Ta spletna stran hrani piškotke, da bi vam zagotovili boljšo uporabniško izkušnjo in popolno funkcionalnost te strani.

Analitične piškotke uporabljamo s storitvijo Google Analytics, samo z vašo privolitvijo. Sprejemam Zavrnitev Več informacij
Pojdi na vsebino
Arhiv predavanj

Red Teaming in Security Operations Center: sinergija za višjo raven kibernetske varnosti

  • NTK 2022
  • Stopnja 300
  • Datum torek
    27. september 2022     12:00

Vdorno testiranje IT sistemov in odzivanje na varnostne grožnje sta aktivnosti, ki ju izvajata diametralno nasprotni ekipi: napad in obramba. Tako testiranje kot zaznava sta v zadnjih letih postala trend tudi v Sloveniji, saj proaktivno upravljanje pripomore k višji ravni kibernetske varnosti v organizaciji. Glede na vse boljšo tehnično zaščito IT sistemov največje tveganje za vdor predstavljajo t. i. »0-day« ranljivosti, za katere (še) ni varnostnih popravkov, napadalci pa jih že poznajo in skušajo izrabiti. Prav na tem področju najbolj pride do izraza dodana vrednost testiranja ter sposobnost zaznavanja in odzivanja. Ob izvajanju penetracijskih testov in vaj z Red Teaming napadi tako napadalci kot obramba širimo svoje znanje in posredno krepimo obrambni zid organizacije. V združenem predavanju strokovnjakov za penetracijska testiranja iz podjetja Carbonsec d.o.o. in strokovnjakov Varnostno operativnega centra podjetja NIL d.o.o. bomo na realnem primeru v demo okolju predstavili obravnavo »0-day« ranljivosti s strani pentesterjev in s strani odzivnega centra.

Grega Prešeren

Carbonsec d.o.o.

Grega Prešeren is Carbonsec’s CTO and one of the most experienced ethical hackers in Slovenia. He set the foundations of his professional career with his master’s thesis and has been developing his cybersecurity competencies to top proficiency. Since 2010, he has performed more than 200 security checks of networks, IT systems, cloud and IoT services, web and mobile applications, as well as industrial and SCADA systems. He has gained several certificates for testing information and application security, such as SANS GXPN, GWAPT, GMOB, GICSP, and GCPN, as well as certificates for testing IT networks, such as CCNP, CCNA Security, and CCAI. He is an acknowledged lecturer in the subject field of application security, regularly lecturing at information security events. Since 2017, he has been the leading ethical hacker and lecturer in the co-owned company Carbonsec d.o.o.  

Andrej Gornik

Carbonsec d.o.o.

Andrej Gornik studied at the Faculty of Electrical Engineering, majoring in telecommunications. As a Senior Penetration Tester at CARBONSEC d.o.o., he is involved in penetration testing of IT systems and applications and cyber security consulting. Years of experience in IT security, web application development, integrated management of Linux and Windows operating systems, management of central building blocks of large and small networks and implementation of secure and reliable services are the foundation for his holistic view of IT systems and successful completion of the most complex and demanding tests. Recently, he has been focusing on developing ethical malicious code and vulnerability analysis of web services, mobile devices and IoT solutions.  

Matevž Mesojednik

NIL

Matevž Mesojednik joined NIL in 2016 as one of the leading information security experts. He has over a decade of experience in security auditing and orchestrating IT security systems for enterprises in the financial and public sectors and energy industry. His expertise includes the coordination of large projects and team management. Since 2018, Matevž has had the role of NIL’s SOC manager. He is responsible for prioritizing workloads within NIL’s Security Operations Center, providing managed security operations through security triage, analysis, managed detection, and incident response services.