← All talks

Lightning Talk 2 by Gaurav Rana

BSides Toronto2:5940 viewsPublished 2023-11Watch on YouTube ↗
About this talk
This lightning talk was delivered on October 21 2023 at the BSides Toronto 2023 conference held at Toronto Metropolitain University's main lecture hall in George Vari Engineering and Computing Centre. All lightning talks were volounteers that stepped up on the day with minimal preparation time.
Show transcript [en]

hello everyone I am gorov I um I'm a part of merger and acquisition security team my main job is to help the acquired companies integrate with the with my company's security practices and all uh why security or why uh cyber security assessment is necessary for m&as is because whenever there's there's there's a bigger company acquiring a smaller company U yes a bigger company might have some standardized security tools or security things that they have they follow some practices uh smaller companies might not always have the same resources same level of control or same level of like security patches and whatnot uh so there would there there will be a lot of security gaps for a

smaller uh oncloud company or whatever like whenever you are requiring uh another uh red flag or another issues are that whenever the the news is made public that you know this XYZ company Google is acquiring some some smaller company or some some other company uh whenever it's public there are more and more attacks happening on a smaller company like people are aware of it they will try to break things they will try to get access to uh the the the smaller company through there they can get access to Google they might you know they might they might get more access than what is required having said that uh for for our for my company where where I work for uh

the security team is involved from right from the very beginning like even before a company is acquired Whenever there is a discussion whenever someone is thinking of acquiring another company we get involved we start scanning their things we start looking into the security gaps and identifying any red flags but during all this process time is an Essence uh we have to do things quickly and we cannot fix everything at once and that's where risk prioritization comes into picture and that's what we have like we have certain factors we look at things like okay how many public facing assets are there what vulnerabilities are there on that public facing assets is it easy to exploit it

and easy to get access through that vulnerability is if is it not uh if it's harder to exploit we can degrade the we can make it a lower priority thing to fix but this uh these factors and uh helping understand how many uh major red flags you have help you uh get more secure in a faster manner uh this what what we do right now is specifically for Acquisitions but this is something which is requirement for overall all of Industry every day we get like thousands of alerts thousands of alerts on single asset or single uh product or or service understanding and prioritizing your remediation efforts will definitely help you in getting in making it more

secure in a faster andol manner that's it

Related talks

27:38
Hopping on the CAN Bus
BSides Toronto · 2014
19:32
Blackhat Python
BSides Toronto · 2014
32:02
Batch Firmware Analysis
BSides Toronto · 2014
24:45
Honeydocs and Offensive Countermeasures
BSides Toronto · 2014
25:11
BSidesTO 2015 - Nick Aleks - Weapons of a Pentester
BSides Toronto
26:03
We Taught Burp To Speak GraphQL: Automated Security Scanning Of Your GraphQL API With Burp
BSides Toronto