We had a great meeting with two presentations and a crowd of people from Northern Virginia and South Florida. Folks stayed on until 11pm or so chatting!
Rapid 7’s Joshua Harr on how to build an incident response plan
Scythe founders, Bryson Bort and Jorge Orchilles, on APT Emulation in Red Teams
We are excited to hold our first joint virtual chapter meeting on June 18 at 6pm via Zoom with our sister chapter, ISSA South Florida. The meeting will include two presentations. The first speaker is Joshua Harr, Rapid 7 hacker and Air Force cyber warfare reservist. The second group is the founders of SCYTHE, Bryon Bort and Jorge Orchilles, who will speak on APT emulation for Red Teamers.
This meeting will be delivered by Zoom.
Register here to attend!
For the evening’s first presentation, Joshua Harr will walk us thru the steps necessary to building an incident response plan that ensures resiliency. Many organizations struggle with incident response. It is not an issue of talent, tools, or capabilities, but one of structure and misalignment of communication channels. An incident, no matter how big or small, affects the whole of the organization. It can bring an asset down, take an employee’s computer offline, or force the entire workforce to work remotely. How organizations develop their Incident Response Strategy is becoming increasingly nuanced for a broad range of problems that can occur. By taking a look into a real incident and dissecting the components of incident response, this presentation will highlight some essential points (out of a multitude of considerations) on how to build effective resilience in an organization’s incident response strategy.
Next, hear former Army hacker, Bryson Bort, and SANS Instructor, Jorge Orchilles, talk about cutting-edge Red Team work with APT emulation. They will show us how to take today’s red teaming a step further. They move beyond a detection-based red team approach (treating MITRE ATT&CK as a bingo card). Instead, Bryson and Jorge will show us how to emulate a real threat actor who might target your network. How would they attack you? What would they steal? How do we imitate such an adversary? In their presentation, our presenters will do a demo of APT 19, a Chinese espionage campaign, tied to MITRE ATT&CK. We will also introduce the C2 Matrix, a community driven compendium and decision tool of 46 (and counting!) C2 frameworks for offensive testing.
Joshua Harr is a security practitioner with deep experience in multiple industries, including healthcare, manufacturing, energy, and defense. His experience includes security program development, industrial control systems, threat hunting, security intelligence, incident response operations, planning and strategy, and strategic cyber security leadership planning. Josh is very active in developing leadership methodologies in security operation environments and has developed multiple tabletop scenarios for incident response planning. Josh holds GISCP from SANS and has his B.S. in Aerospace Engineering and a M.S. in Security and Resilience in Cyber Security. He serves in the Air Force Reserves as a Cyber Warfare Officer.
Bryson Bort is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is an R Street Senior Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point.
Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He is a SANS Certified Instructor and the author of Security 564: Red Team Exercises and Adversary Emulation. He was a founding member of MITRE Engenuity Center of Threat-Informed Defense. He is a Fellow at the Information Systems Security Association (ISSA) and National Security Institute. Prior, Jorge led the offensive security team at Citi for over 10 years. He also co-authored Common Vulnerability Scoring System (CVSS) and A Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry, and author of Microsoft Windows 7 Administrator’s Reference.
This will be our only meeting this month, but it will be longer than normal. Please join us.