­
Enhancing Cybersecurity with Modern Techniques and Procedures by Ed Adams, Paul Dibello, Tejas Shroff and Bikash Barai - All Articles - CISO Platform

 

 Enhancing%20Cybersecurity%20with%20Modern%20Techniques%20and%20Procedures.png

 

In today's dynamic cybersecurity landscape, traditional security measures are no longer sufficient to combat evolving threats. As organizations strive to fortify their defenses, they must adopt new tools, techniques, and procedures (TTPs) to stay ahead of adversaries. In this blog, we'll explore the significance of modern TTPs and their role in bolstering cybersecurity resilience.

 

 

 

Here is the verbatim discussion:

the reconnaissance the discovery the inventory right and then they say here you go right Mr C Mr Miss customer it's yours now right so have at it right but I think there are other tools some newer tools and techniques and procedures to where it's not good enough right tus it's not good enough to just be able to say I think that door is unlocked and if I go like this I might be able to get inside but I'm not going to touch it because that would be happy to be on this panel thank you Ed thanks very much appreciate it it's great great to have you here uh in beautiful Boston Massachusetts it's great um our next panelist is um uh tus uh shro tagis out of the Dallas Fort Worth area today we again we're representing today uh my old my old stomping grounds down there t just a few few words about yourself sir yes I'm a senior director in the cloud security manage practice at entity data but before that almost 20 plus years in the security industry um I'm also a faculty at UT Dallas teaching a master students um especially in the cyber security program so um and I'm also board member of North Texas infragard which is a collaboration between FBI and private sector in strengthening the processes and practices around um both FBI actually Department of Homeland Security and private sector coming together to uh understand the common grounds and have some collaboration so thanks Paul again for having me on the panel thanks T just really appreciate it look forward to seeing it down in Texas in uh Father's Day week appreciate it absolutely um and um our our third panelist um is bicash baray Bash again I'm just focusing on Consulting right right now right in that world add you and you know and tasas you live in that world because you have big you have practices that are focused on that so making the human smarter as it relates to some of the Automation and giving and allowing them to focus on the stuff that really really the C client really needs which is that repeatable process and that you know that Contin um security architecture design or whatever it might be so talk a little bit Picos about key capabilities of a of a holistic program and then maybe some of the nuances there in from a from from an overall Market perspective sure sure so if you look at esm and and these terminologies are kind of created by different groups right you have esm you have bass uh and there's some overlap there you have ASM which is there let me talk about it as Broad concept like what are the key capabilities that one should look for so one of the primary capability.

 

Highlights :

The Evolution of Cyber Threats:

  • Cyber threats have evolved from simple network vulnerabilities to sophisticated zero-day attacks and advanced persistent threats (APTs).
  • Traditional security approaches like vulnerability assessments and penetration testing are essential but may not adequately address the complexity of modern threats.

New Tools and Techniques:

  • External Attack Surface Management (EASM): EASM solutions provide comprehensive visibility into an organization's external attack surface, including cloud resources, applications, and APIs.
  • Continuous Automated Red Teaming (CART): CART platforms simulate real-world attacks to identify vulnerabilities and assess the effectiveness of security controls.
  • Threat Intelligence Feeds: Leveraging threat intelligence feeds allows organizations to stay informed about emerging threats and adversary tactics, enabling proactive defense strategies.

Proactive Defense Strategies:

  • Active Defense Measures: Organizations can proactively defend against threats by implementing active defense measures such as threat hunting, deception technologies, and automated incident response.
  • Purple Teaming: Purple teaming exercises facilitate collaboration between red and blue teams to improve security posture and response capabilities.
  • Continuous Security Monitoring: Continuous monitoring of networks, endpoints, and cloud environments enables organizations to detect and respond to threats in real time.

Integrating Frameworks and Standards:

  • MITRE ATT&CK Framework: Organizations can leverage the MITRE ATT&CK framework to map adversary tactics and techniques, enhancing threat detection and response capabilities.
  • Compliance and Regulatory Standards: Adhering to industry-specific regulations and standards ensures that organizations maintain a robust security posture and protect sensitive data.

 

In an era of escalating cyber threats, organizations must embrace modern tools, techniques, and procedures to strengthen their cybersecurity defenses. By leveraging advanced technologies like EASM, CART, and threat intelligence feeds, organizations can proactively identify and mitigate risks before they escalate into full-blown cyber incidents. Moreover, integrating frameworks like MITRE ATT&CK and complying with regulatory standards enhances organizational resilience and fosters a culture of cybersecurity excellence. As organizations navigate the complex cybersecurity landscape, embracing modern TTPs remains imperative in safeguarding digital assets and mitigating cyber risks effectively.

 

Speakers:

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/

 

Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.

https://twitter.com/appsec

https://www.linkedin.com/in/edadamsboston

 

Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.

https://www.linkedin.com/in/pauldibello11

 

Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.

https://www.linkedin.com/in/tejasshroff

 

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events