War Games: Simulating Cyber Incidents For Fun & Profit

yeah hello thank you all for coming and hope you're having a good besides of these 20 90 and you're on the right place next slide okay so who are we and I'm sleep their best seven independent scary consoling bit obsessed with critical security controls networking in monitoring and the co-founder of DC one five one I'm Matt Hall at this month with I'm a consultant of clarinet I have about 18 or so years experience in the cybersecurity vision spirit world and professionally and due to that amount of time I'm a bit of a cynic but at the same time bit and it's a lot to missed and so I'm also the co-founder DeSimone 1 DC one flag one and its social

government is Def Con group its Alice one and not the contrary 3 yeah we get stick for that but it's a regular meeting of hackers majors breakers both and blue team red team and when we first spoke about doing it and I said I was bit by side the carry look is why people get up another chap but everyone's welcome is every second Wednesday of the month currently at the Cross Keys pub which is where the prescience was last night and format anything girls mostly the moment it is sort of talks and we'd like to get some more workshops in this year 30 to 45 minutes or when it drugs on the right to hours if you want to get in contact with

his followers on Twitter it is a message if you're wanting to talk or a workshop a little bit see it okay so in this talk and introduce that's a concept in the idea of wall gaming and specifically been explore the use of wall gaming as a means of fly simulate and incident response and high-level will explain what aids why you should be doing it after planet and basically outside deliver the plane and the toughts structured of the very logically now and final edits in the pub in Bodega and it should make for a relatively useful surprise so we're going to measure slides available top notes the things being filmed as well I'm reachable so any questions I would

might help of anything please get in touch and cool concept what is it ball game yeah so yeah so what would what would mean by wargaming so there's the mandatory sort of wiki exception there and for the purposes of this talk this introductory top to the concept in the use of it around spy and I are and it's essentially a training exercise that's high definition for this just talk and basically that's you test stuff people against you know a realistic scenario and give you some idea of how well you fare and now the concept of wargaming isn't new if you've ever worked in the military and they were live rubber bullet simulated exercises video tabletops as well if

you're old enough pyramid the warning to film the mutton Broderick the war operations Punk response computer and wasn't too far from the truth of its time various intelligence organizations as well the big learnings of cyber ball games quite some time well this talk is really from both our experiences and there seems to be relatively little or few private organizations to run a ball game let alone have a comprehensive incident response plan they have any at all so today we're talking about these supposed immature organizations yes I guess the reason I really like I want to talk about is you know it's an incredibly powerful tool for a whole bunch of reasons and I guess the thing

we want to get across is one of those one of the bigger reasons is the accessibility you know you can basically play is probably one of those greatest strengths you don't need a lot to do this there's no like super comp sis for while gaming like whatever like you know you put in a bit a bit of planning this out of the nod to do it you can make this thing happen it's extremely useful in the real world you know I think we're all hopefully all I'm sure that all are coming to terms with the fact that in quite security-wise and can't stop must've happening cat builds walls high enough or thick enough to start stuff the bad stuff from

happening and yes quick show of hands who has done any sort of incident on scenario testing the pot one two three four five six eight nine [Music] you've done it organizing one part sits and as our participant that'll be dealer three discussing that stats Linden so I want to talk about why you should login why should you care why you're here why should we go really I'm a pen tester at the moment I have been for several years I previously done odd it give us a I service in that in one I built defensive systems ids/ips firewalls so I've gone all the way from blue teaming in auditing - technically rocking up brick in a network right near

port which wash rinse repeat and you know not all real-world threats can be covered it depends s they're very useful so this is about helping your company of your customer become mob against the tongue it applies to both red jeans blue teams are meeting students looking into their careers I'm scary because your next job may depend on it ever saw the internal fight and battle if if you have a Cecil and you're choosing new Cecil which type of Cecil wouldn't choose would you choose the person that never experienced a sound breach or one who had and you know was a disease Laurel when it happened Sagittarians gain ability we'll see you later so why should you care and credits here

