Cyber is the New Cyber – Managing Emergent Risks

Panel Description

While the field of cybersecurity is easily over 30 years old, it continues to be a nexus for significant risk in emerging technologies.  This session will explore how threat actors are adapting to new environments and adopting disruptive technologies to achieve their goals.

Kristin Del Rosso, Field CTO, Public Sector, Sophos
Juan Andres Guerrero-Saade, Sr Director of SentinelLabs, SentinelOne
Sarah Jones, Senior Threat Intelligence Analyst, Microsoft
Visi Stark, cofounder, The Vertex Project

Panelists Biographies

Kristin Del Rosso is the field Field CTO for the Public Sector at Sophos.  Previously, Kristin was a product manager at Sophos focusing on Incident Response, Threat Intelligence, and the SecOps ecosystem. Previously, she was an analyst on Lookout Mobile Security’s Threat Intelligence team, focusing on reversing Android surveillance software, and tracking threat actors and their infrastructure. She enjoys threat hunting and learning about new forms of security research, and in her spare time can be found practicing Jiu-Jitsu or making pasta from scratch.

X: @kristindelrosso | LinkedIn

By or featuring Kristin Del Rosso:

• Ghost in the Breach: Using breach intelligence to hunt hidden Russian assets
• Sleight of hand: How China weaponizes software vulnerabilities
• How China Demands Tech Firms Reveal Hackable Flaws in Their Products
• A Conversation with OODA Network Expert Kristin Del Rosso on Cybersecurity and National Vulnerability Database Research
• Sophos’ Kristin Del Rosso on the US National Vulnerability Database (NVD) and the Chinese NVD (CNNVD)
• Using Geopolitical Conflicts for Threat Hunting

Juan Andres Guerrero-Saade is the Senior Director of SentinelLabs at SentinelOne.  Juan Andrés is a security researcher tracking cyberespionage groups and an Adjunct Professor of Strategic Studies at Johns Hopkins SAIS Alperovitch Institute for Cybersecurity Studies. Juan Andrés was Chronicle Security’s Research Tsar, founding researcher of the Uppercase team, and a stealth startup co-founder. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky’s GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador.  Juan Andrés comes from a background of interdisciplinary research in Philosophical Logic. His joint work on Moonlight Maze is now featured in the International Spy Museum’s permanent exhibit in Washington, DC.

X: @juanandres_gs

By or featuring Juan Andres Guerrero-Saade:

• Talks and Publications
• John Hopkins SAIS Faculty Profile

Sarah Jones is a Senior Threat Intelligence Analyst at Microsoft Threat Intelligence.  Sarah researchs APT (advanced persistent threat) groups that originate from China and work on behalf of the Chinese government, track their malware development over time and research their methods for creating infrastructure and compromising victim networks. Before joining Microsoft Threat Intelligence, Sarah primarily focused on China, but has also worked on Iranian and Russian groups.  Earlier in her career, Sarah worked in Security Operations Centers and focused on internal security for government and corporate networks.  On her subject matter expertise and experience, Sarah notes that “one of the great things about studying China threat actor groups is the ability to track them over such long periods of time. It’s very interesting to be able to research groups that I remember from 10 years ago and watch their evolution over time.”

X: @msftsecurity  | LinkedIn 

By or featuring Sarah Jones:

• On the frontlines: Decoding Chinese threat actor tactics and techniques
• Microsoft Digital Defense Report 2023: Building cyber resilience

Visi Stark is the cofounder of The Vertex Project, developers of Synapse: a central intelligence system built for analytical teams to house entire intelligence lifecycles from collection to analysis to reporting in a single solution.

X: @vtxproject | LinkedIn

By or featuring Visi Stark:

• The Vertex Project Blog
• Vertex Intel-Sharing: Sinkhole Infrastructure Research
• Capturing Structured Data in Spotlight with the Table Extractor
• Using the Synapse-Mitre-Attack Power-Up to Ask Questions of the MITRE ATT&CK Framework
• Using Mobile Phone Telemetry to Track a Diplomat
• Vertex Intelligence Sharing Community
• List of Awesome Vertex Synapse Resources

Additional OODA Loop Resources

Cyber Risks

Corporate Board Accountability for Cyber Risks: With a combination of market forces, regulatory changes, and strategic shifts, corporate boards and their directors are now accountable for cyber risks in their firms. See: Corporate Directors and Risk

Geopolitical-Cyber Risk Nexus: The interconnectivity brought by the Internet has made regional issues affect global cyberspace. Now, every significant event has cyber implications, making it imperative for leaders to recognize and act upon the symbiosis between geopolitical and cyber risks. See The Cyber Threat

Ransomware’s Rapid Evolution: Ransomware technology and its associated criminal business models have seen significant advancements. This has culminated in a heightened threat level, resembling a pandemic in its reach and impact. Yet, there are strategies available for threat mitigation. See: Ransomware, and update.

Challenges in Cyber “Net Assessment”: While leaders have long tried to gauge both cyber risk and security, actionable metrics remain elusive. Current metrics mainly determine if a system can be compromised, without guaranteeing its invulnerability. It’s imperative not just to develop action plans against risks but to contextualize the state of cybersecurity concerning cyber threats. Despite its importance, achieving a reliable net assessment is increasingly challenging due to the pervasive nature of modern technology. See: Cyber Threat