Dan has over 14 years of experience in Cybersecurity. Dan is the Founder and CEO of PlexTrac, a cybersecurity reporting and tracking platform geared at helping small businesses make sense of their cybersecurity posture. Dan started his career in the Department of Defense and then moved on to consulting working for various companies including serving as Principal Consultant for Veracode, where he and his team hacked websites and mobile applications for their clients. He has also served as a Principal Security Engineer for the Mayo Clinic and a Sr. Security Advisor for Anthem – a Fortune 40 health insurance firm. Dan then became the Cybersecurity Director for Scentsy where he and his team built the security program out of its infancy into a best-in-class program.
Dan’s expertise includes application security, secure programming, blockchain security, and penetration testing, including hacking websites, mobile apps, and other fun devices known as the Internet of Things (IoT). Dan has a Master’s Degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.
ATT&CK Mindset: Shifting Your Security Strategy
As breaches continue to grow in size and number, cybersecurity teams and professionals need to constantly adjust their strategy to account for new threats and vectors. Thinking like attackers and understanding their techniques is an important shift we all must make to identify compromise as soon as possible and reduce its impact. However, this task can be daunting and it can be challenging knowing where to begin. This talk will introduce the MITRE ATT&CK matrix and how it can help you shape your security strategy around identifying and detecting attacker techniques and tactics. The MITRE ATT&CK matrix provides a framework to assess your security posture throughout each phase of the attack lifecycle. The ATT&CK matrix is a great tool to help you identify your capabilities to detect and respond to true attacker techniques. Building this into your security strategy is important and this talk will discuss a practical approach to being successful. We’ll discuss how to shape your security strategy around the attack lifecycle and develop a continuous assessment model.