Building a Cyber Defense Center in a highly regulated Environment
In this talk you will learn what technically, cultural and managemnet challenges exists in building a distributed cyber defense center in the finance sector.
Building a cyber defense center in a highly regulated finance institute can come with many hurdles and not everything is as easy as the technical challenges. To be successful in a relatively short time you need to avoid failures and it is always better to learn from failures other people made than making then on your own. I want to share my experiences and what solutions we found for the following topics:
- hiring analysts
- train analysts
- integrating a new department in a company
- speaking the same language, useful models from the cybersec world
- unified kill chain, mitre attack matrix, diamond model, pyramid of pain, make it work or ignore it
- and handling the culture clash in a traditional German banking institute
- managing expectations and find clear goals for your CDC
- love the good analysts, transfer the bad ones
- love the good external consultants, fire the bad consultnts (internal vs external knowledge and the pain it can create)
- pressure from internal and external audits (ISO 27001, PCI DSS, DE-TIBRE, …)
- communication, internally, externally
- building strong partnerships
- MSSP customers and clear communication
- orchestrate technology to become fast a reliabe
- DEFEND AGAINST ATTACKS!
The experience I would like to share at TROOPERS was made during my time as department lead of a cyber defense center of one of Germanys biggest savings bank.