Finding Your Own Vulnerabilities (Before Attackers & Auditors Do)
Do you know where all of your cyber security vulnerabilities are? While we can never know of all of our vulnerabilities that exist, we as defenders can take the initiative in looking for these vulnerabilities, both within the enterprise as well as on our systems connected directly to the Internet (which we might or might not know about). This presentation provides some considerations for organizations in strengthening, or establishing, their own vulnerability management program and tips on what to do before investing resources in engaging with an outside provider to ensure the most benefit of outside vulnerability assessments and penetration tests. Some code analysis tools and "Burp Suite" will be covered.
Michael is Director of Information Security at Fluor and a Certified Information Systems Security Professional (CISSP). He is the president of the Upstate SC Information Systems Security Association (ISSA) chapter, a member of the Greenville Tech Technology Advisory Committee, and holds a bachelor’s in Computer and Information Systems Security/Information Assurance from Western Governors University.