to solve you from his twenty seventeen hours a pumpkin stop but this slide it's out completely and what it is is I've been around since the early eighties out born in 1918 so I go into computing in the early nineties were in terms of hacking scene in the mid mountains so we've seen lots of rise of computers and solutions we announced the security that keep adding to each other from one year to the next veera the top is actually us joins the NIST cybersecurity framework which is initiative response standard suppose originally created for SCADA networks and us and thinking the 2017 was accessible to every organization ble but yet in the 90s it wasn't really home

ec markets fierce sort of group and at that time most small businesses with slope and paper and a few staff to digitize and internet politicians around slow and if you thought walked into a PC world in the 90s or a membrane you have shelf upon shelf of Windows NT by or 3.1 still on right at the end you have a football of Av products with a Fiat something I'm not not plugging the company but it's maybe some personal file and software that's all tall people got scared as a pellet bit goodbye cars would go on three years the end point defense stuff with air be moved into la detective monitoring systems IDs security is an event monitoring you'll

start building socks where we have now and we are in that Europe of the soup bridge and in the security solution were looking at endpoint detection response Irish access management we've got debit dedicated side the business units within organizations now I'm season it with c-level roles and that's pretty much the advanced persistent threat die and it's kind of scary really high this is I've been working in industry for a while just the amount of Beach is now telling us about all of our technological solutions aren't solving the problem probably got this wrong so recently Singh one five one near you Weaver stood our friend in the back son of son zoo on Twitter and his talk

lessons from the region in which Nick asked this question which stop with me if we're all so smart which we are and we all web so hard which we do why is everything so awful getting worse so in the last few years we've seen hand emic propulsion tax and hey wash turns around the world the fall sort of sentences on the right-hand side there the four major cyber threats that the NCSE put together in their twenty it 18 signed a report and we have we've seen live features involving attackers who assisted upon a targets network the years to come area or several months Equifax and yeah but who can find Equifax quickly where is it

yep you got it yeah now look that last year cut slide was small to different so it should be fairly obvious people now that we are in the agency the breach so we're talking here about testing without pens and how to successfully wargame an organization to help prepare them for the coming age of resilience and recovery this is the map of the World Economic Forum's Global Risk landscape for 2018 the risks we have sieve breaches show what will be living in right now we've got cyber attacks up in the top right hand corner in the same region in terms of impact level and likelihood of natural disasters and climate change see ya so well what also right like the

tax not working the addition of different Assyrian bridge we're all good no one's I share in that kind of bit pretty clear that those a thing isn't it way to sell and the idea of wargaming because we can't rely on that assume breach message to be all yeah and agreed with yeah you know you will for any organization that probably invested millions they like cyber stealth and telling them that it was always designed problems not known but I would say well cliche time take them whoever they are on the journey but destination really is we want to get them thinking about breaches like the up to the breach the response of breach to breach start to Brett down

the hole like I've got a perimeter I'm okay man tower they need to get them to think about how they're going to respond and what they'll need to respond to investment and bootstrap up once or yeah the Jerry thing it's one of the consequences are not doing texting not doing incident madness testing that can help us sell it but you know life's bit complicated down as you know if any of you turns away you find do this at work with a client whatever there are consequences are actually doing this are tensions test in and so we're gonna call those out so you don't trip yourself up business keywords alright so this is how we sell it this is how you sell it as a

people process the technology leadership for people to first thing me to really exercise we initiate want to get them doing the critical thinking exercising decision making in those less than optimal bare you conditions know when things go sideways and you get a call at five o'clock on the morning you're on your leisure things to be able to make quick decisions the right decisions the best decisions we've little without perfect information as quickly as possible you want to get them working together to make decisions the comp can you know you your organization's probably up got one king or queen our Emperor the top that's you know but the general you know tied everyone to new and is entail power

dynamics all economists often might not have that authority and the abstract enough like the whole we need to exercise our leaders and being able to make decisions about that's information because a lot of the cyber stuff for the let's in technology I think there's this assumption that these challenging that like you can send you know push back on the tacky getting back in server room and getting to come back with the perfect information so you can make the right call it's balance like we don't know what's going on most of the time we the information we've got there's no single source of information that you can pull on to get absolute clarity when everything goes sideways everything hits

