DeepSec 2023 Talk: Up Close & Personnel – Chris Carlis
You work hard to defend against internet-based threats, but how prepared are you when the attacker is on your literal doorstep? This session will provide a better understanding of the onsite attack surface and some of the more common, practical attack techniques that can cause a difficult to detect network compromise. Attendees will gain a stronger understanding of the role of Information Security as it pertains to Physical Security and be better equipped to identify gaps in their defenses before they are exploited.
We asked Chris a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- People often underestimate the amount of practice and level of skill needed to execute a good number of physical testing techniques.
- Your perimeter is probably bigger than you think or would like.
- Risk management goes both ways.
- Squeaky wheels get the grease.
- As a result, reliable peripheral devices are rarely updated.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I’ve always enjoyed performing these types of penetration tests but found that most organizations avoided them due to a number of factors. I developed this talk to help highlight these attacks, inform attendees as to the impact and ultimately encourage organizations to manage the risk rather than ignoring it.
Why do you think this is an important topic?
I think it’s an important part of the holistic security for an organization. While we naturally focus on information systems and data, the attacks covered can have a direct negative impact on personnel safety for an organization.
Is there something you want everybody to know – some good advice for our readers maybe?
It’s OK to speak up. If you see someone where they don’t belong or doing something that looks odd, say something. You don’t need to confront them directly, but reporting might be critical.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
I think AI will become more and more integrated with security systems. While there will certainly be growing pains, ultimately I think a number of the attacks I cover during my talk will become a good deal more difficult to execute.
Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. These experiences lead Chris to co-found Dolos Group with a focus on Red/Purple Teaming, security education and training. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, FS-ISAC, and various B-Side events. He is a perennial volunteer at the Thotcon conference in his native Chicago and helps to organize multiple Chicagoland “BurbSec” information security monthly gatherings.