PPROACTIVERISK Video Library

Unencrypted Chatter#15: From Marine to Cyber Leader: Tom Brennan on Modern Security

In this episode, Tom Brennan shares how his early experiences in the U.S. Marine Corps shaped his attacker mindset, informed his approach to risk, and prepared him for a career focused on real-world defense and cyber resiliency. Tom also joined us this past June as one of our valuable speakers at SECON 2025, bringing practical insights to our community.

Video Title

Donec bibendum porta posuere. Etiam efficitur efficitur commodo.

CISA's Cyber Performance Goals: A Guide to Implementation and Framework Alignment

he Cybersecurity and Infrastructure Security Agency's (CISA) Cyber Performance Goals (CPGs) are a set of protections aimed at reducing risk to businesses, critical infrastructure, and U.S. citizens. Join us for a webinar deep dive into the CPG assessment process, highlighting its key elements and explaining why it’s vital for effective cybersecurity.

Jumpstarting A Cyber Security Program with CIS

CIS Controls v8 is a prioritized set of actions to protect your organization and data from known cyber-attack vectors. It is a set of cybersecurity standards from the Center for Internet Security. The CIS Controls are a recommended set of prioritized cyber defense best practices. The CIS V8 controls are “mapped to and referenced by multiple legal, regulatory, and policy frameworks".

OFFENSIVEX 2024 - Tom Brennan -What A Long Strange Trip It's Been

AI Red Teaming LLM: Past, Present, and Future

Explore the world of AI Red Teaming Large Language Models (LLMs) - their origins, current challenges, and future possibilities. Since 2014, AI Red Teaming has been used to identify security risks in AI, mostly in computer vision. With advancements in ChatGPT and other LLMs, risks such as Prompt leakage, prompt injection, jailbreaks, poisoning, and logic manipulation attacks remain. As LLMs become more common in business applications, it is crucial to have AI Red Teaming skills which require expertise in computer hacking, ai, social engineering, psychology, neuroscience, mathematics, and logic.

The Next HOPE (2010): A Red Team Exercise

Saturday, July 17, 2010: 3:00 pm (Lovelace): Shall we play a game? This talk will focus on full scope security assessments and stealing intellectual property in five easy steps. It will take the form of a game that divides the audience into attack and defend teams for a builder vs. breaker educational workshop. Included in the discussion will be physical, electronic (network, application, wireless, telecom, and cellular), and intelligence gathering techniques used for offensive projects.

Best practices in running a cyber operation

Cyber is skill learned over time and is hard. Tom Brennan takes you on a journey on this educational and fun overview of how to measure and tips to operate your program.

CATSCAN®

CATSCAN® is the next evolution in protective services. Instead of providing a one-size-fits-all, commodity assessment, CATSCAN offers novel red team services that closely match the operational cadence of real-world attacks

The Art of Deception w/ Tom Kellermann

Tom Kellermann will discuss how cybercriminals and nations states have modernized their cyber-attack “kill chains” against the financial sector. His presentation will highlight the elite hacker crews of Russia; China and Iran and provide a frank assessment on their modus operandi and predictions of attack vectors and criminal conspiracies to come. Tom will conclude his presentation by delineating a next-gen cybersecurity architecture which was purposely built to suppress cyber intrusions within the financial services

Proactive Risk Presents: Leveraging Virtualization to Secure the Data Center w/ Chris Corde

The biggest obstacle in security may well be an architectural gap between the apps and data we must protect, and the infrastructure in which we place controls. Virtualization presents an opportunity to architect in security rather than bolt in on. The question is no longer "How do I secure virtualized environments?" but rather "How can I leverage the unique properties of the virtualization to transform security?"

Proactive Risk Presents: Database Cryptography w/ Steve Markey

This webinar will cover:

• Algorithm Selection
• Transaction Optimization
• Tokenization/Masking versus Encryption/Hashing
• RDBMS versus NRDBMS (e.g., NoSQL) Protection Mechanisms

Proactive Risk Presents: ExactTrak w/ Simon Cuthbert

Take proactive action and bridge this gap. Apply our technology to laptops, external memory drives and a plethora of IoT devices. It works even when a device is turned off. Embedded and always live it gives you complete control. ExactTrak is the only solution in the world able to provide this level of protection for your data on the move. It’s also the only system that provides a verification report, evidencing you are compliant and did all you could to protect data you are accountable for, whilst it’s on the move.

TECHDAY 0 - INTRODUCTION & SPONSOR REMARKS

HACKNYC presents an exciting day packed with discussions and presentations about the latest security techniques. Hear from TOP Professionals in the cyber security community.

IoT Legal Liability & Impact w/ Steven Teppler

Steven W. Teppler is a Member of Mandelbaum Salsburg and Chairs the Firm’s Privacy and Cyber Security Practice Group. He has been involved in cybersecurity and electronic discovery matters since 2000. Steven’s background is diverse, and combines extensive technology and class action litigation and electronic discovery expertise. He holds six patents involving robust cryptographic methodology, led a tech startup providing content authentication technology, and has subject matter expertise on issues relating to cybersecurity, privacy, and blockchain technology that should be considered prior to launching a new electronic business.

More detail

APPSEC CA 2017 Tom Brennan

Tom is an elected member of the Global Board of Directors for OWASP Foundation. He has served the OWASP community since 2004 as starting as a project leader, chapter leader. He also contributes as an advisory member to the New Jersey Institute of Technology, County College of Morris and other organizations including International Legal and Technology Association (ILTA), Center for Internet Security (CIS). Tom is just as comfortable ripping through packet captures, hacking web applications or speaking before live audiences as demonstrated at BlackHat, Hackers on Planet Earth (HOPE), ICCS / FBI Infragard, NYS Technology Conference and United States Secret Service, Electronic Crime Task Force and frequently at NYC Metro Cyber Security meetings.

APPSEC CA 2017 INTERVIEW Tom Brennan

Managed by the official OWASP Media Project

OWASP Tom Brennan on OWASP HTTP Post Tool

The OWASP Testing Guide v3 4.9 Denial of Service Testing