the wall like Mindy even though at leadership wise if you know who needs to be involved like you know it's not just your managers you know you've got general counsel detection offices you know the leadership in your organization is probably bigger than I've seen where the management need staff skin all the time have you got the right people in the room can identify the right people can you identify that's the wrong people can you can you easily put together that short list of people that usually about representation across the business across technology across products however your organization's structured you need to break it down and can you identify all the relevant skills and knowledge like I mean I'm large

international organization but they have a challenge of come at it if I haven't got the right people who can speak all the languages in the room that's what might apply to you supplies MSSP suck that software vendor that might be involved retail at the cloud whatever yeah I mean process stuff right so people leadership and everybody know what they should be doing like you know chances are your organisation might have some just a plan for Incident Response you know I like on the shelf some works that have been touched and probably got some archaic Tom's plan in there you know I've send fax to whoever what nurse that's you know pass the time in and

that everything looks simple when objects of the testing might be do you know if we've got that stuff and where it is enough to get to it do we have the right do we know what the processes are to get the right people in the room or please speak with those critical supplies and third parties directly or do they have that secret list of people that the law inspector got process to the interpol to keep people in the room bad stuff can happen anytime like if you things go sideways on Christmas Eve like how are you getting overtime so I was like how'd you get this far exercise I guess control then people's arms get to

keep them in that room do you have processes for capturing evidence and document in what you do in like you know some of this stuff you might rely on it immediately it's all going to be useful in the long term but yeah is it rules you have to follow up and shopping at regulators or anyone who external scrutiny might have a very strong opinion on how you should document stuff as you deal with a problem and technology wise do you have the basics a hard but the analysis yeah firewalling locks whatever are you logging everything to work with can you answer the NCATS incident questions you don't want to you know just sure about yesterday's like who doesn't test they

open up let's hear that right so they don't come across time in certain questions then two three okay so that's a cyber police where you care sure they haven't bet with is subscribed and they put together back to logging and monitoring like basically if you just like landed from another planet and you have to describe love your mother into something why they should do it they have a nice two-page article the details all up and right at the bottom is a super useful table of these are the questions you need to be able to answer than things go sideways will expect it if we get called in I think there's a fairly natural expectation that someone

like the ICO would expect to be able to answer those questions if they've got involved I can use you know where the vendor what and seriously recommend checking out gives me all the bad news man right horrible fact of life is toxin are all super positive very and for some people everything boils down to money and all security stuff whatever your sort of view of the industry is probably for the organisation you work for unless you're a vendor there see also carry stuff as an overhead right where a cost we add complexity to the business and that probably been asked and ever worked blue team if you ever worked like car InfoSec you've probably have to play the

justification game you know I can eat five analysts because I've got shift to them you can have three what does that mean like will not do Wednesdays and Sundays and put that into the bad guys well as those days and so horrible change the same sort of logic around London attack money I get supplied to people and girls they always need justified justification to people in a jury at Boltzmann and one of the extra value adds a ball game and is generating you know the context of a very real-world problem the value of those people and those roles and sometimes versus the technology is that they've already had in place for demonstrating alignment internally there

we've got C sores now that's a thing some of them a seat at the big table with the rest of the sea levels exist so wargaming can arm those Caesars with quite a tangible example what state is and how it can respond to this to they can you see results from the exercise to support their basically investing in technology or people although it can demonstrate the maturity of the organization to external parties ensure effective was positively affected Rand internally if you can somehow demonstrate that online draws attention to the competence of the leadership team on the flip side there are some potential negatives and it's not pleasant when an incident happens head Steve start to roll and usually to see

so hence the question about what do you want to see said who has experience speech I'll not and yeah how did the first show hands and he went to break first rage he would hire a receipt so he was in roles he saw in a major breach right and everyone else just know we're not hiring but listen he of a solver bridge okay well yeah so this is us goes here gets shifted in with someone else who's green stop start to worry the news respect to the business the Luke respect the management and they walk out to and on the public Internet history does tell us that if you have a breach and it gets out into

the news people will talk more about how you responded to that breach rather than the size of it a lot Dayton is involved they don't see that chat about whether or not they see iron or credit card data etc unfunctional intersect Twitter you will likely get a free pen test all the sudden and them so another one if you review start to war game and discovered about really no one's got [ __ ] clue what's going on you better you've got two options now a Dodge or buckle up the Spartans yeah you can either went run away I'll just like that said of it so state wants panic right I've given him a little bit yes

