BSides NoVA 2020 - 1300 - Cybersecurity Merger and Acquisition Due Diligence

During a merger or acquisition, you get all the assets of the acquired organization, but you also take on all their liabilities. That's why due diligence has been so important for M&A. Cybersecurity posture is often not considered during M&A due diligence checks, but it absolutely should be. With minimal changes to standard threat hunting methodologies, M&A cybersecurity due diligence is relatively easy to perform. In this session, we will explain the principles of general threat hunting and then show what changes are required to maximize value for M&A due diligence assessments. In every case that the speaker's firm has taken on, the acquired organization's purchase price was decreased due to discovered risk, demonstrating the obvious business value of this activity. In other words, don't buy a breach.
Jake Williams
(Principal Consultant at Rendition Infosec)

Jake Williams is an accomplished infosec professional with almost two decades of industry experience. After spending more than a decade in the US Intelligence Community performing various missions in offensive and defensive cyber, Jake founded Rendition Infosec where he leads a team of professionals performing adversary emulation, incident response, malware reverse engineering, forensics, and exploit development. He is an accomplished conference speaker and is a recognized leader in the infosec community. Jake loves teaching and mentoring other information security professionals and teaches thousands of information security professionals annually. After being called out by the Shadow Brokers, Jake's past is officially no longer a secret. He's lived through the things that most in our industry have only read about in books. He brings insight that his background affords to his professional work and mentoring, providing students and clients an experience they can't get anywhere else.

Diligence