SANS ASM Virtual Conference: Looking at Your Attack Surface Like An Attacker

Randori Team

This is part two of our ongoing SANS ASM Virtual Conference blog series -if you’re new, check out part 1. In each, we offer attendees an inside glimpse into an upcoming talk and the speakers presenting at this first-of-it’s kind event. 

2020 was no fun… for anyone! But especially for security professionals, who saw their risks balloon and their budgets struggle to keep up. We at Randori, along with our friends at SANS, have decided to team up and assemble a line-up of world-class experts to help make 2021 a little easier than 2020. The SANS Attack Surface Management Virtual Conference will feature experts from the federal, commercial, and legal worlds chatting about security’s newest tectonic shifts and the proactive steps security teams can take today to get ahead. In this series, we catch up with a few of the speakers to give you a preview of what to expect at next month’s event.

If you’ve ever played Starcraft, you know how unnerving the fog of war can be. Unfortunately for today’s defenders, everyday is foggy. 

At next month’s Attack Surface Management Virtual Conference, Aaron Portnoy, Principal Scientist at Randori will take you behind the scenes and show what the weather is like on the other side. As the original architect of the Pwn2Own contest, Aaron knows a thing or two about exploit development and how to identify vulnerable systems. In his session, he’ll break down how attackers conduct reconnaissance, what they look for when selecting a target and expose how defenders turn on the fog machines to introduce risk and make life harder for attackers. 

We caught up with Aaron and asked him a few questions about his session, the virtual conference and why he thinks it is important folks attend next month’s event. 

  • Describe your session in one word.
    • Galvanizing
  • What are you most excited about?
  • What’s something interesting you saw in security news this week?
  • What’s your one biggest piece of advice about managing an attack surface?
    • Relying solely on keeping software up to date as a defensive barrier is akin to a Maginot Line–it must be assumed that (one day) an attacker will have the means to circumvent or compromise that protection, and defenders should plan accordingly.
  • What’s one thing people wouldn’t necessarily know about you based on your bio?
    • I grew up in a small rural New England town with a high school graduating class of 38 students.

The SANS Attack Surface Management Virtual Conference Kicks-Off at 10:30am ET on April 14th. Check out the rest of the line-up and register with SANS today.