Do you want to see a cloud application and an industrial robot hacked? Well then, strap in because you’ve come to the right place. We’ll also explore the top 10 security failures observed by analyzing four million assets across four years and stories from the trenches that will engage and enrage. We’ll define vendor-agnostic methodologies you can employ to mitigate these top security failures, impress your boss, and make new friends, even Stephanie in IT operations, who despises everyone.

Dark allies from the nightmare dimension, on an unholy crusade, have assembled a variety of hacking demonstrations for your education and amusement. But beyond the hacking, you’ll glean hidden mysteries exposed by analyzing millions of assets. What types of mysteries do you ask? Here’s a sneak peek: when securing assets, most organizations have done just enough to survive but not enough to matter.

From inventories from hell and broken EDR to vulnerable ephemeral cloud assets and advanced persistent auditors, this presentation investigates the top 10 security fails commonly attributed to poor asset intelligence. Real-life cases will be exposed to help illustrate the pervasiveness of these issues across a multitude of organizational types and security budgets.

Vendor-agnostic mitigation strategies applicable to talent, techniques, and technology will be shared. You can use these strategies across discovery, prevention, detection, and response. Nation-states and cybercriminals want you to fight today’s threats with yesterday’s strategies. Cybercriminals have monetized attacks on your assets, and nation-states have built multi-million-dollar tools to target them, maintain persistence, and evade detection. These bad actors count on you being passive and want you to fail. Disappoint them!

Attendee Takeaways

- Observe cloud applications and xIoT devices being compromised.
- Understand the top 10 security fails.
- Explore stories from the trenches across diverse business verticals.
- Learn strategies that you can apply to help mitigate these threats.

This presentation is entertaining, educational, and designed for attendees at all technical levels. However, having an intermediate level of security expertise is recommended. I can deliver this talk for 30, 45, or 60 minutes.