ATLSECCON 2025

As the digital landscape continues to evolve, so do the threats and challenges that businesses face. IT disaster recovery (DR) has traditionally focused on scenarios such as fires and loss of network connectivity, yet the majority of disruptions are happening as a result of cyber-attacks that deliberately target your backups and secondary hosting sites to cause maximum damage. Further compounding this challenge is the fact that most organizations have a mix of systems hosted on-premise, systems managed by third parties and SaaS solutions that need different recovery approaches.
This presentation will explore modern approaches to IT DR using both cloud and no-cloud options, with automation where possible. We will also discuss the typical causes of delays during recovery from cyber-attacks, and solutions for speeding up recovery in situations where incident response teams need time to do their forensics work but business operations need to resume.

Join Nick Scozzaro, Founder and CEO of ShadowHQ and former Head of Enterprise Mobility Engineering at BlackBerry, and George Plytas, Head of Information Security at Canadian Automobile Club (CAA ) as they explore emerging trends and best practices that enhance how organizations respond after a breach. Discover how Business Continuity, Cyber Response, Disaster Recovery, Crisis Management, and Executive Leadership are converging around the CISO and how they can better support all efforts of a response.

Attendees will gain critical insights to emerging trends, see where traditional IR plans are failing and learn best practices to help improve their security program, enabling a faster, cohesive and effective recovery plan

When a security event occurs, most teams tend to jump into a circle of blame. Everyone takes their turn saying, "It can't be my fault. If only that user had not clicked on that link," or "If that developer had not hardcoded that credential, then none of this would have happened." Unfortunately, for many companies, the Security team is ultimately seen as at fault when a breach happens; after all, it is a security incident. 

Long-lived credential leaks, aka secrets sprawl, are possibly the single largest security risk every organization is currently facing. The reality is that no security team can solve this growing issue on its own. This is going to take a full team effort and rethinking some of the relationships and silos we have become accustomed to in the tech world. There has never been a better time to rethink how we build complex applications and how they interact with the world. 

In this talk, you will:
- Get an update on the latest secrets security research 
- Ask who really owns security and identity
- Map possible routes for a secrets-free future
- Rethink git and pull requests workflows and see why that is more involved than you think

Modern software is complex and developers heavily rely upon third party code. Securing the software supply chain gained a lot of attention following the Solar Winds compromise. However in the years following this compromise, very little has effectively moved the needle to reduce risk related to third party code and the software supply chain.

This talk will walk through the following problems with securing the software supply chain and propose some solutions to help companies:

1. Walk through example tech stack
2. Break down each of the compoennts of the stack
3. Highlight the scope of third party software and services used
4. Discuss the academic vs reality in approching securing the supply chain
5. Talk about how companies are approaching the problem
6. Understanding software composition analysis and problems with these tools
7. Vulnerability reporting is broken and the state of NVD
8. Problems with software bill of materials (SBOMs)
9. Walk through of ecosystems for third party code - Homebrew, Operating systems package managers, PyPI, NPM, etc
10. Examples of attackers abusing these ecosystems to compromise organizations
11. Walk through containers and Kubernetes
12. Walk through AI supply chain and new Chinese AI models
13. Examples of how security professionals are being targetted
14. Approaches for securing the software supply chain that are working
15. Descriptions of the challenges
16. Open source options - OpenSSF Scorecard
17. Startups and commercial solutions with unique solutions
18. Options to cache or proxy third party code
19. How ecosystem maintainers are trying to protect against attackers
20. Options to secure the CI/CD and developer endpoints

In the complex world of OT/ICS environments, traditional approaches to threat hunting often fall short when handling vast datasets and detecting sophisticated threats. This talk introduces practical Jupyter Notebooks designed for large-scale threat hunting, with a focus on graph-based visualizations to uncover anomalies. Using APT Volt Typhoon’s tactics, techniques, and procedures (TTPs) as a case study, attendees will explore scalable methods for anomaly detection and detection engineering. The session emphasizes actionable strategies to build alerts for OT protocols like DNP3, BACnet, and Modbus, arming SOC teams to proactively safeguard critical infrastructure.