Stephen is a local security leader, educator and practitioner with over 15 years of experience helping drive effective, business focused security. He is also a SANS instructor teaching a variety of classes in the penetration testing, incident response and industrial control system curricula. As a Director at iON United, Stephen uses his experience and knowledge to assess, recommend and implement effective security practices and solutions. He was previously a technical lead and then manager for security teams including ICS, security operations and architecture. After completing a BSc in Computer Science, Stephen first got started in the industry developing operating system and network level software.
Active Directory in the enterprise is often managed by Windows specialists with limited security training and experience. AD presents a broad attack surface that is a major focus for attack by malware, ransomware, pen-testers and malicious actors. I believe that more risk can be mitigated by properly securing AD than by any other security measure. I will run through some of the most common attack vectors and simple steps you can take to make life difficult for attackers.