�ݺ�ߣshows by User: LancePeterman1

�ݺ�ߣshows by User: LancePeterman1 / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: LancePeterman1 / Wed, 23 Jun 2021 16:21:29 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: LancePeterman1 Identiverse 2021 - Field of Dreams is a Myth – Supporting Digital Identity Beyond the Project /slideshow/identiverse-2021-field-of-dreams-is-a-myth-supporting-digital-identity-beyond-the-project/249464970 identiverse2021-lpeterman-fieldofdreams-210623162129
A lesson found far too often in identity & cybersecurity programs: buy the tools, we'll worry about support & operations later. Far too often, enterprises allocate budget to acquire technologies to support digital identity initiatives, failing to consider the people and processes that will need to be added or changed to make the initiative a success. I call this the, "Field of Dreams - Build It and They Will Come" model. In this talk, I'll share the lessons learned in building digital identity solutions at 3 very different companies, with 3 very different outcomes. We’ll explore wisdom gained across 3 different digital identity service domains including: privileged access management, identity governance & administration, and access management.]]>
A lesson found far too often in identity & cybersecurity programs: buy the tools, we'll worry about support & operations later. Far too often, enterprises allocate budget to acquire technologies to support digital identity initiatives, failing to consider the people and processes that will need to be added or changed to make the initiative a success. I call this the, "Field of Dreams - Build It and They Will Come" model. In this talk, I'll share the lessons learned in building digital identity solutions at 3 very different companies, with 3 very different outcomes. We’ll explore wisdom gained across 3 different digital identity service domains including: privileged access management, identity governance & administration, and access management.]]> Wed, 23 Jun 2021 16:21:29 GMT /slideshow/identiverse-2021-field-of-dreams-is-a-myth-supporting-digital-identity-beyond-the-project/249464970 LancePeterman1@slideshare.net(LancePeterman1) Identiverse 2021 - Field of Dreams is a Myth – Supporting Digital Identity Beyond the Project LancePeterman1 A lesson found far too often in identity & cybersecurity programs: buy the tools, we'll worry about support & operations later. Far too often, enterprises allocate budget to acquire technologies to support digital identity initiatives, failing to consider the people and processes that will need to be added or changed to make the initiative a success. I call this the, "Field of Dreams - Build It and They Will Come" model. In this talk, I'll share the lessons learned in building digital identity solutions at 3 very different companies, with 3 very different outcomes. We’ll explore wisdom gained across 3 different digital identity service domains including: privileged access management, identity governance & administration, and access management. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/identiverse2021-lpeterman-fieldofdreams-210623162129-thumbnail.jpg?width=120&height=120&fit=bounds" /> A lesson found far too often in identity & cybersecurity programs: buy the tools, we'll worry about support & operations later. Far too often, enterprises allocate budget to acquire technologies to support digital identity initiatives, failing to consider the people and processes that will need to be added or changed to make the initiative a success. I call this the, "Field of Dreams - Build It and They Will Come" model. In this talk, I'll share the lessons learned in building digital identity solutions at 3 very different companies, with 3 very different outcomes. We’ll explore wisdom gained across 3 different digital identity service domains including: privileged access management, identity governance & administration, and access management.

Identiverse 2021 - Field of Dreams is a Myth – Supporting Digital Identity Beyond the Project from Lance Peterman

