Stephen is a local security leader, educator and practitioner with over 15 years of experience helping drive effective, business focused security. He is also a SANS instructor teaching a variety of classes in the penetration testing, incident response and industrial control system curricula. As a Director at iON United, Stephen uses his experience and knowledge to assess, recommend and implement effective security practices and solutions. He was previously a technical lead and then manager for security teams including ICS, security operations and architecture. After completing a BSc in Computer Science, Stephen first got started in the industry developing operating system and network level software.

Topic: Active Directory Security in the Enterprise

Active Directory in the enterprise is often managed by Windows specialists with limited security training and experience. AD presents a broad attack surface that is a major focus for attack by malware, ransomware, pen-testers and malicious actors. I believe that more risk can be mitigated by properly securing AD than by any other security measure. I will run through some of the most common attack vectors and simple steps you can take to make life difficult for attackers.