Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Reversing the kill chain: An actionable framework for defending against common threats

Amanda Berlin (NetWorks Group)
9:00am–12:30pm Monday, October 30, 2017
Security usability
Location: Beekman
Average rating: ***..
(3.50, 4 ratings)

Who is this presentation for?

  • Security directors and practitioners

Prerequisite knowledge

  • A basic understanding of common threats and defensive security terms

What you'll learn

  • Explore types of malicious activity paired with one or more defensive mitigation and monitoring strategies for each


Everyone talks about the intrusion kill chain (sometimes called the cyber kill chain)—a model for actionable intelligence in which defenders align enterprise defensive capabilities to the specific processes an adversary undertakes to target that enterprise—but much of what is said is misinformation and scare tactics.

Amanda Berlin explores the most effective steps you can take to protect your organization from the vast majority of threats with defensive mitigation and monitoring, covering use cases such as ransomware, web server vulnerabilities, shadow IT, data exfiltration, and lateral movement to demonstrate how to improve the standard of defense at each level. Amanda concludes with tabletop exercises and drills to strengthen your understanding.


  • Overview of use cases in enterprise environments: How each step in the kill chain—reconnaissance, weaponization, delivery, exploitation, installation, C&C, actions, and objectives—can be tied to each type of malicious action
  • Ransomware
  • Web server vulnerabilities (SQli, IIS, XSS)
  • MongoDB and shadow IT
  • Data exfiltration (insider threats)
  • Lateral movement
  • Tabletop exercises and drills
  • Wrap-up and Q&A
Photo of Amanda Berlin

Amanda Berlin

NetWorks Group

Amanda Berlin is an information security architect for NetWorks Group, a consulting firm in northern Ohio. Amanda has spent over a decade in technology, providing infrastructure support, triage, and design for a range of clients. Some of her successes include implementing a secure payment card industries (PCI) process and Health Insurance Portability and Accountability Act (HIPAA) compliance and building a comprehensive phishing and awards-based user education program. Amanda is the author of the blue team best practices guide Defensive Security Handbook: Best Practices for Securing Infrastructure (O’Reilly) and a cohost of the Brakeing Down Security podcast. She also writes for several blogs.