DEF CON 29 Blue Team Village - Gert-Jan Bruggink - This is what we thought would happen in 2021

At the beginning of each year, companies share lessons learned and forecasts on what (cyber) threats are expected in the next 12 months. The reality is that a lot of teams and companies publish about this and you probably did not read all these articles or reports. This talk explores the results of a meta-analysis on threat forecasting, based on open-source reports and articles. As a defender you constantly balance between pushing Jira tickets and looking ahead. By giving you a TLDR, defenders have context into what needs to be prioritised next to the daily operations. This talk explores the concept of forecasting to help your cyber security program. Following concepts introduced in the book ‘Superforecasting: the art and science of prediction’ (Tetlock, Gardner), the average of multiple forecasts is usually the most accurate. In preparation to this talk, all publicly available research released in Jan-April 2021 from companies on their expectations for 2021’ threat landscape has been analysed. This exercise resulted into a prioritised list of topics expected for 2021. This list is also actively tracked, to monitor if events already occurred and topics are more/less relevant. By giving you the TLDR, defenders have more context into what needs to be prioritised - next to the daily operations. As a defender, there is always the constant balance where to focus your precious time. There is great value in looking ahead, yet this is hard when constantly pivoting between Jira tickets. Forecasting is just one way to look ahead and prepare yourself and your teams. The objective of this talk is to provide defenders access to a larger narrative around cyber threats to support both business and senior stakeholder’s decision making. Providing more situational awareness. As a defender you constantly balance between pushing Jira tickets and looking ahead. This session supports keeping that balance.