BSidesSF 2023

Event locked in Sched to limit confusion. See registration to determine current session availability.
YOU ARE REQUIRED TO REGISTER AT https://bsidessf.regfox.com/2022 TO ATTEND THIS WORKSHOP (i.e. this session cannot be reserved with Sched)
-----
Which threats matter most to my organization? This session will give participants the foundation to confidently address this question by providing practical, immediately-applicable guidance on building, refining, and maintaining cyber threat profiles tailored to their organizations, helping drive defensive prioritization.
-----
Which threats matter most to my organization? A common question from security leadership, but not an easy one to answer, especially on the fly. This session will give participants the foundation to confidently address this question by providing practical, immediately-applicable guidance on building, refining, and maintaining cyber threat profiles tailored to their organizations, helping drive defensive prioritization. We’ll peel back the cover on a discipline once reserved for highly-resourced teams, showing how members of virtually any security function (not just dedicated CTI or risk analysts) supporting programs across maturity levels can build accurate threat profiles using publicly-accessible community resources. We will focus our case study on building a realistic profile for a hypothetical aerospace company/manufacturer.

Often considered a buzzword, threat profiling is in fact a powerful capability that allows security teams to proactively address threats with confidence, while de-escalating would-be “fires” that may in fact not pose major risks, providing teams clearer focus and giving them back (at least a little) control over both short- and long-term priorities. However, adoption of this discipline has been limited by misconceptions and a lack of awareness on where to start, where to find reliable sources, and how to apply the end-product. Drawing on the presenters’ deep experience advising security programs across the maturity spectrum, we will arm attendees with the following resources and repeatable processes, enabling them to turn a buzzword into an achievable goal and quickly start realizing the value of threat profiling for security prioritization:

A simplified approach to building a tailored yet repeatable threat profile
Reliable, publicly available sources for informing a cyber threat profile
Real-world applications of community resources that allow you to take action on your threat profile
Guidance on quantification and potential automation opportunities

Prerequisites: Laptops with internet connection will be useful for participants who want to follow the exercise’s steps live. Familiarity with spreadsheet data analysis and cyber adversaries will be beneficial but is by no means required.