Ken Westin
Field CISO, Panther
Portland, Oregon, United States
Actions
Ken Westin has been in the cybersecurity field for over 15 years working with companies to improve their security posture, through threat hunting, insider threat programs, and vulnerability research. In the past, he has worked closely with law enforcement helping to unveil organized crime groups. His work has been featured in Wired, Forbes, New York Times, Good Morning America, and others, and is regularly reached out to as an expert in cybersecurity, cybercrime, and surveillance.
Area of Expertise
Topics
Roll Your Own EDR/XDR/MDR
In this two-hour hands-on workshop we will show attendees how to build their own EDR/XDR/MDR platform leveraging open-source and free tools. Attendees will learn to deploy cross-platform EDR sensors, how to use sigma detection rules, write custom detection rules, and leverage open source adversary emulation tools ( Atomic Red Team) to test new them. We will then discuss how to extend these capabilities for investigations and threat hunting by integrating additional open source or free tools to gather additional telemetry such as Sysmon and Velociraptor.
Purple Teaming with Detection-as-Code for Modern SIEM
One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections.
This session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks.
I will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.
Purple Teaming with Detection-as-Code for Modern SIEM
One of the challenges for security teams is writing and deploying detections that generate actionable alerts with rich context while also reducing noisy alerts. This hands-on workshop will teach the fundamentals of Purple Teaming and detection-as-code to help build new detections.
This session will show how to leverage Purple team techniques to develop hypotheses for new detections and strengthen their defenses against future attacks.
I will show how to use open-source offensive security tools to simulate attacks against lab infrastructure and use an investigative approach to learn and build new detections & manage them using detection-as-code principles to eliminate noise and false positives.
Every Contact Leaves a Trace
The Internet now touches and intrudes on almost every aspect of our lives. There is a flood of data available that identifies individuals at our fingertips, sometimes apparent, but more often hidden. Conducting investigations in this new world has provided new opportunities as well as technical challenges, and has raised legal and ethical issues along the way. Now with the smallest piece of information we can uncover crimes and corruption. Still, these same techniques can be used by malicious actors, authoritarian states, and even corporations for unethical and even nefarious purposes . In this presentation, Ken Westin will discuss real investigations and techniques he has used to track and unveil organized crime groups, white-collar cybercriminals, and disinformation and how these same techniques can be used against the innocent. Ken will also discuss why this Pandora's Box will continue to bring challenges to privacy, truth, and human rights and how we as a community can help to protect all three.
Every Contact Leaves a Trace
In this presentation, Ken Westin will discuss real investigations and techniques he has used to track and unveil organized crime groups, white-collar cybercriminals, and disinformation and how these same techniques can be used against the innocent.
Conducting an OSINT Investigation to Expose Nation State Operatives
In this session, I will walk the attendees through an OSINT investigation I recently conducted that exposed a nation-state actor. This presentation will show how to get information from images, social media, and other sources to unveil anonymous identities online.
Code to Cloud: Securing the Software Supply Chain Worskhop with Detection-as-Code
In this hands-on session we will apply Detection-as-Code principles to securing the software supply chain. The session will utilize GitHub and AWS log sources, where participants will learn how to write detections in Python as well as use a Security Data Lake for threat hunting and detection hypotheses. In addition to learning to write detections participants will learn best practices for securing code and DevOps processes to mitigate new threats facing dev organizations.
Code to Cloud: Securing the Software Supply Chain with Modern SIEM
As organizations shift their data and services to the Cloud, the need for robust security measures becomes paramount. However, securing corporate environments is no longer enough; customer data and services hosted on cloud infrastructure also demand protection.
In this workshop, we will demonstrate skills to safeguard cloud-based ecosystems without the need for legacy SIEMs. In this hands-on session, we will delve into the latest threats targeting cloud infrastructures and the software supply chain, and how to counter them effectively.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top