zoom alien sections at the top the really dry kind of death by PowerPoint bits and so yeah it's a pawn in like these items over up and up and down essentially into two bits about the designing the war game and then basic way and the right peephole in together selecting the how and the way and the final top by execution and so planning guest farm major building blocks which is a gap on the Nexus of thing but you know we need some objectives of the test we want to do the testing we want to try and put together and we're going to need to select some realistic scenario of the side of shrine draw those out thoughts

on those objectives we never break that scenario down into chunks or what tends to get bounded rounding I are testing wonders in jets and you want to put together some guiding optional guidance around the injects to sort of I guess pile the wheels and keep it running smoothly and planning like it's a very high level question but you know what do you want to know like why is it you're actually testing what do you want to verify what do you have enough information to answer the question that you can use testing to sort out and you can focus on themes like can we just do we know what we're doing I might be one of those themes and can't be testy

specific yeah like do we have firewall logs father that's strange satellite office in the Middle East if there comes up in AWS can we work out which one of our I guess internal customers but there probably belongs to you know whatever it is it's quite generic so everyone can get used to this but you need to work out what it is you want to test before you start and you're gonna get the opportunity to sort of you know Mick is perfect narrative to focus on these things and like I guess make the testing happen the way you want and hopefully the the questions you have are impossible to answer otherwise I guess you're just going to met people

forced read and you don't normally share the objectives we possessed in participants like you might not even share that the details that you're going to do testing with them until the very last minute and we'll put onto that selecting scenario yeah picking a scenario unique to every organization but you should have to go really far for inspiration and ask people or to keep them in the work where can i at night and if you focus in on some concern your sponsors actually have you not only probably going to get and guarantee they're buying probably going to fight for it more and that's passionate way is probably going to do the business or organization good in the grill

scheme of things news and phone app news and media we're ten minutes chats with us or more probably other breach right you might have customers clients are regulars are very specific concerns like they might ask the party question is someone in our industry has had some kind of incident and it's not public knowledge maybe think about how you can solve those impulse filling all out these bad things de león's which is basically speed of crap scenario ideas like no I'm attacking from the real from real life super useful staff small especially if you've not you know first because this Newton is new to most of you like start simple I don't go out full Bandersnatch of the first one we

like the multiple you know you out Netflix I don't want them to Netflix kind of which old isn't but yeah you know just stop something small us a very specific question if you can't and doing on this ripped if to start with like getting people around the room in your organization and not doing a day job might be a big ask anywhere keeping them in the room is probably not too much an extension of that when you if you have a scenario a posting people off the following lines all the data center it's probably gonna get a bit more complicated and the objective of start and testing should be keeping testing you're looking for hopefully through an

improvement over time the more complicated these things get or the better your responsibilities respond will be pub secure name we share some example scenario is like Boompa Park Tesla's value incident scenarios what everyone to call in and very cyber are inside appreciate I figured that derive for the audience like if if your principal concern just like physical like that's totally great as well like you know someone finds a must require comms cabinet well I think yeah it sort of finds one those you can plant USB cables and it turns out to be a farm but like bus yeah that's a good it as well okay into injects yeah they need to be like the major plot points and twists

and in the scenario if you have in mind try not to give away anything if you can you know just provide enough information to move the story along maybe promote some of those kind of next step questions that you can cover off in your guidance but and people's about five yeah is it one day made if I like the idea of the ones we inject by haha but there are no extreme formation like Tibet in principle and real with them in a full one day scenario I'll have to burn through about five injects with people going on and doing stuff and that's you know if you tell say star in five chance and if you somehow get sign

off for like a month long thing like writes me up and all that works I play it out and guidance yes each inject will have some like natural questions which will arise yeah so you should really P prepare for them but it shouldn't affect the should each other - yeah I should lead a truck yeah I should they trap from attach them you you know they saw it on and do they tell us anything if the inject isn't specific enough I don't know it's unique to your organization but you can confirm the whole like no there's no actual information like a bit impulsive guidance can be or if you have it it's natural follow-on questions that

