DETECTING AND HANDLING SUPPLY CHAIN ATTACKS
Vladimir Dashchenko is a VP of Threat Intelligence at DeNexus. He has 10+ years of offensive and defensive security experience in different roles: penetration tester, vulnerability researcher and security analyst.
Vladimir started his career at the Federal Space Agency in Russia as a security engineer. He was also leading Kaspersky ICS CERT Vulnerability Research team and doing various projects on ICS/IoT/Automotive security.
You might see his name mentioned in security advisories or ‘Halls of Fame’ by different world known vendors, such as Siemens, Schneider Electric, Rockwell Automation, Gemalto, BMW, etc
About the training:
According to Accenture, up to 40% of cybersecurity attacks are now occurring indirectly through the supply chain. Supply chain attacks may not yet be as common as traditional attack vectors, but their complexity and impact is significantly higher. SolarWinds still dominates the headlines, and more ongoing attacks like this one will undoubtedly emerge in the near future.
So what can we do to spot and stop supply chain attacks? Familiarise yourself with a proven set of essential procedures, tools and technologies, contract requirements and general awareness proven to minimize risk:
Supply Chain and Trusted Partners: definitions, examples and differences
Well known and lesser known examples of SC&TP attacks
Usage of TTPs based on MITRE ATT&CK mapping
Current state of SC&TP Security Standards and Frameworks: how to assess SC&TP security using existing approaches
How to identify which business areas should be considered and monitored for SC&TP security
How to identify which existing tools/solutions/procedures/people/roles cover those business areas
This training also incorporates key steps to build your SC&TP Cybersecurity Monitoring Framework, and uses different practical and problem-solving tasks to aid understanding of the learning content covered.
Gain a solid understanding of the most up to date snapshot of cybersecurity for Supply Chain and Trusted Partners
Essentials skills for defining which business areas in your company and environment should be covered when you build SC&TP cybersecurity
In depth understanding of cross-standard SC&TP cyber-security assessment: identifying which security standards you might use to protect your assets
Access to an expert-recommended set of commercial and open-source tools covering a range of SC&TP cybersecurity to protect your assets
Practical and strategic knowledge on how to better protect your organization against SC&TP attack vectors
Ready to use HOWTO steps to build or enhance your own SC&TP cybersecurity framework
What you get after the training:
itrainsec shareable certificate, signed by the trainer (add it to your LinkedIn profile)
Practical skill to elevate your career to the next level
After-training consultancy and support
Expansion of your professional network in the cybersecurity industry
Stronger cybersecurity posture of your business
The course is recommended for Risk Management roles, OT Management companies, System Integrators, IT/OT Security Managers.