What if we really assumed breach?

Every large organization that takes security seriously is supposedly doing it: “assume breach”. By working under the assumption that an attacker will at some point bypass your perimeter defenses, you approach IT security in a different way. You perform regular hunts, continuously improve detection, perform war games, etc. But are we really treating our security as we say we are? In this talk, I will show where most organizations fail to actually uphold the assumption of an impending compromise. By accepting limitations in scope, effort and data sources involved, security teams are often severely hampered in their efforts. How can we improve this by looking at real world incidents and learning from the challenges we face in incident response situations? By gaining visibility on your strong and weak areas, I will show that a lot more can be done than is often thought. Kevin is a senior manager within the Cyber Risk Services team of Deloite Risk Advisory, with over 8 years of experience in IT security. Before joining Deloitte in 2017, Kevin was responsible for Fox-IT’s forensics and incident response team. Prior to that he worked as a Forensics Expert and Incident Handler for Fox-IT and the Dutch Police. In this capacity he gained extensive experience in helping clients deal with serious cyberattacks and forensic investigations. Kevin holds a master's degree in forensic science from the University of Amsterdam and is a registered expert witness in the Netherlands