Keynote: Lessons Learned from Fighting Nation States in Cyber Space


Day of the Week:

What You’ll Learn

  • Learn about some of the war stories CrowdStrike has seen stopping breaching from nation-state actors and criminal groups worldwide.
  • Understand how the threats are evolving and what actual steps you can take to make your systems more resilient.
  • Hear some of the approaches used by cybersecurity companies to secure and protect resources.


Dmitri Alperovitch is Co-Founder & CTO of CrowdStrike, the company that had discovered and attributed the hack of the DNC last year. With his 2 decades of experience in the industry, Dmitri has been at the forefront of identifying and investigating nation-state intrusions from China, Iran, North Korea, Russia and other countries. This talk will cover important lessons learned from these incidents, including Dmitri’s thoughts on the path ahead towards a safe and secure Internet for the future generations


QCon: What is CrowdStrike, and your role with the company?

Dmitri: CrowdStrike is a cyber security company focused on stopping breaches. We protect organizations around the world from intrusions such as nation-state actors, criminal groups, activists, and threat actors. We're stopping about 300 breaches every single week across that huge customer base.

My job is to drive our technology innovation to make sure that we are always staying one step ahead of the bad guys, and to run the team that's responding to and investigating these intrusions on a daily basis.

QCon: When you say stop intrusions, what does that mean at a really practical level?

Dmitri: Our technology consists of an endpoint agent that we can install on servers, desktops, laptops, and cloud resources within the organization. Those agents’ job is to collect kernel/OS level information from the system and stream it to our cloud where we're applying big data analytics/machine learning on these the mass amounts of data. We process overt 45 billion events per day. Literally, we do what Twitter does in a year (in terms of tweets) in four days. These events contain all the execution metadata about what processes are executing and what network connections are being made.

QCon: Can you tell me a bit about where this talk is coming from and your goals for the talk?

Dmitri: As I mentioned, we detect and stop about 300 intrusions across our customer base every single week.

We find some fascinating activities from a variety of nation states, such as Russia, China, Iran, and North Korea all the time (as well as criminal groups). What I want to do in this keynote is to give some of the fascinating examples of the investigations we have conducted and the lessons learned from those investigations.

QCon: Could you give me an example of something you may discuss?

Dmitri: Yeah absolutely. So we had a fascinating incident a few years ago where we were dealing with a Chinese nation-state affiliated actor there was breaking into a large Internet Service Provider.

One of the things that differentiated this incident from one of our usual ones is that they were like a dog with a bone. They just would not let it go. We would stop it, and in the next five minutes (or the next hour) they would be back. This continued for three months and included even a discovery of a Zero-Day Windows Vulnerability that we had to report to Microsoft. So it's a fascinating story about what we had to do and the process that we went through fighting these guys on a daily basis for three months.

Speaker: Dmitri Alperovitch

Co-Founder @CrowdStrike (Uncovered 2016 DNC Hack)

Dmitri Alperovitch is the Co-Founder and CTO of CrowdStrike Inc., a leading provider of next- generation endpoint security, threat intelligence and incident response services. A renowned computer security researcher, he is a thought-leader on cybersecurity policies and state tradecraft and has served as special advisor to Department of Defense. Prior to founding CrowdStrike, Dmitri was a Vice President of Threat Research at McAfee, where he led company’s global Internet threat intelligence analysis and investigations. In 2016, Alperovitch revealed the suspected Russian intelligence agencies' hacking of the Democratic National Committee (DNC), events which unveiled the full scope of cyber influence operations being launched against the US 2016 Election. In 2016, Politico Magazine featured Alperovitch as one of “Politico 50” influential thinkers, doers and visionaries transforming American politics. In 2013, Alperovitch received the prestigious recognition of being selected as MIT Technology Review’s “Young Innovators under 35” (TR35), an award previously won by such technology luminaries as Larry Page and Sergey Brin, Mark Zuckerberg and Jonathan Ive.

Find Dmitri Alperovitch at


Monday, 26 June

Tuesday, 27 June

Wednesday, 28 June

Conference for Professional Software Developers