Ed Skoudis's COINS event in NYC: The Bad Guys are Winning: So Now What?

The Learning Tree generously hosted a SANS COINS event in New York City last week. The COINS program (community of interest in network security) allows organizations to invite a SANS instructor to deliver a presentation or teach a class on a specific topic. The COINS events typically bring together individuals with a passion for the security field.

Of all the professional events that I attended, this one had by far the most fantastic view of the Statue of Liberty with the Verrazzano bridge in the background and the New Jersey coastline. The 30^th floor of One New York Plaza, New York, NY might just do that :)

The event itself was attended by about twenty participants, which gave it a nice level of direct interaction. Ed Skoudis, SANS Faculty and one of the founders of InGuardians, presented a though-provoking talk titled The Bad Guys are Winning: So Now What? about the changing information security landscape.

Many organizations expect security professionals to be generalists who are able to perform internal pentests, audit systems, ensure compliance, perform incident response and forensics, develop security policy and awareness programs and much more.

One of the key point that Skoudis drove home is that not that not all information security practitioners have to be generalists. For the sake of the presentation, Ed distinguished three main groups: Penetration Testers, Enterprise Security Professionals and Military. Each of these three groups should have different focal areas. For example, a pentester needs to have detailed knowledge and skills of how to identify and exploit vulnerabilities and of how to assess (and communicate) the business risk of those vulnerabilities. An enterprise security specialist must also know about exploiting vulnerabilities, but does not need to possess the same in-depth exploitation skills that pentesters have. Instead, they must be much more familiar with preventing and identifying attacks and responding to them.

In addition to the generalist vs. specialist-discussion, Skoudis covered some more topics.

For me, it was interesting to finally meet the primary author of the material that I teach as a SANS mentor.

Ed Skoudis will be back in New York City from November 2 - November 7, when he will be teaching his course Hacker Techniques, Exploits and Incident Handling bootcamp style.