Whole organisation testing without the pain

Wednesday 3rd April 2019, 6:45 pm.

Speaker: Andrew Scott, Context IS

Venue: Room 4.31, University of Edinburgh Informatics Forum, 10 Crichton Street, Edinburgh.

Refreshments and networking from 6:00 pm.

This event is free of charge and open to all, though please register via Eventbrite: https://bcsedin030419.eventbrite.co.uk/

Please note that this talk will start 15 minutes later than our usual time of 6:30pm. This is to give the speaker adequate time to get to the venue.

Synopsis

We’ve all got the memo now – security testing is good, but organisations need to do more to assess their holistic security approach. Whether it’s red teaming, a CBEST engagement or attack simulations - More is Better in testing the organisations ability to detect and respond to attacks. However, none of these approaches are particularly constructive and tend to enhance barriers between security, monitoring teams and the business rather than removing them. In this session we’ll explore the problems with these approaches and learn about an alternative approach that builds trust and collaboration, and results in better buy-in to fixing problems.

About the speaker

Andrew Scott is the Assurance lead for Scotland for Context IS. In this he works across industries to help clients mature their approach to security testing. Previously he ran one of Scotland’s leading Financial Services company’s security testing strategy where he aligned all testing efforts and increased the effectiveness of remediation activities. His approach addressed not only the technical teams, but also tackled the culture; increasing business awareness, responsibility and ownership of security. Andrew has previously been a penetration tester, Windows and Firewall administrator, and has helped respond to multi-million dollar intrusions.