]]> 193 0 https://cdn.slidesharecdn.com/ss_thumbnails/identiverse2021-lpeterman-fieldofdreams-210623162129-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Modlishka - Is a Mantis Eating 2FA's Lunch? /slideshow/modlishka-is-a-mantis-eating-2fas-lunch/169652716 modlishka-2fa-peterman-dcversion-190906202348
In January this year, a Polish security researcher named Piotr Duszyński released a pen testing toolkit named Modlishka, (which loosely translates in English to Mantis) that can automate attacks against websites that use either SMS or OTP based two-factor authentication (2FA). While this is certainly concerning, the ability to co-opt some of these methods of 2FA is hardly new. Yet, the common response from some security pundits was that 2FA as an entire category was under assault and likely to fail. Instead of embracing the 'security panic theater' and wringing my hands, I'll review the current 2FA threat landscape, take a look at practical steps to mitigate those threats, and then I’ll review the current/future state of 2FA and alternative authentication methods.]]>
In January this year, a Polish security researcher named Piotr Duszyński released a pen testing toolkit named Modlishka, (which loosely translates in English to Mantis) that can automate attacks against websites that use either SMS or OTP based two-factor authentication (2FA). While this is certainly concerning, the ability to co-opt some of these methods of 2FA is hardly new. Yet, the common response from some security pundits was that 2FA as an entire category was under assault and likely to fail. Instead of embracing the 'security panic theater' and wringing my hands, I'll review the current 2FA threat landscape, take a look at practical steps to mitigate those threats, and then I’ll review the current/future state of 2FA and alternative authentication methods.]]> Fri, 06 Sep 2019 20:23:48 GMT /slideshow/modlishka-is-a-mantis-eating-2fas-lunch/169652716 LancePeterman1@slideshare.net(LancePeterman1) Modlishka - Is a Mantis Eating 2FA's Lunch? LancePeterman1 In January this year, a Polish security researcher named Piotr Duszyński released a pen testing toolkit named Modlishka, (which loosely translates in English to Mantis) that can automate attacks against websites that use either SMS or OTP based two-factor authentication (2FA). While this is certainly concerning, the ability to co-opt some of these methods of 2FA is hardly new. Yet, the common response from some security pundits was that 2FA as an entire category was under assault and likely to fail. Instead of embracing the 'security panic theater' and wringing my hands, I'll review the current 2FA threat landscape, take a look at practical steps to mitigate those threats, and then I’ll review the current/future state of 2FA and alternative authentication methods. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/modlishka-2fa-peterman-dcversion-190906202348-thumbnail.jpg?width=120&height=120&fit=bounds" /> In January this year, a Polish security researcher named Piotr Duszyński released a pen testing toolkit named Modlishka, (which loosely translates in English to Mantis) that can automate attacks against websites that use either SMS or OTP based two-factor authentication (2FA). While this is certainly concerning, the ability to co-opt some of these methods of 2FA is hardly new. Yet, the common response from some security pundits was that 2FA as an entire category was under assault and likely to fail. Instead of embracing the 'security panic theater' and wringing my hands, I'll review the current 2FA threat landscape, take a look at practical steps to mitigate those threats, and then I’ll review the current/future state of 2FA and alternative authentication methods.

Modlishka - Is a Mantis Eating 2FA's Lunch? from Lance Peterman

]]> 218 1 https://cdn.slidesharecdn.com/ss_thumbnails/modlishka-2fa-peterman-dcversion-190906202348-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 More than Vaulting - Adapting to New Privileged Access Threats /slideshow/more-than-vaulting-adapting-to-new-privileged-access-threats/142653340 pam-ithtfinal-2019-190428232013
The infrastructure and threat landscape is changing, how is your PAM program keeping up? In this talk, we look at the current state PAM reference architecture, then look at recent threats and incidents, and finally look at new approaches beyond vaulting to reduce privileged access risk.]]>
The infrastructure and threat landscape is changing, how is your PAM program keeping up? In this talk, we look at the current state PAM reference architecture, then look at recent threats and incidents, and finally look at new approaches beyond vaulting to reduce privileged access risk.]]> Sun, 28 Apr 2019 23:20:13 GMT /slideshow/more-than-vaulting-adapting-to-new-privileged-access-threats/142653340 LancePeterman1@slideshare.net(LancePeterman1) More than Vaulting - Adapting to New Privileged Access Threats LancePeterman1 The infrastructure and threat landscape is changing, how is your PAM program keeping up? In this talk, we look at the current state PAM reference architecture, then look at recent threats and incidents, and finally look at new approaches beyond vaulting to reduce privileged access risk. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/pam-ithtfinal-2019-190428232013-thumbnail.jpg?width=120&height=120&fit=bounds" /> The infrastructure and threat landscape is changing, how is your PAM program keeping up? In this talk, we look at the current state PAM reference architecture, then look at recent threats and incidents, and finally look at new approaches beyond vaulting to reduce privileged access risk.

