Detailed Talk Outline:

1. Intro
a. A little background about myself and why I’m here
b. A brief overview of the topic, why it’s important, and what I hope you (the hackers) will get out of it.

2. Why Are Breaches So Common?
a. Brief history of breach detection
b. Why the conventional method for detection doesn’t work
c. The cost and impact of continuing down the same path

3. How we can detect breaches and prevent catastrophes
a. Past, present, and future of deception technology
b. Why deception technology is designed for real-time breach detection
c. Real-world examples of disasters that have been averted using deception technology
d. An important note on being so good at deception that your adversaries will question their reality

4. Getting started with breach detection technology
a. The difference between honeypots and honeytraps and where each thrives
b. Honeypot deep dive - guidance on how to deploy them for maximum benefit
c. Honeytoken deep dive - guidance on how to deploy these digital tripwires for maximum benefit
d. Honeytoken types and deployment examples
1. Credentials (AWS API Keys, Slack tokens)
2. Cloud storage buckets (AWS S3)
3. Documents (Google Docs, Microsoft Word, PDFs)
4. Binaries, processes, and DLLs
5. Cloned websites
6. VPNs
7. QR codes
8. Kubernetes
9. Web bugs and redirects
10. DNS
11. Log4Shell
12. Databases
13. Emails

5. Automating breach detection to augment your DFIR capabilities, enrich threat intelligence, and build a continuously updated asset inventory with the power of SOAR
a. Configuring high-fidelity, low volume alerts and effectively triaging them
b. How to not let bad guys know that you’re trying to dupe them
c. Integrating deception tech with existing systems like a SIEM for better DFIR
d. Creating a complex minefield of deception inception using multiple layers and levels of trickery that will deanonymize your adversaries
e. Enriching canary alerts with threat intelligence to add context to events and understand the bigger picture of a targeted cyber campaign
f. Leveraging SOAR to streamline the aforementioned and free up your security personnel to focus on actually solving real problems that are both challenging and fulfilling.

6. A real-world example of our defenses in action

Building our red team campaign
Testing our detection capabilities at each phase of the campaign
Generating our breach detection report and comparing against our red team report
Using the efficacy of our approach to drive down cyber insurance costs, strengthen your position to become certified in SOC II Type I, PCI DSS, and HIPAA, and demonstrate the value of your security program to executive leadership and business stakeholders.
Final notes and Q&A