Keynote: Foundations of BAS

Описание: Breach & Attack Simulation (BAS) is a must have, not a nice to have. In this keynote, Chris Dale (SANS instructor, Chief Hacking Officer, and seasoned pentester/IR lead) breaks down the foundations of BAS—how to map attacks to MITRE ATT&CK, think in kill chains, and use continuous validation so your defenses keep pace with threats measured in minutes, not months. Learn why offense must inform defense, where traditional pentesting falls short, and how purple teaming aligns engineering with real attacker TTPs.

What you’ll learn
When and why BAS delivers value beyond one-off pen tests
Using kill chains & MITRE ATT&CK to prioritize what actually reduces risk
“Know yourself, know the adversary” as an operating model
Ransomware readiness: mapping impact-first and validating controls
How to start a BAS program in 2025 (tools, scope, budget, quick wins)

Who it’s for
CISOs, SOC managers, detection engineers, red/blue/purple teamers, and security architects.

Speaker
Chris Dale — Principal Instructor at SANS, Chief Hacking Officer, Pentester & Incident Responder.

00:00 Intro & why this session matters
00:25 BAS: must have, not nice to have
01:45 Meet Chris Dale (SANS, CHO, pentest & IR background)
03:30 Limits of traditional pentesting (repeat findings & compliance)
05:15 Offense must inform defense (sports analogy)
06:45 The scope problem & how BAS helps
08:15 Threat reality: internet-wide scans & breakout times in minutes
10:00 Kill chains 101 & mapping to MITRE ATT&CK
11:30 Think in graphs, not lists: prioritising by impact
12:45 What BAS is: automation & continuous control validation
13:45 Step 1 — Know yourself (asset discovery & blind spots)
15:30 Step 2 — Assume breach (campaigns, open-source, quick checks)
17:20 Start with ransomware impact; map a threat actor’s TTPs
18:30 Sun Tzu applied to security: know enemy, know yourself
20:00 From red vs blue to purple teaming
21:30 How to start BAS in 2025: vendor maturity, budgets, DIY starters