Session Title | Cyber Deterrence: Beyond Cyber Defense
"CYBER DETERENCE: BEYOND CYBER DEFENSE
We don't know for sure who said ""Attack is the best for of defense""; was it Sun Tsu or Napoleion Bonaparte? It really doesn't matter because this saying indeed worked for every single commander who used it no matter what his nationality is ... Today this concept is coming to the cyber space because the fact security operation has been always focused in the past on monitoring/detection of offenses and responding to it through containment, investigation and recovery is simply no more enough. Why? Because this approach forcu on the attack rather than the attacker and turn the institution/enterprise to a punching bag that is continiously beaten and the best it can do is to be strong enough in order not to be blow in pieces by the punches ... But what if ... Just what if we start focusing on the attacker rather than the attack? What if we follow a preventive/pre-emptive approach to cyber security rather than the current reactive approach? Welcome to the ""Cyber Deterence"" approach increasingly being adopted by both private and public sectors.
Cyber deterence will be implemented through next generation of cyber security operation centers which has to cover 3 distinct areas through all of them cyber deterence will be delivered:
- Cyber Defense: with proper detection, monitoring & response tools,
- Cyber Offense: with proper deception & attack tools,
- Cyber Inteligence: with proper actionable intelligence, sources, brand visibility & Authorities connection.
The value expected from NG-CSOC today is the same value expected from military and police display of power: make a threat actor think twice at least or not think at all at best of performing an attack because he knows the institution is not a punching bag: It will hit back. For this to happen legislation has to change, an executive cyber security bodies has to exist, coordination mechanisms between public & private sector NG-CSOC and cyber security executive bodies has to be put in place, cyber alliances with other nations has to be belt, thechnologies such as honeypots, traffic generators, vulnerability management, threat intelligence, SIEM, SOAR, EDR, needs to be covered as well as processes and organization as previously explained."
"Osama M. Hijji is a computer engineer with a total of 22 years of experience in Information/Cyber Security Management in various disciplines including banking, telecom, government, health, IT & Military with oversight & insight in security technology, operations, governance, risk, compliance, IT security, OT/IoT security (ATMs, Phone Banking, Mobile Wallet, Mobile & Internet Banking, SCADA, Indistrial Control Systems, etc..), cyber security (SOC, IRST, CERT, red teams, war-gaming, pen-testing, etc...), physical security & security intelligence (brand protection, threat intelligence, etc..) in local, multi-national, private & public sectors firms/institutions. More and above Osama has a significant experience in IT Enterprise & Service Management.
Osama holds a bachelor degree in computer engineering from Arab Academy of Sciences & Technology (AAST). He is CISM, PMP, ITIL V2 Foundation, ITIL V3 Foundation, ITIL V3 Intermediate – SS, SO & CSI certified in addition to having over 40 Technical & business training including ISO9000, ISO20000, ISO27001, SAS-70, PCI-DSS, Process Management (Documentation & Auditing). Osama speaks fluently Arabic, English, French and can understand & manage with Italian.
Osama has a broad experience with security technologies including firewalls, web application firewalls, proxies, intrusion detection, advanced threat protection, DDoS Mitigation, ned-point security, email & web security, database activity monitoring, privileged account management, SS7 Security, PKI infrastructure, etc ... "