineer Toolkit [SET]) and Mark Stanislav (Security Evangelist at Duo Security) will explain the threat facing end-users of organizations and provide insight into how modern two-factor authentication can help mitigate the associated risks. This presentation will feature a demonstration of SET to showcase the capabilities of a criminal executing a user-targeted attack and how Duo Security's technology is able to put power back into the literal hands of a user to protect the organization from a compromise.

Speaker Bios

Mark Stanislav

Mark Stanislav is the Security Evangelist for Duo Security, an Ann Arbor, Michigan-based startup focused on two-factor authentication and mobile security. With a career spanning over a decade, Mark has worked within small business, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development. Mark has spoken nationally at over 70 events including RSA, ISSA, B-Sides, GrrCon, Infragard, and the Rochester Security Summit. Mark's security research has been featured on web sites including CSO Online, Security Ledger, and Slashdot. Additionally, Mark is an active participant of local and nationals security organizations including ISSA, Infragard, HTCIA, ArbSec, and MiSec. Mark earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. During his time at EMU, Mark built the curriculum for two courses focused on Linux administration and taught as an Adjunct Lecturer for two years. Mark holds CISSP, Security+, Linux+, and CCSK certifications.

David Kennedy

David started TrustedSec with the vision in building a world-class information security consulting company. Prior to TrustedSec, David was a Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company located in over 80 countries with over 16,000 employees. David developed a global security program that tackled all aspects of information security. David is considered a thought leader in the security field and has presented at over three hundred conferences worldwide. David has had numerous guest appearances on FoxNews, CNN, CNBC, Huffington Post, Bloomberg, BBC, and other high-profile media outlets. David is the founder of DerbyCon, a large-scale information security conference. David has testified in front of Congress on the threats we face in security and in the government space. David also authored Metasploit: The Penetration Testers Guide book, which was number one on Amazon in security for over a year. David was also one of the founding members of the "Penetration Testing Execution Standard (PTES)". PTES is the industry leading standard and guidelines around how penetration tests should be performed and methodologies. David has had the privilege to speak at some of the nation's largest conferences including Blackhat, Defcon, RSA, ShmooCon, DerbyCon, INFOSEC World, ISACA, ISSA, Infragard, United Security Summit, INFOSEC Summit, Hack3rCon, BSIDES, and a number of other security related conferences. David is the creator of several widely popular open-source tools including "The Social-Engineer Toolkit" (SET), Artillery, and Fast-Track. David has also released several zero-day exploits and focuses on security research. David has over 13 years of security experience, with over 8 specifically in security consulting. Prior to the private sector, David worked in the United States Marines for cyber warfare and forensics analysis activities. David was instrumental in Operation Iraqi Freedom (OIF) and developed a multi-million dollar classified system aimed at identifying potentially harmful insurgents and worked in a top-secret environment for several years.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.