OVERVIEW
In this workshop, we share insights and lessons learned from a security practitioner while implementing a continuous security validation program. We explore how automated adversary emulation using threat intelligence-led insights provides deep visibility into your overall security posture and how to combat today’s and tomorrow’s threats proactively.
We will share best practices for driving consistency across all operational environments and more including:
- Using Threat Intelligence to Prioritize Testing and Remediation
- How to Disrupt the Criminal Adversaries Business Model
- Drive Organizational Security Standards Through Baselining and Gap Assessment at Scale
- Test and Tune your Security Stack
- Thoughts Around Tool Stack Consolidation
- A Methodology for Building a Strategic Operations Focused Remediation Program
Module 1 – Level Set on Automated Testing
In the first module of our training series, we’ll establish a common understanding of Automated Testing. We’ll delve into the fundamentals, exploring what automated testing entails, its capabilities, and the objectives you should aim for in your testing initiatives.
Automated testing is a critical component in modern software development, providing a means to execute tests automatically, which can significantly enhance the efficiency and effectiveness of your testing process. Here’s a brief overview of what we’ll cover:
- Definition and Importance: We’ll start by defining automated testing and discussing why it’s a vital practice in today’s fast-paced development environments.
- Capabilities: Next, we’ll explore the various things you can achieve with automated testing, from simple test execution to complex test management and reporting.
- Goals: Finally, we’ll outline some key goals for your automated testing program, such as improving test coverage, reducing manual effort, and increasing the reliability of your software.
By the end of this module, you’ll have a solid foundation in automated testing, which will be crucial as we move forward in the training. Let’s get started!
Module 2 – Threat Informed Defense
In Module 2, we will discuss the concept of threat-informed defense. This module will begin with exploring Threat Intelligence, the foundational element of threat-informed defense, and its integration into your automated testing program. We will also introduce a comprehensive defensive methodology, discuss the nature and impact of persistent threats, and examine the unified kill chain framework. This module aims to equip you with the knowledge and tools necessary to enhance your defense strategies effectively.
Module 3 – Ransomware
In Module 3, we will explore the critical topic of Ransomware and its economic implications. This module will cover the mechanics of ransomware attacks, including how they are executed and the tactics used by cybercriminals. We will also delve into the financial aspects, examining the costs associated with ransomware incidents, the economic impact on organizations, and the strategies for mitigating these risks.
Module 4 – Automated Testing
Module 4 delves into the intricacies of your automated testing program, offering a comprehensive understanding of its components and functionality. This module seamlessly transitions into the concept of Big Picture Testing, explaining its significance and the rationale behind its implementation. You’ll learn what specific elements we focus on during Big Picture Testing and how it contributes to a proactive defense strategy. Additionally, the module covers the practical application of the MITRE ATT&CK framework, guiding you on how to operationalize it effectively within your security operations.
Module 5 – Wrap Up
Module 5 will conclude this workshop by reflecting on key lessons learned throughout the sessions. It will delve into defensive metrics, providing a detailed analysis of how to measure and improve your security posture. Finally, the module will offer some concluding thoughts, summarizing the workshop’s main takeaways and providing guidance on how to apply these insights moving forward.
Congratulations!
You have finished the Automated BAS workshop. Proceed back to the course page
