Talk 01 - Argyris Makrygeorgou - Cycl0ps+ aka Manually infused automation

uh my name is Georgie I'm the head of Management Services for all the systems and today we're gonna chat about how we can manually uh infused automation now to start with just a disclaimer I mean I know it's over a year since the anniversary of gdpr just to let you know that is not yet another gdpr presentation so I guess it will be boring now uh she works about myself I hold the ambassadors and my masters from Athens University of economics and business along with the Euro certifications like cssp season Etc blah blah blah blah blah I work in ICT since 2004 and in the cyber security strictly cyber since 2013. I used to work for a quarter 500 insurance company in Ireland in Dublin that's my accent as well and Rainbow Six leader in Greece and the current place I told you I'm the head of cyber security for other systems now I've been deployed in more than 20 countries including some of my specials like Ukraine Lebanon and of course South Africa and to complete the you know the security posture I'm also a self-defense instructor which was actually pretty handy in South Africa and joburg now uh the agenda for today which I Google won't keep that in a case on the credit it would be how to sense for the cyber security scene mailing weeks but I guess that you know covers the majority of Europe maybe not the central one but generally you know Europe of course about the manually infused Automation and a bonus plan for all the Cyber vanilla centers we call them that the attempts this venue today I'll try to keep it amid the Eternal time is 30 minutes I'll probably look if it's 2010 so it will be enough time you know to elaborate or for some questions and then I don't like very nice the monologues that's okay Yemen I'm sure that to have a question mask after that so to start with we would need to agree on some things so first of all we would need you know to accept as a position here nice that I.T is generally the elephant in the room so I mean we're pretty it's pretty clear what it means something that everybody knows about but I mean most of people they don't really want to talk about it to address it so if the icts the elephants stand around the mammals which actually just a bit of relevant so a bit more difficult you know to address another thing is that commodity equals Baseline which means that I mean commodity um sometimes is uh for me by mistake it means it tends to mean something that is obsolete something old something that needs to change but promoted actually in the financial terms is the Baseline something that has a solid value and an organization has spent a lot of money efforts therefore culture to adapt it and make the most out of it therefore we will really need to embrace commodity and then keep it as a strong foundation in order to build stuff on top of it foreign follow the same patterns but nevertheless cyber security is here and addresses tangible problems and actually assists the business as usual of an organization of a company which means that there is a true an actual problem and to say we do solve it which jumps to the conclusion that cyber is here and enables both it and OT and help to enable business uh now I mean since we've algorithm done let's take a historical sorry for that place let's take a historical step we're 36 here from the first movie uh the war games 33 years from this one you know your man cleave and 30 years you're not mistaken from the from the first computer worm uh by Roman wall so there is evolution the technology of course is something that involves day to day so we managed and solve even newer problems technology like from basic MDM to any application any device Asset Management within the old pool Excel to actual Asset Management uh from uh VPN to a privilege access management and again you know the proxy server that you know of the past few more militaristic approach uh okay and that's an evolution but guess what it creates too many logs and then we say yeah okay we found that there is an answer we'll have seen [Music] but uh you know scene creates just another problem there are too many logs and we just we don't need to gather them we need to actually understand what they're saying do something and you know that's uh again uh quite a challenge otherwise if we need just logs we are kiwis okay so time who knows why why I put the Kiwi here I mean if you're we have Network Engineers here come on network Engineers no one yeah kiwi a syslog server Okay so we understand the need that we actually need to do something we call this logs but again returning now to the cyber security scene in order to do that you need to have efficiencies uh nevertheless uh the situation you know and stopping being something like that so you have very few people that they do they truly understand and they can truly realize what the problem is and offer a tangible solution so you end up with something like that I mean for a company there is one monitor for every customer so you guys like 12 it's okay for the first year I guess so either you end up something like this or you say okay [ __ ] it I'll go full blown and then this is your plate looks if you're running a screw depression Center and this is your crisis management strategy I mean they are both cool but believe me they don't they don't scale especially you know the first situation because uh these guys gonna be older so the other guy who just ends up with more monitors so steel uh this is a problem that obviously can be you know can be solved in using Automation and uh you know the the obvious answer would be let's put Deb in it and to a lot of tomatoes say okay cool but the the bystanders relationship between them and say something like that they might imagine that in a wonderful model like them then say and then down and then second and then there's no probably no sex because up here so Dev and devops and actually ours would be the way it goes but uh in a in a different uh in a different model that's why uh we're talking about infusing something so the whole concept is actually to avoid having just you know dummy actors doing repetitive things but uh have people uh enhancing Technologies and to actually automate all the important stuff and actually let the analysts do what they're supposed to do you know analyzing becoming better and providing actual help so coming now to a traditional traditional yes OKAY commoditized model and which were like static resources but even the base security boundaries the engine responsible for every matter yeah the people I mean the government is called them focal points but they're rather