Watch the full webinar recording here: https://www.beyondtrust.com/resources/webinar/hacker-playbook-think-like-cybercriminal-reduce-risk/ In this presentation from her webinar, renowned security expert and speaker, Paula Januszkiewicz, CEO CQURE, takes you inside the mind of a hacker to close security gaps and better manage risk. As Paula notes, "Some of the best strategies I’ve seen is to rely on experience and learn from actual live hacks!" Check out her enlightening presentation, and then watch the full webinar here: https://www.beyondtrust.com/resources/webinar/hacker-playbook-think-like-cybercriminal-reduce-risk/

1. The Hacker Playbook: How to Think Like a Cybercriminal
to Reduce Risk
Paula Januszkiewicz
CQURE: CEO, Penetration Tester / Security Expert
CQURE Academy: Trainer
MVP: Enterprise Security, MCT
Contact: paula@cqure.us | http://cqure.us
New York, Dubai, Warsaw
@paulacqure
@CQUREAcademy

5. Awareness
• I know
Behaviour (Competence)
• I do
Culture
• We know and do
The workflow below shows the logic behind the security awareness:
Have a look at the following analogy:

6. I know the traffic rules….
Awareness
I know the traffic rules….

7. Does it guarantee that I am a good driver?
Behavior

8. Culture
Did you know that one of the main reasons for information loss are…
“IT-users don't mean to be the primary entry point for hackers; But they are; Hence the need to be
educated on Cyber-Security-Risks and raise our vigilance against threats that no technology can
prevent.”
- Group Chief Information Officer (CQURE Customer)

14. You received a voice mail : VOICE548-457-6638.wav (27 KB)
Caller-Id: 548-457-6638
Message-Id: S5VAAC
Email-Id: paula.j@gmail.com
Download and extract the attachment to listen the message.
We have uploaded fax report on dropbox, please use the following link to download your file:
https://www.dropbox.com/meta_dl/eyJzdWJfcGF0aCI6ICIiLCAidGVzdF9saW5rIjogZmFsc2UsICJzZXJ2ZXIiOiAiZGwuZHJvcGJveHVzZXJjb250ZW50LmNvbSIsICJpdGVtX2lkIjogbn
VsbCwgImlzX2RpciI6IGZhbHNlLCAidGtleSI6ICJueGxzcWh0MDF5ZnloOHMifQ/AAPQJWOgwKVSIAJCmizztc3dqjAIfdlgyD87Cw0mgJOIxw?dl=1
Sent by Microsoft Exchange Server
Answer on the next page…

15. Answer on the next page…

16. YES

22. Reason 1:
 For security practitioners security is
a “reality” based on the mathematical
probability of risks
 For the end user security is a “feeling”
 Success lies in influencing the “feeling” of
security

23. Reason 2:
Control efficiency
Risk
severity/
Attacker
Smartness/
Attack
Efficiency
Technology & Processes
Awareness & Competence
Automatic security controls – AV, Updates
Technology + Human – Firewall configuration,
Choosing a secure Wifi
Human – Recognizing a zero day attack,
Phishing mails, Not posting business
information in social media
The very smart attacker
1
2
3
4
People
exaggerate
risks that are
spectacular or
uncommon

24. Reason 3:
Aircrafts have become more advanced, but
does it mean that pilot training requirements
have reduced?
Medical technology has become more
advanced, but will you choose a hospital for it’s
machines or the doctors?

25. Because people tend to take shortcuts
Because we prefer habits over good practices
Because hard problems are easy to ignore
Because acting is easier than planning

26. Retina Enterprise
Vulnerability Management
Alex DaCosta
Product Manager

27. RETINA
VULNERABILITY MANAGEMENT
POWERBROKER
PRIVILEGED ACCOUNT MANAGEMENT
27
PRIVILEGE
MANAGEMENT
ACTIVE DIRECTORY
BRIDGING
PRIVLEGED
PASSWORD
MANAGEMENT
AUDITING &
PROTECTION
ENTERPRISE
VULNERABILITY
MANAGEMENT
BEYONDSAAS
CLOUD-BASED
SCANNING
NETWORK SECURITY
SCANNER
WEB SECURITY
SCANNER
BEYONDINSIGHT CLARITY THREAT ANALYTICS
BEYONDINSIGHT IT RISK MANAGEMENT PLATFORM
EXTENSIVE
REPORTING
CENTRAL DATA
WAREHOUSE
ASSET
DISCOVERY
ASSET
PROFILING
ASSET SMART
GROUPS
USER
MANAGEMENT
WORKFLOW &
NOTIFICATION
THIRD-PARTY
INTEGRATION

28. Demo

29. Quick Poll

30. Thank you for attending
today’s webinar.