Building a Cyber Defense Center in a highly regulated Environment

In this talk you will learn what technically, cultural and managemnet challenges exists in building a distributed cyber defense center in the finance sector.

Building a cyber defense center in a highly regulated finance institute can come with many hurdles and not everything is as easy as the technical challenges. To be successful in a relatively short time you need to avoid failures and it is always better to learn from failures other people made than making then on your own. I want to share my experiences and what solutions we found for the following topics:

• hiring analysts
• train analysts
• integrating a new department in a company
• speaking the same language, useful models from the cybersec world
• unified kill chain, mitre attack matrix, diamond model, pyramid of pain, make it work or ignore it
• and handling the culture clash in a traditional German banking institute
• managing expectations and find clear goals for your CDC
• love the good analysts, transfer the bad ones
• love the good external consultants, fire the bad consultnts (internal vs external knowledge and the pain it can create)
• pressure from internal and external audits (ISO 27001, PCI DSS, DE-TIBRE, …)
• communication, internally, externally
• building strong partnerships
• MSSP customers and clear communication
• orchestrate technology to become fast a reliabe
• DEFEND AGAINST ATTACKS!

The experience I would like to share at TROOPERS was made during my time as department lead of a cyber defense center of one of Germanys biggest savings bank.