Escape gold so nobody likes that disconnected security tools I use nmap last year to we know to do a vulnerability assessment and now I'm just I'm using something else okay another great value out of it rarely automated so we're talking about Automation and exactly driven I think it's cool that again is a commodity so with my friend Cyclops here and all the fantasy staff these are bad words buy from kubernetes everybody does kubernetes today and so the apis that you know all the tools the the offer apis we are here and need to actually to transform the immortal the more commoditized stuff of systems and apps to Sea stops and adults and of course security to setups not just the operation center part but everything and of course the death to become devops so it's um it's infused inside our own infrastructure our own Technologies therefore we are holding already the solution in our hands see that that's okay the future that's why you cannot see it it's off River it's a b driven it can be handy to Merit and it it is highly automated there is social security responsibility so we can have segregation of duties uh you know a student Community perspective not just one point of blame as I call the focal points and of course elastic security boundaries I mean this is by Design you need since we're talking about cloud and Sam and some agile uh staff in our business as usual you cannot uh you know it's uh I mean it doesn't make sense to talk again about uh static infrastructure now we're trying now to see how this will be housed by the 360 of cyber security we have of course Assurance you know the beneficial tests the vulnerability assessments and tool is uh mental stuff the the last one that passes I call it you know a more traditional model that the customers do understand and eliminates with professional service and support the security operations center that we're talking about a general matter of operations and not just you know what we think about it today and of course the theoretical part of uh you know of cyber security which is a governance risk a compliance so in order to in order to thrive you need to select first strike card and so no mercy and amen this might might be back then the bad guys but if you know I don't know if you have seen the newer version where you know the actual douchebag is Naruto not them so um you see here and oh we're always talking about vendor independent solution here you you need to have everything interconnected and you can have everything they're connected to get the value elements so an event gets infused with the threat intelligence then if you apply all the policies that either you have pre-decided or not and then you add the context and then you get a nice mess like that so it doesn't really matter if we speak about you know the World Wide Web okay that's fine the email uh DNS maybe some commodities for Walling and threat intelligence again the end points and of course something that uh resides in the in the cloud so we can accelerate detection investigation and Remediation now let's go to today's takeaway I won't um I'm not supposed to pass your balls a lot more so let us be on the kids one Dance I mean let's assume that uh and then you know even if there are end customers today here uh again a little old cyber All Information Security Professionals so let us build the Geeks from names there is uh you know we can we can succeed a lot cyber security tends to become with the nice aspects and not a commodity so we're amassed in one organization of course we need to realize that the focus is apparently important stuff for the business which is their business as usual AKA these are the business usual Revenue so to go to the tech part as well the open architecture and the mssp approach for you know for the sales providers it's a mast so we go from something traditional and stagnant that's the correct word here stagnants to something more flexible agile and seductive because this ought to be today's approach to any situation and of course from something capex to Opex it's a win-win for for everyone since we can charge only what one uses and the customer can pays only what he's using so that's why it's a win-win and of course it's high time that we leverage all the software Investments and can actually speak even in a economic terms about TCO in software and service not just you know I bought a few servers one is the total cost of ownership Etc uh any questions there is one common slide uh I'll go there in a minute are there any questions okay this is a takeaway volume two and you know we decided set to to add it here after I mean the past few years I personally interviewed a lot of green people as we say you know right after the University or maybe with a couple of years or experience trying to join the cyber security field and you know we're coming over a leader for engineering position I mean either after advertising an engineering position or a security uh analyst position but everybody I mean the majority of them approaching the you know this opening with one dream either stating or you know either stating that they are or wanting to be a penetration tester and that's fine now to an extent but you know I think that not everyone is to become a contester and that's completely fine I mean there are other jobs I'm not a prime minister I mean you know I've seen the metal Sports only you know in its webpage so and it's not a matter of capacity or or capability and that goes on in for you know uh for the younger people that's okay uh maybe you know it's you know because of the movies or what you you think you can do more after you know hacking your neighbors uh Wi-Fi because it still uses a web so it's cool if you can become a pen tester eventually I mean in any case in order to become a pen tester you need to know slowly about systems networks how they work if you've never built a bloody Windows 2008 server believe me you won't be able to have it if you haven't set up an SQL a minor scale database again why bother do a natural injection try to understand the SQL path first or if you haven't set up a router or a firewall how you think that you are going to bypass it if you don't know how it works if you I mean if you don't know some netting you cannot become a pen tester so you know this is from a real real life experience so not everyone needs to become a pen tester and that's fine I mean not even going to the you know to the sales jobs there are comes out and pre-sales Engineers other Engineers that's in their business usual they are and they are considered you know a major cyber Security Professionals and we are not contestants thank you very much