David Kennedy, CISSP (EUA)
(ISC)² Board Strategy Committee Co-Chair
When Protection Fails Us: Building On Detection
Building in protection mechanisms into the enterprise is a daunting task. It seems to even get simplistic controls, it requires multiple meetings, a change review board, change advisory board, and multiple months of delays. In today’s business, we can’t afford months of delays when implementing advanced protection in order to defend the organization. The lead time between protection and the gap we face from security risks is at an all-time high. If we can’t implement protection within a short time period, we need to be able to identify attacks as they happen and rapidly. This talk focuses on what it takes to build a program that focuses on the minimization of an attack by early warning signs. If we can’t protect everything in our enterprise, we should be able to develop a program that reduces the damage dealt to a data breach.
David is founder of TrustedSec and Binary Defense Systems. Both organizations focus on the betterment of the security industry from an offense and a defense perspective.
David was the former CSO for Diebold Incorporated where he ran the entire infosec program.
David is a co-author of the book “Metasploit: The Penetration Testers Guide,” the creator of the Social-Engineer Toolkit (SET), Artillery, and a number of popular open source tools.
He has been interviewed by several news entities including CNN, Fox News, MSNBC, CNBC, BBC World News and Katie Couric. He is the co-host of the social-engineer podcast and on a number of additional podcasts.
David has testified before the U.S. Congress on two occasions about the security around government websites.
David is one of the founding authors of the Penetration Testing Execution Standard (PTES), a framework designed to fix the penetration testing industry. He is also the co-founder of DerbyCon, a large-scale conference in Louisville, Kentucky.
Prior to the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.