Oleksiy KuzmenkoDeputy CISO
United Nations Development Programme
Oleksiy Kuzmenko has been working as part of the cybersecurity team at UNDP HQ for last 11 years. He holds a master degree in Computer Engineering from National Technical University of Ukraine as well as a number of certifications in different aspects of digital forensics and incident response. Throughout the years with UNDP, Oleksiy managed quite a few cybersecurity incidents with ranging from hacktivism to state-sponsored attacks. His professional interests are in automation of incident containment in the cloud environment and implementation of SecOps/DevOps in an international organization.
The talk presents a case study of an incident involving known Advanced Persistent Threat (APT) actor recently handled by the incident response team of UNDP. In addition to presenting how the incident was detected, contained and eradicated, the talk discusses operational security aspects vital for successful handling of such actors, ways to automate detection of these incidents through retrospective analysis of network data as well as some “force multiplying” tools for resource-constrained incident response teams and our experience deploying them.