Joey has more than 20 years of experience in the information technology industry, specializing in information security for over 15 years. Prior to joining the Citrix Security team, he served as the director of professional services for GuidePoint Security, heading up the security assessments, application and mobile, and cloud security consulting practices. Joey is an active member of the information security community, speaking frequently at conferences and events such as BSides, RVAsec, OWASP, and TakeDownCon. He has also written, or appeared in, articles by Hakin9, SC Magazine, SD Times, and Network World.
Deceptive Defense: Beyond Honeypots
Everyone knows malicious hackers utilize deception all the time. Maybe it’s a tactical DDoS attack, meticulously timed to misdirect defenders from an initial intrusion, or perhaps a data exfiltration event. Attackers reuse competitors’ code, and compile malware in languages other than their own to encourage false attribution. The examples are endless. Quarterbacks are masters of deception, too. This talk compares deceptive practices of top NFL quarterbacks with practical deception in the Enterprise, and offers suggestions on how security practitioners can utilize ruses, disinformation, misdirection, and other techniques to increase the cost of targeting an organization to the point that the risk no longer justifies the reward. The presentation covers effective recommendations deployed in production environments today that don’t require purchasing expensive deception systems.