2024-06-08, 12:30–13:15, Track 2 (Moody Rm 101)
Offensive security is an essential part of a cybersecurity program, but it is often misunderstood, which could lead to not achieving the goals of an organization. An example of a lack of understanding is requesting the wrong type of assessment, such as an adversary emulation instead of a pentest.
Offensive security is critical for detecting vulnerabilities in systems, applications, people, and buildings. Some assessment types are only crucial at certain times or stages of an organization’s security maturity. Offensive security takes a threat approach to assess in-scope targets for vulnerabilities and, even more importantly, exploitable ones. Although offensive security is no secret, companies are required to perform pentests for compliance reasons. It is one of the most misunderstood areas of cybersecurity. This is due to the lack of experience by most cybersecurity professionals in this discipline. In this presentation, we will demystify this tradecraft, and attendees will learn the details of each specialization of offensive security, including pentesting, red teaming, social engineering, and physical security assessments. Vulnerability management will be discussed, and where offensive security falls into the overall strategy. Discussed along with the different assessment types, we will share the tools and techniques used in each phase of these assessment types. Attendees will come away with a better understanding of offensive security, the difference in assessment types, and the tools, methodologies, and standards necessary for performing thorough security assessments.
Phillip Wylie is a cybersecurity professional with over 26 years of industry experience in IT and cybersecurity. He is also a former Dallas College Adjunct Instructor and the founder of The Pwn School Project and DEFCON Group 940. Phillip has diverse experience in multiple cybersecurity disciplines, including network security, application security, and pentesting. As an offensive security professional with over a decade of experience, he has conducted pentests of networks, Wi-Fi networks, applications, red team operations, and social engineering.
Phillip’s contributions to the cybersecurity industry extend beyond his work as a pentester. He is the concept creator and co-author of “The Pentester Blueprint: Starting a Career as an Ethical Hacker,” a highly regarded book inspired by a lecture he presented to his class at Dallas College, which later became a conference talk. Phillip hosts “The Phillip Wylie Show” and previously “The Hacker Factory Podcast.”