Amanda Berlin
Lead Incident Detection Engineer, Blumira
Actions
Amanda Berlin is the Lead Incident Detection Engineer for Blumira and the CEO and owner of the nonprofit corporation Mental Health Hackers. She is the author of a Blue Team best practices book called "Defensive Security Handbook: Best Practices for Securing Infrastructureā€¯ with Lee Brotherston through O'Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. She now spends her time creating as many meaningful alerts as possible.
Amanda is an avid volunteer and mental health advocate. She has presented at a large number of conventions, meetings and industry events. While she doesn't have the credentials or notoriety that others might have, she hopes to make up for it with her wit, sense of humor, and knack for catching on quickly to new technologies.
Area of Expertise
Topics
Painting a Brighter Future for SMB & MSP Defenses
Small and Medium-sized Businesses (SMBs) and Managed Service Providers (MSPs) play a pivotal role in shaping the landscape of cybersecurity. By refocusing efforts on empowering this significant majority, all markets will begin to benefit.
When we delve into attack surface analysis, we uncover some astonishing facts. SMBs and MSPs collectively constitute more than 90% of all businesses worldwide. Despite their sheer prevalence, they receive only a fraction of the cybersecurity attention that enterprises do. While each SMB may possess less data individually, their sheer number means they collectively harbor the lion's share of sensitive information. It's no surprise, then, that cybercriminals have increasingly targeted them, as evidenced by the surge in ransomware campaigns against SMBs.
This presentation aims to shed light on how we can better support the majority by:
Using SMB and MSP incident retrospectives to cast a light on common attacks.
Implementing cost-effective solutions that can scale across multiple clients.
Streamlining the implementation and management of security measures.
Maximizing the utility of limited security budgets and resources.
Employing layered defense strategies that strike a balance between protection and usability.
Developing threat models that specifically target the most probable attack vectors for SMBs.
Tailoring security fundamentals to suit the unique environments of SMBs.
Promoting industry-wide outreach and educational initiatives.
The ultimate objective is to democratize security, making it accessible to the vast majority of businesses. Achieving this requires a fundamental shift in perspective: acknowledging that SMBs and MSPs represent not just a sizable attack surface but also the custodians of a substantial volume of data. Although the task may seem intricate, it is imperative to devise customized solutions for SMBs, recognizing them as the driving force and the future of cybersecurity. By supporting this majority, we pave the way for an ecosystem where all businesses can attain robust security measures.
Getting the Most out of Sysmon
The default logging capabilities from Microsoft are only helpful to a certain extent. This session will discuss how to utilize the Sysinternals tool Sysmon for threat hunting, testing detections and more. The session will explain use cases and look at real examples of Sysmon successfully detecting malicious behavior in the wild.
MSPGeekCon 2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top