Building a Cyber Defense Center in a highly regulated Environment

In this talk you will learn what technically, cultural and managemnet challenges exists in building a distributed cyber defense center in the finance sector.

Building a cyber defense center in a highly regulated finance institute can come with many hurdles and not everything is as easy as the technical challenges. To be successful in a relatively short time you need to avoid failures and it is always better to learn from failures other people made than making then on your own. I want to share my experiences and what solutions we found for the following topics:

  • hiring analysts
  • train analysts
  • integrating a new department in a company
  • speaking the same language, useful models from the cybersec world
  • unified kill chain, mitre attack matrix, diamond model, pyramid of pain, make it work or ignore it
  • and handling the culture clash in a traditional German banking institute
  • managing expectations and find clear goals for your CDC
  • love the good analysts, transfer the bad ones
  • love the good external consultants, fire the bad consultnts (internal vs external knowledge and the pain it can create)
  • pressure from internal and external audits (ISO 27001, PCI DSS, DE-TIBRE, …)
  • communication, internally, externally
  • building strong partnerships
  • MSSP customers and clear communication
  • orchestrate technology to become fast a reliabe
  • DEFEND AGAINST ATTACKS!

The experience I would like to share at TROOPERS was made during my time as department lead of a cyber defense center of one of Germanys biggest savings bank.

About the Speaker