you'd want to provide the answer to like you think it was like if y'all depends on your organisation and I are you internal search points work if you always get certain information with someone who possibly know certain where I pump up drafted like I've had draft service desk tickets to support things like printed out and it looks legit and it happens we allocate to the scenario as well and again we're do scenario is however your organization works and yet the guidance is quite specific to you ultimately they'll get your testes to do all the work and that's what yeah don't let the guidance be that easy way out so start a lower level then when you've got

this thing written up you should end up with something like this obviously not in these weird super bright colors but index other things you share the guidance probably keep that in your back pocket and provide it specifically to each question that's asked you know objectives you probably don't share that with anyone over on the sponsor if they're not involved and in partly right at the end and his shriveling sort of conceptual ends kind of probably how it will work yeah I'm storing the index kind of relate to that this guidance to support and but the thing I really want in to pull out is the response like what people do and the decisions around what

they should be doing I decide to do and you want to tie that up to your objectives and the timing of your injects can be important as well we've got a narrative bullying people are halfway through their farm process we've got an inject in there and just screw everything up basically just an [ __ ] for there and so following to actual planning part sponsorships sponsorship is he finds someone within the organization who is going to be your key player identify the participants and you looking to find really everyone in the business you want IT ops devs HR PR legal senior management team you got overseers and check the schedule for major conflicts yeah this monster thing

like you do license to operate like at the end of the day this thing's disruptive like like anything when you take people away from their day job is like the business of the organizations and carry an additional cost that you need to get this thing signed off for guests with enough authority to so that one way get the okay to admit to let it happen they're also then the support to make it happen and without it like the things not happening like you you know I guess there's the opportunity for the non committed sponsor to get you to go away and do all the planning but if you don't let you know basically back you up

on the day where you got twice the people's time like it's going to be you in the road in the room when your own with some pacer possibly not bad thing yeah yeah the sponsor you you might be pushing you for something if not you get explode into like sellout benefits break it down into these kind of like building block components walk and walk it through within two or three times but yet you really even it's a bucket and it will be the notice the low drift yeah cuz now if this tabletop you know it is literally supposed to happen there also a certain piece of let's face it comparable I may I've seen some good

wide Road just a lot of information-sharing just willingly colleagues who also I didn't know that right well we didn't have a pond for that all we have an office in that country yeah that's that's the kind because yeah your participants then like you know identify who you want in the room I guess at least to start with and the sponsor by whoever is kind of bucking you on this thing and probably have some opinions on what they might want to I guess depending on your scenario they might want to test their business function capability in a certain area or the certain move it move it and if you don't know who needs to be in the room and the sponsor can't give

you the player stare I boom that some Jets had one like inject battling happened tasks one word right find out where we get in the room like do you know okay in the room is still obviously is the Judah cares referees you want to call and and probably do but this whole thing needs like support and someone's who really I think I had it Tracy last night as the White team right Roger Roger hundreds of people involved vested there's a dedicated team the minimum for these kind of feedback loops a little team and conflict so destruction up on these things when there's an office move on all the world's cup like something really sensitive like you're closing a

branch again in Moscow is it's going to just time for the whole thing and logistics yet you know so I've grown up stuff I felt and preach but yeah yeah well the room they're getting a navy and like naughty they yeah print stuff out air box if you need it and be conscious about how you do put in my dirt does you feel that reprographics department conducts send all this kind of stuff to them in advance because right known turned up surprise on the day is going to have got out yeah Peter snacks and the last thing wet on the planning stuff is basically sending up limitations and obviously based on the support respond certain type of

organization you in you're probably going to become dead and tell people what this is like I assess whatever blah blah blah this ribbon is their response to might not want you to do that had a bitten up on an engagement where you basically said I'm free kick and invite a lot of people and it's like boom the dunlop it's such a peptide that and when you do send us invitations people are gonna complain like not everyone's gonna be on board with this expect it you probably already know who those people yeah you've probably got a good failing and the sponsor might even have specific concerns and want to validate that as part of what they get

