Exploring security in a large enterprise can be challenging and often doesn’t cover transitive risks that may start from low priority, but can quickly transition to critical risk when combined. This talk will provide some case studies of the problems space as perceived by the Microsoft Azure Security team, and how the use of graph drove advancements in exploration, communication and remediation.
Attendees of this session will be introduced to methodologies and off-the-shelf tools that could be used to scale existing or new security investments, and get better visibility into the risk they are accepting.
Sacha Faust is a Principal Technical Lead under the Cloud + Enterprise (C+E) Red Team. When he is not breaking things, he focuses on teaching machines how to do end to end breaches and evangelize the Assume Breach mindset. He is a self-taught security enthusiast that started his professional career in 1998 and joined Microsoft in 2007 and has worked on BPOS, Office365, MSODS, Azure and C+E.