Sivaraman Girisan

Security Architect

Abu Dhabi Airports

Sivaraman is a cybersecurity consultant turned security architect who thinks red and acts blue. He leverages his pentesting experience and real world attack technique insights to enhance prevention / detection capabilities and cybersecurity posture.

Speaker sessions

Operationalizing Threat Informed Defense - A Security Architect’s Perspective

Introduction: Overview of Threat Informed Defense (TiD) concept and a brief discussion on the Lockheed Martin kill chain paper which originally defined the kill chain and behavioral indicators. TiD Adoption Current State: Highlights on the primary adoption of TiD which includes SIEM / EDR Providers, SOC Teams and to a limited extent by Red Teams. Opportunities for TiD adoption beyond detection and emulation space. Limitations of VAPT: Vulnerabilities (which are not CVE-based) that contribute to attack techniques are only identified through pentests. Pentests by nature are not exhaustive vulnerability identification mechanism. An external consultant being able to compromise the same organization year after year showcases this gap of not being able to address the broader problem.TiD approach for vulnerability management: Att&ck matrix, incident analysis reports, pentest/red teamer checklists to be reviewed to obtain attack techniques that are abused by adversaries and red teamers. Filter out attack techniques that cannot be prevented by remediating the vulnerability. By focusing on vulnerabilities which are not CVEs and has a potential to reoccur and is directly contributing to an attack technique, we are adopting a TiD approach for vulnerability remediation. Practical case study of prior execution to be presented.Security Architect’s TiD: Demonstrate the framework which unites various aspects of cybersecurity to enable streamlined measurement and improvement against know techniques. Discuss the implementation technique of linking attack technique to vulnerability identification, remediation, logs, attack detection, proactive vulnerability detection and threat hunting. Present the practical case study of developing and operationalizing this framework.