out of this you know we've got a whatever team responses in their remit we've got a tester response they're not happy they're kicked off but I think it's the best use of that time you know expect it and start to think if you can in advance of how you handle those people team might not be your problem I love your fight like find out who raised and admitted Aires try and be sympathetic but I have to remind myself not to fidget yeah I'll probably oil care like like influence over instructure and haven't worked up from but their best if we try and get people involved and if you can and offer them the reality check but this is the kind

of mantra I go everywhere as big as people than have better self thing you know bit reality is never 10 be a good time for this thing now should be no different I know you're busy you're super important without your thing this company will just fall over but we need you like the boss says you've got to be in the part of expecting yeah like seriously Branson Esther you get wet like you just got to be you just think up and without you it's our value bear that and when it did the game asses how try not to be like dick yeah one bill uh yeah one nose is my new like default response to people that complain so much

the big thing is head Korea protects always like if you do end up with anyone in the room that's just there because of some JFDI oh that has come down from on high but they're not really in the room like they're not there I got something fall asleep on again but they'll probably be disruptive for probably be a jerk for probably mess it up for everyone else and detracts from the whole thing they'll get in people's where they might try and derail the whole thing like getting out find someone else we can still do on Friday would pop in yeah definitely not I was

so broke up and take everyone's names keeps enough who's that you didn't go and explain what is going on so reminded why today trying to get it into the spirit of things it can be fun it's not all doom and gloom despite my previous slide this but do set some ground rules not arguing in between to that and remind them about the sponsor will have some expectations of them of their mini post some ground rules can help people get into it so it's about saying the scenario I'm keeping within keeping and we did begin not fight in this area if you have one ground rule as that base like you can't write the perfect text

maybe you can which can again message me but looking out but however you code how much research you put into this thing even if your based on previous incidents you got and say on the day someone's going to find exception of the details well that guide to work on Wednesdays and we've got that thing login forever but you know just those things the Tractatus is apply to our environment yeah yeah don't matter if you email volume or on site honking the client you know like email goes down deal if if you can get people not in the scenario you've pretty much cracked it even if they know that the thing you're up against will probably

never happen you're getting all the benefit you testing up thinking you're testing them so you make and you know it's you still get the value even if they can't immediately go we're right open nothing ever happens they can solve views on it so game over and you gotta formally concluded start sundown you take and they'll send out answers whatever and get any feedback to be learning polls and note down the highs and your lows and things like that you yes we'll probably have to write a true apart and best in conjunction with your sponsor observations recommendations like review dates with response plan for what and gaps captured in secular and share those with the sponsor yet don't do this thing I mean

like get around to finishing the report six weeks later and then tell people it's you uncovered some horror show like you mouth coverage here we identified some horrible desk you found some office that you didn't know you actually how to fight you know if you if you spot those big things like straight up anyone sponsor any five minutes each time boxes well found get it into their mindset and let them work and if you can do some high-level presentations and sea levels about what happened then Prospero right little our polls in mind and so the start is like all about how he will stand eco nice response plan the next scenario and then just look at the

changes start with the end see people change on just do again let's keep doing it assume it wasn't a complete pilot firing like you know you've not burn every Bridge that you can say like that initial logic is the best time to start gets on the ship for keeping doing this as a thing and if the first one sucks and you burn all your you know political collateral probably just to go another one so coming to the end some conclusions about fifteen minutes nothing brings people together our shared experience either real will incident all simulated one the analogy I met for the benefits of doing the wargaming is sort of the fire alarm drills or it gave me a very well

aspiring with in part it's about muscle memory and if you were downstairs and songs over stop this moment keynote and the concept of war game does apply there so getting that training mind the active thinking when you eat it with mind - it's just intrinsic it is responding afterwards because as well in a line incident goes back since it was taught you can have people you know something post-traumatic stress for things like this see you want a while so I don't buy the people about camp on your watch and you understand that some people can't deal with all the issues that might arise so technology does it not even readiness all capabilities we have in looking at

the beaches four or five decades worth of buying another product buying another product sitting on the network Miller but pops doing very much nothing is no one's looking at it and that's gone on far too long and we're going into the age of recovery and resilience we've got a beautiful into from immutable infrastructure containerization things like that way reducing attackers persistence on your network hopefully but if your data gets out you get out of regions as breaches will continue to happen it will totally it would be more breaches but I doesn't even solve that problem in my lifetime pass pessimist it to keep their lying cheating line it's challenging that primitive mindset no matter how many

