RVAsec 2023: Jason Wonn - Corporate Dungeon Master: How to Lead Cyber Games at Work скачать в хорошем качестве

RVAsec 2023: Jason Wonn - Corporate Dungeon Master: How to Lead Cyber Games at Work

Presentation: Corporate Dungeon Master: How to Lead Cyber Games at Work Military organizations have long known the value of “training as you fight”, but commercial entities only realized its importance in the last few years. Consequently, the Cyber Action Officer role recently became a priority for the average company. Are you a security-geek like Jason Wonn who loves role-playing games (RPGs) and want the opportunity to lead a party through incident response to the most prevalent cyber threats? In this original talk, discover how to lead games (table-top exercises) at work as a “Corporate Dungeon Master” (Cyber Action Officer), narrating the story (facilitation), controlling the monsters (cyber threats), and creating an adventure that will have your players leveling-up (process improvement). Bio: Jason Wonn is a results-focused information security leader with 30+ years of combined national intelligence, information assurance, and cyber threat intelligence expertise throughout the civilian and military sectors. Jason is a “Richmonder” but works for Navy Federal Credit Union in Vienna, VA. He currently serves as a Cyber Action Officer, delivering table-top exercises and serving as a trusted incident response advisor to leadership during cyber crises. Prior to this position, Jason led the development of a cyber threat intelligence capability at both Navy Federal and The Walt Disney Company. He also served in various threat intelligence roles as a government contractor with MITRE, Lockheed Martin, and CGI Federal in support of the FBI and 1st IO Command, US Army. He holds a B.S. in Computer Science from Tarleton State University in Texas, and the CISSP and PMP industry certifications. https://rvasec.com/ 00:00:00 The speaker introduces the "birthday rule" in Dungeons and Dragons, shares a personal birthday moment, and creates an interactive experience. 00:05:00 The speaker discusses their experience in threat intelligence and their role as a cyber action officer. They highlight the primary responsibilities and skills acquired through past jobs. 00:10:00 The speaker shares their career journey, including government contracting, security product evaluation, and instructing. They encourage exploring unconventional career paths. 00:15:00 The concept of being a Corporate Dungeon Master in Dungeons and Dragons is explained. The game mechanics, manuals, and character creation process are discussed. 00:20:00 Alignment, characteristics, and the role of the dungeon master in Dungeons and Dragons are explained. Gameplay facets and player engagement are also discussed. 00:25:00 The concept of leveling up in Dungeons and Dragons is related to professional growth. The speaker discusses the similarities between being a Dungeon Master and a corporate leader. 00:30:00 The importance of having a sponsor and diverse stakeholders for tabletop exercises is emphasized. Flexibility, scenario overview, and the Master Scenario Events List (MSEL) are mentioned. 00:35:00 The speaker highlights the need for flexibility and improvisation as a dungeon master. The value of practice, controlling the pace, and recording the meeting is emphasized. 00:40:00 Campaign aftercare and process improvement opportunities are discussed. The speaker mentions incident response exercises and cross-functional collaboration. 00:45:00 The speaker expresses gratitude and promotes their wife's upcoming talk on leadership in cybersecurity.