#S02EP06 (MITRE) ATT&CK in your Backyard | Shweta Kshirasagar
10/28/23 • 50 min
MITRE ATT&CK has been the go-to framework for both offensive & defensive security teams. It’s sophistication and vast coverage makes it quite comprehensive, often not easy to fathom, let alone implement to the fullest. In this episode of br3akp0int, we demystify this through practical scenarios & Shweta’s experience of implementing it in day-to-day activities of Cyber Defenders.
Guest: Shweta Kshirsagar, General Manager - Security Assurance, Airtel Africa
Shweta is an accomplished information security professional with 18 years of industry experience in various domains of Cyber Security such as Cyber Incident Response, Data Protection and Privacy, Information Security Audit and Compliance. Possess strong leadership skills with a collaborative approach towards driving cross-functional programs. Holds multiple professional certifications and has won awards and recognition in the industry.
Recommended reading/viewing for practitioners:
- Mitre Att&ck Framework & website: https://attack.mitre.org/matrices/enterprise/
- https://github.com/mitre-attack
- https://center-for-threat-informed-defense.github.io/attack-sync/
- https://redcanary.com/blog/avoiding-common-attack-pitfalls/
- https://www.inforisktoday.in/insights-from-dual-vendor-saas-based-siem-implementation-a-22207
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
MITRE ATT&CK has been the go-to framework for both offensive & defensive security teams. It’s sophistication and vast coverage makes it quite comprehensive, often not easy to fathom, let alone implement to the fullest. In this episode of br3akp0int, we demystify this through practical scenarios & Shweta’s experience of implementing it in day-to-day activities of Cyber Defenders.
Guest: Shweta Kshirsagar, General Manager - Security Assurance, Airtel Africa
Shweta is an accomplished information security professional with 18 years of industry experience in various domains of Cyber Security such as Cyber Incident Response, Data Protection and Privacy, Information Security Audit and Compliance. Possess strong leadership skills with a collaborative approach towards driving cross-functional programs. Holds multiple professional certifications and has won awards and recognition in the industry.
Recommended reading/viewing for practitioners:
- Mitre Att&ck Framework & website: https://attack.mitre.org/matrices/enterprise/
- https://github.com/mitre-attack
- https://center-for-threat-informed-defense.github.io/attack-sync/
- https://redcanary.com/blog/avoiding-common-attack-pitfalls/
- https://www.inforisktoday.in/insights-from-dual-vendor-saas-based-siem-implementation-a-22207
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Previous Episode
#S02EP05 From Zero to One: Bootstrapping Security for your Organization | Prajal Kulkarni
From Zero to One: Bootstrapping Security for your Organization
With the rise in the number of digital start ups, many of us in security and engineering find ourselves in a place where we are the first of the lot. We need to not just define, but start and secure our organization and assets from the ever growing set of breaches & attacks.
This episode is dedicated to starting security from scratch and going ground up.
Guest Intro: Prajal Kulkarni, Chief Information Security Officer @ Groww
Prajal Kulkarni brings over 13 years of expertise in securing infrastructure, designing robust security frameworks, and assisting startups in their initial security journey. As the current Chief Information Security Officer at Groww, he leads a team of talented and dynamic security engineers.
Before joining Groww, Prajal held the position of Senior Security Architect at Flipkart, where he was responsible for ensuring the security of the entire ecommerce business. He also managed comprehensive security charters for Flipkart's M&A companies, contributing significantly to their secure operations.Furthermore, Prajal led a skilled team at a prominent Fintech company, overseeing offensive and defensive security projects to safeguard their systems and data.
Beyond his corporate experience, Prajal actively participates in the Indian security community. He serves as the lead contributor to Code Vigilant, an open security project that promotes responsible disclosures and enhances the security of open source software.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Next Episode
#S02EP07 From Chaos to Compliance: Navigating the ISMS Implementation Maze | MS Sripati
From Chaos to Compliance: Navigating the ISMS Implementation Maze
In this episode, we will be talking about the challenges an organization faces when doing an ISMS implementation. We will talk about this in the context of ISO 27001 implementation and see the practical nuances it entails.
Guest: Sripati MS, Assistant Vice President, Risk, Utkarsh Small Finance Bank
He is an information security risk management professional, 18 years and counting. He has helped create, run, and audit information security programs for customers in the oil/gas, utility, and banking domains. He has also helped provide security assessment services to customers in various industries. He runs a blog (sripati.info) and answers questions on Quora.
Recommended reading/viewing for practitioners:
- Gary Hinson’s ISO 27001 Google Group (https://iso27001security.com/html/forum.html
https://groups.google.com/g/iso27001security)
- ISO Certification Process: www.advisera.com
- ISO 27001 Standard: https://iso27001security.com/
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/breakpoint-security-podcast-312962/s02ep06-mitre-att-and-ck-in-your-backyard-shweta-kshirasagar-45162949"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to #s02ep06 (mitre) att&ck in your backyard | shweta kshirasagar on goodpods" style="width: 225px" /> </a>
Copy