More than Vaulting - Adapting to New Privileged Access Threats from Lance Peterman

]]> 3751 2 https://cdn.slidesharecdn.com/ss_thumbnails/pam-ithtfinal-2019-190428232013-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 IDY-T08 More than Vaulting: Adapting to New Privileged Access Threats /slideshow/idyt08-more-than-vaulting-adapting-to-new-privileged-access-threats/134951226 idy-t08-lpeterman-finalslides-190306173943
The threat landscape for exploiting privileged credentials is changing rapidly. How is your privileged access management program keeping up? The central challenge in any PAM effort is a confluence of adapting to changing threat vectors and technology upheaval in the enterprise. This talk will review how PAM has evolved, how the threats have changed and some new tactics to reduce risk in this area.]]>
The threat landscape for exploiting privileged credentials is changing rapidly. How is your privileged access management program keeping up? The central challenge in any PAM effort is a confluence of adapting to changing threat vectors and technology upheaval in the enterprise. This talk will review how PAM has evolved, how the threats have changed and some new tactics to reduce risk in this area.]]> Wed, 06 Mar 2019 17:39:43 GMT /slideshow/idyt08-more-than-vaulting-adapting-to-new-privileged-access-threats/134951226 LancePeterman1@slideshare.net(LancePeterman1) IDY-T08 More than Vaulting: Adapting to New Privileged Access Threats LancePeterman1 The threat landscape for exploiting privileged credentials is changing rapidly. How is your privileged access management program keeping up? The central challenge in any PAM effort is a confluence of adapting to changing threat vectors and technology upheaval in the enterprise. This talk will review how PAM has evolved, how the threats have changed and some new tactics to reduce risk in this area. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/idy-t08-lpeterman-finalslides-190306173943-thumbnail.jpg?width=120&height=120&fit=bounds" /> The threat landscape for exploiting privileged credentials is changing rapidly. How is your privileged access management program keeping up? The central challenge in any PAM effort is a confluence of adapting to changing threat vectors and technology upheaval in the enterprise. This talk will review how PAM has evolved, how the threats have changed and some new tactics to reduce risk in this area.

IDY-T08 More than Vaulting: Adapting to New Privileged Access Threats from Lance Peterman

