Ed Skoudis's COINS event in NYC: The Bad Guys are Winning: So Now What?
The Learning Tree generously hosted a
SANS COINS event in New York City last week. The COINS program
(community of interest in network security) allows organizations to
invite a SANS instructor to deliver a presentation or teach a class
on a specific topic. The COINS events typically bring together
individuals with a passion for the security field.
Of all the professional events that I
attended, this one had by far the most fantastic view of the Statue
of Liberty with the Verrazzano bridge in the background and the New
Jersey coastline. The 30th floor of One New York Plaza,
New York, NY might just do that :)
The event itself was attended by about
twenty participants, which gave it a nice level of direct
interaction. Ed Skoudis, SANS Faculty and one of the founders of
InGuardians, presented a though-provoking talk titled The Bad Guys are Winning: So Now What? about the changing
information security landscape.
Many organizations expect security
professionals to be generalists who are able to perform internal
pentests, audit systems, ensure compliance, perform incident response
and forensics, develop security policy and awareness programs and
much more.
One of the key point that Skoudis drove
home is that not that not all information security practitioners have
to be generalists. For the sake of the presentation, Ed distinguished
three main groups: Penetration Testers, Enterprise Security
Professionals and Military. Each of these three groups should have
different focal areas. For example, a pentester needs to have
detailed knowledge and skills of how to identify and exploit
vulnerabilities and of how to assess (and communicate) the business
risk of those vulnerabilities. An enterprise security specialist must
also know about exploiting vulnerabilities, but does not need to
possess the same in-depth exploitation skills that pentesters have.
Instead, they must be much more familiar with preventing and
identifying attacks and responding to them.
In addition to the generalist vs.
specialist-discussion, Skoudis covered some more topics.
For me, it was interesting to finally
meet the primary author of the material that I teach as a SANS
mentor.
Ed Skoudis will be back in New York
City from November 2 - November 7, when he will be teaching his
course Hacker Techniques, Exploits and Incident Handling bootcamp
style.