files been by second 2 segmented networks someone's in the patrol and that firewall some freak'll at their agency in about hardware in plan to get us to air gap network so we're about preaching resilience on promoting that Redis there is a balance of technology be brought in foot student and said on the TVs it's coming to the end we wondered run so far have been quite simple for organizations just entering into the idea with wargaming graph is quite materia some organizations our approach has been very linear very train tracks is next step and go on the train and there's a next step so the future sort of direction that we want to go it is the usual

friendship understand China speaking with a class now have a good shop in one what method of viewing it might be how many like a red team in one room a blue team little room red team makeup and inject on spot and that's been fed through the blue team rule room and we just go back and forth about no active testings all on the tabletop I think that choose your own adventure style scenario might also work well with c-level execs if you basically give sea level is X a financial decision to make do you put more compact zoom technology and put more up heads in in people process and then sort of oh look now you

the next sector of X we might look about that I'm not committed thank you for listening to us and we will take any questions on any happen right now yeah target a beer [Music]

like with your time I appreciate somebody over here half an hour airway but I don't know any question about something it left his company would you think this Minds work with local beach or councils and this smallest organization I will be doing it for debt management agency with proximately hundred staff which would be call center agents I am on an intersect team of about one it's about testing that I like how he responds I mean there's no rules on whether you're a five-month company are 2010 like probably going to get the call at some point there's foam scan a debate structured and really involved it can be as much as I guess realization they pull the phone so he a say all the

girls questions over whether she began yeah he said I think the current state of IR and like is I guess partly to is to believe audience related to the current said dr bc pay like they are in basically pay at the moment for a lot of organizations i'm not ringbinder on a folder there's no hasn't been updated many years and just off pull out and the right wonder he'd every but i think i asking a similar stare i think it's i ours being kind of prepared for in this ml and will have a very rigid plan will have a mastery incident process like some really sexy rhetoric around up and underneath the hood it's just step one two three hit the coal

plant send text messages cause the office of their cv i think that it's this immature and maybe it's immature is directly related so that one base yikes even some organizations not been places why they should be the biggest continent upon it and it's because we did hunt being able to show they've got an office in Christchurch and in an earthquake in recent history and they lost people on facility and being able to recover on the story they could tell was amazing and that one organisation backing about that can recall who busy feeding us so like I think I are is I was just a branch of business common area I think you bring up or it's a

biblical blip sibling yeah I don't know it depends on which structure this table gets on YouTube does he question iswhat initiate looking thanks what industry would yeah I think the tangible things that one of its biggest benefits is Yuki Kendall these conclusions and observations that you don't there's no other lines that Bend is invisible and you know like the whole have an office in that country like that's there's some truth to that like is handed out a little bit but you don't stressing something you get very different result and just saw relying on what you've been sold and you know it's the trust but verify things nothing oh

yes yeah definitely this is like definitely first steps it because we all have been interested in I mean this talk actually originated Steve's first Orkut do you see when I'm starting up to over 27 and you know so I'm getting into it and my level in a pen testing something Neptune like seeing all these beaches in Kenai Patterson's not solving the problem I'm just going and wrecking the net-lib so yeah I think you can make it cut like a scenario you can make it's complicated and is the scope of our organization if you want to know you want to drop a rogue instance cc7 button yeah you know that departments VPC in ed of us and like see if we spy when it

starts interacting we still see if they know what to do about yeah if that works for you like there's no rules but that's the point you make it was like the purple team style exercises that will do rights not full-on like no one knows that something going on will pop someone on site and drop an axe as part of the network see if the wireless IDs and it's not watching them do what they do respond to that so it's not this won't blur the line into the real test this is testing without any pens but yeah I think it does work yes they're very much you saw I've introduction to the concept I think and doing some song

some coverage and some fathers Marvin bunts tested with yeah technical specifics and he injects don't have to be narrative best that could be offensive general on the wire offices you close people you dismiss and send and account for as casual as are dispersed or whatever but whatever works for you it's going to take a lot more planning of this can be very disruptive