]]> 79 2 https://cdn.slidesharecdn.com/ss_thumbnails/idy-t08-lpeterman-finalslides-190306173943-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Revisiting Privileged Access in Today's Threat Landscape /slideshow/revisiting-privileged-access-in-todays-threat-landscape/103511457 revisitingpamintodaysthreatlandscape-identiverse-180628222019
If identity is indeed the new perimeter, then privileged access is its primary attack vector. Weak credentials and privilege misuse are consistently identified as the dominant pattern in data breach reports. Approaches to managing privileged access are struggling to keep pace with the changing threats. In this session, we'll examine recent attacks that exploit privilege misuse, analyze some of the specific methods used (like mimikatz), then examine new approaches that can mitigate this risk to the enterprise. Emphasis here will be vendor agnostic, but we will discuss specific technical approaches as well as some technologies that can assist in managing privileged access and adopting a program of least privilege. In addition, we’ll explore differences in approach between on-prem PAM approaches compared with various cloud technologies. We'll also discuss common roadblocks in PAM programs and potential methods to resolve them. Finally, we’ll look at the role that identity & user behavior analytics (UBA/UEBA) can play in providing an active defense against privilege misuse.]]>
If identity is indeed the new perimeter, then privileged access is its primary attack vector. Weak credentials and privilege misuse are consistently identified as the dominant pattern in data breach reports. Approaches to managing privileged access are struggling to keep pace with the changing threats. In this session, we'll examine recent attacks that exploit privilege misuse, analyze some of the specific methods used (like mimikatz), then examine new approaches that can mitigate this risk to the enterprise. Emphasis here will be vendor agnostic, but we will discuss specific technical approaches as well as some technologies that can assist in managing privileged access and adopting a program of least privilege. In addition, we’ll explore differences in approach between on-prem PAM approaches compared with various cloud technologies. We'll also discuss common roadblocks in PAM programs and potential methods to resolve them. Finally, we’ll look at the role that identity & user behavior analytics (UBA/UEBA) can play in providing an active defense against privilege misuse.]]> Thu, 28 Jun 2018 22:20:19 GMT /slideshow/revisiting-privileged-access-in-todays-threat-landscape/103511457 LancePeterman1@slideshare.net(LancePeterman1) Revisiting Privileged Access in Today's Threat Landscape LancePeterman1 If identity is indeed the new perimeter, then privileged access is its primary attack vector. Weak credentials and privilege misuse are consistently identified as the dominant pattern in data breach reports. Approaches to managing privileged access are struggling to keep pace with the changing threats. In this session, we'll examine recent attacks that exploit privilege misuse, analyze some of the specific methods used (like mimikatz), then examine new approaches that can mitigate this risk to the enterprise. Emphasis here will be vendor agnostic, but we will discuss specific technical approaches as well as some technologies that can assist in managing privileged access and adopting a program of least privilege. In addition, we’ll explore differences in approach between on-prem PAM approaches compared with various cloud technologies. We'll also discuss common roadblocks in PAM programs and potential methods to resolve them. Finally, we’ll look at the role that identity & user behavior analytics (UBA/UEBA) can play in providing an active defense against privilege misuse. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/revisitingpamintodaysthreatlandscape-identiverse-180628222019-thumbnail.jpg?width=120&height=120&fit=bounds" /> If identity is indeed the new perimeter, then privileged access is its primary attack vector. Weak credentials and privilege misuse are consistently identified as the dominant pattern in data breach reports. Approaches to managing privileged access are struggling to keep pace with the changing threats. In this session, we'll examine recent attacks that exploit privilege misuse, analyze some of the specific methods used (like mimikatz), then examine new approaches that can mitigate this risk to the enterprise. Emphasis here will be vendor agnostic, but we will discuss specific technical approaches as well as some technologies that can assist in managing privileged access and adopting a program of least privilege. In addition, we’ll explore differences in approach between on-prem PAM approaches compared with various cloud technologies. We'll also discuss common roadblocks in PAM programs and potential methods to resolve them. Finally, we’ll look at the role that identity & user behavior analytics (UBA/UEBA) can play in providing an active defense against privilege misuse.

Revisiting Privileged Access in Today's Threat Landscape from Lance Peterman

]]> 125 2 https://cdn.slidesharecdn.com/ss_thumbnails/revisitingpamintodaysthreatlandscape-identiverse-180628222019-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Privileged Access Management - 2016 /slideshow/privileged-access-management-2016/61777992 pam-bsidesfinal-160507193317
�ݺ�ߣs from a talk I gave at BSides Charlotte & IT Hot Topics]]>
�ݺ�ߣs from a talk I gave at BSides Charlotte & IT Hot Topics]]> Sat, 07 May 2016 19:33:17 GMT /slideshow/privileged-access-management-2016/61777992 LancePeterman1@slideshare.net(LancePeterman1) Privileged Access Management - 2016 LancePeterman1 �ݺ�ߣs from a talk I gave at BSides Charlotte & IT Hot Topics <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/pam-bsidesfinal-160507193317-thumbnail.jpg?width=120&height=120&fit=bounds" /> �ݺ�ߣs from a talk I gave at BSides Charlotte & IT Hot Topics

Privileged Access Management - 2016 from Lance Peterman

]]> 3049 6 https://cdn.slidesharecdn.com/ss_thumbnails/pam-bsidesfinal-160507193317-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-LancePeterman1-48x48.jpg?cb=1693680483 For more details, find me on linkedin identitybytes.com https://cdn.slidesharecdn.com/ss_thumbnails/identiverse2021-lpeterman-fieldofdreams-210623162129-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/identiverse-2021-field-of-dreams-is-a-myth-supporting-digital-identity-beyond-the-project/249464970 Identiverse 2021 - Fi... https://cdn.slidesharecdn.com/ss_thumbnails/modlishka-2fa-peterman-dcversion-190906202348-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/modlishka-is-a-mantis-eating-2fas-lunch/169652716 Modlishka - Is a Manti... https://cdn.slidesharecdn.com/ss_thumbnails/pam-ithtfinal-2019-190428232013-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/more-than-vaulting-adapting-to-new-privileged-access-threats/142653340 More than Vaulting - A...