En Málaga o en Nueva York: Cómo ‘hackear’ tu carrera en ciberseguridad (Spanish)

Presentado en CyberCamp 18, Málaga, el 30 de Noviembre de 2018 (ver agenda y ponentes)

Full recording of the presentation in English: https://www.youtube.com/watch?v=bUaVt3rjSwc&t=6991s (my talk starts at minute ’59).

Si hace 20 años, cuando trabajaba como desarrollador web para una pequeña ‘.com’ en Málaga, me hubiesen dicho que tendría la oportunidad de diseñar, construir y gestionar el programa de ciberseguridad de la red hospitalaria de la ciudad de Nueva York, el de un Banco en Dubai o el de una empresa de software con sede en Sydney, presentar mis proyectos en BlackHat, diseñar productos de seguridad para McAfee, liderar iniciativas de seguridad en Intel y formar a profesionales de Microsoft, Amazon, NASA o FBI, ¿qué crees que habría pensado? Obviamente… ¡que era imposible!

Pero, ¿no es en eso en lo que consiste la filosofía ‘hacker’? Hacer posible, lo imposible. Y todo empieza por ‘hackearte’ a ti mismo, crear tus oportunidades y sacar el máximo provecho de aquellas que se presentan. ¿Quieres saber cómo? En esta sesión compartiré recomendaciones y experiencias útiles, tanto para aquellos que quieren desarrollar su carrera en ciberseguridad, como aquellos que quieren impulsarla y desarrollar todo su potencial.

Slides:


Grabación completa del día Viernes, 30 de Noviembre. Mi presentación comienza en el minuto ’59:

Entrevista en el Diario Sur con motivo de la conferencia:

https://www.diariosur.es/tecnologia/ismael-valenzuela-estar-20181201222152-nt.html

When Prevention Fails: Extending IR and Digital Forensics to the Corporate Network (slides from SANS Boston 2011)

The slides from my @night talk at SANS Boston 2011 are available for download now:

When Prevention Fails, Extending IR and Digital Forensics Capabilities to the Corporate Network (PDF – 6,2 MB)

Speaking at SANS Boston

Thanks to Barbara Basalguete, Stephen Northcutt and the rest of the SANS crew for the opportunity to participate in such a great event, as well as to all the attendees that preferred to stay around after a long training day instead of heading off to Harvard Square for Friday party!

When Prevention Fails: Extending IR and Digital Forensics capabilities to the corporate network

2011 is being a big year for cybersecurity incidents with high profile attacks reported against large organizations including HBGary Federal, RSA, Lockheed Martin and several Sony companies among others. With smarter intruders that can make use of both very sophisticated attacks and simple, yet effective, phishing attacks against our users, everyone should assume that at some point their preventive measures will fail, and that sooner or later you will have to recover from a future intrusion. Based on this assumption several questions arise: When prevention fails, what is left? Am I ready to detect, react and recover from an intrusion? What can Network Security Monitoring and Digital Forensics do for me?

Ismael’s talk will address these questions, describing the latest trends in computer attacks and intrusions, including the use of Botnets and what has been called the Advanced Persistent Threats (APT). Lastly, Ismael will show how Network Security Monitoring (NSM) and Digital Forensics methods and tools can be extended to the corporate network to assist in the early detection and investigation of these threats. Best practices and techniques on how to do NSM, full packet capture, network forensic analysis and data carving will be discussed, along with some live demos using tools that are available to any security practitioner.