September Chapter Meeting: Getting Started in Blue Teaming: Atomic Controls & Advanced Concepts and

When:  Sep 14, 2023 from 08:00 to 17:00 (MT)
Associated with  Denver Chapter

Join in for a full day of FREE CPE with two great speakers on

September 14th, 2023

8:00 am to 4:00 pm

(Breakfast served at 7:30 am)

(this event is in-person only) 

Morning session -

Bryan Strand, GCIH, GCCC with Black Hill Information Security providing 

Getting Started in Blue Teaming: Atomic Controls


Black Hills Information Security developed The Atomic Controls out of a need we saw with our customers to create a strong security foundation before worrying about a specific control framework or compliance requirement. Instead of getting bogged down with trying to work sequentially through a set of controls and ignoring an implementation that will better secure their environment, organizations can focus on what matters most, first!

Comprised of the top 11 (Ours goes to 11) Controls we see as the most critical. 

Topics Covered:

·       Password Controls

·       Application Control

·       Egress traffic Capture and Analysis

·       User and Entity Behavior Analytics

·       Advanced Endpoint Protection

·       Proper System Logging

·       Internal Segmentation and Host Firewall Configuration

·       User Content Filtering

·       Vulnerability Management

·       Active Directory Hardening

Afternoon session -

Steve Biskie with RSM on 

Advanced Concepts and Testing Strategies for Auditing SAP


This session will go beyond the basics of auditing SAP, to focus on advanced concepts and testing strategies. We will start with an introduction to an SAP Internal Control Maturity model designed to help organizations move to a more optimal state of control maturity. From there, we'll dive into the SAP system itself, examining useful IT General Controls (ITGCs) and IT Application Controls (ITACs) that are either commonly mis-configured (if enabled at all) or insufficiently tested. ITGC content will cover topics such as alternate ways to get to SAP programs and data (without going through the “normal” transaction codes), potential issues related to customizations and key report testing, validating that parameters are consistently set across application servers, and critical log files and tables for verifying controls are set consistently throughout the period. ITAC content will cover commonly misunderstood configuration such as park and post limitations, user-based messages, and often unused tolerances. Additionally, live demonstrations both illustrate risks, and showcase key tables and strategies for automating testing.

This session will be applicable to those in organizations running both SAP S/4HANA and SAP ECC. For those who attended the SAP security session in 2021, while there will be a few duplicated slides, the majority of this session will be new. 


Learning Objectives:

After completing this session, the learner will:


  • Be able to articulate practical examples of how specific risks can be exploited, and the controls/monitoring necessary to address those risks
  • Be able to describe control tests that are commonly performed incorrectly, and the proper way to test these controls
  • Understand key tables and log files supporting various audit objectives
  • See how automation can be applied to significantly reduce control testing effort



Maggiano's Little Italy Englewood
7401 South Clinton Street
Englewood, CO 80112


Kaysi Veatch