Exploring TaHiTI: A tour of the Threat Hunt process and the development of a threat hunt program |
Abstract
In the age of software supply chain attacks, and with the clarion call of ‘assume breach’, the role of proactive threat hunt has grown from a niche and limited capability to one that any mature cyber security blue team should possess if it faces advanced persistent threats. However, proactive and consistent defence against advanced adversaries is not easy to achieve. Threat hunting needs to be disciplined, planned, and managed as part of a mature cyber security strategy to deliver results. Our adversaries are smart, skilled and we need to assume the worst. This presentation will provide the foundational knowledge needed to develop a threat hunt program and integrate it into your security operations, as well as describing the tools, metrics and maturity levels associated with managing a threat hunt capability. We will spend some time in TaHiTI, cruise past some MaGMa, and pay a visit to MITRE and the ATOMIC Red Team. Hope you enjoy the threat hunt tour! Speaker Bio: Dr Dave Ormrod has over 25 years of experience securing organisations from advanced persistent threats, managing blue and red security teams, conducting cyber threat intelligence assessments, and enhancing the resilience of Federal Government agencies and commercial organisations. Dave is an experienced cyber-security program manager, threat hunter, and information systems assessor. He is an Associate Professor of Cyber Security at UniSA with a PhD in Computer Science, member of the Information Security Registered Assessors Program (IRAP) and a certified Australian Company Director (GAICD). Dave is also a certified ISO/IEC 27001 Senior Lead Auditor, Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Control Objectives for Information and Related Technologies (COBIT) Practitioner, and Project Management Professional (PMP). Dave has worked with European, United States, United Kingdom and Australian government representatives on a variety of commercial and national security challenges. Jamie Norton is an established leader in the security field and former Chief Information Security Officer (CISO) with the Australian Taxation Office. He has been a member of the global CISM Certification Working Group for ISACA and co-chair of the Cyber Security Stakeholders Group (CSSG) with Chartered Accountants Australia and the CPA. He has been involved in several senior government committees on cyber resilience, including contributing to the Australian Cyber Security Strategy 2020 and the ASD IRAP and Cloud programs. As an experienced CISO, Jamie regularly works with boards, executives, and security leaders to advocate the business case for better security, improve reporting and metrics, and refine organisational security strategy. Leveraging his real-word experience, Jamie offers guidance and mentoring to business leaders and organisations seeking security leadership advice. |