Tuesday, March 24, 2020

2020-011-Alyssa miller, deep fakes, threatmodeling for Devops environments, and virtual conferences


https://twitter.com/AlyssaM_InfoSec/status/1159877471161839617?s=19

 

Looking forward to sharing my vision for ending the 60 year cycle of bad defense strategies in #infosec and my challenge to think about security in a more effective way. https://sched.co/TAqU

@dianainitiative

#DianaInitiative2019 #cdwsocial

@CDWCorp

 

1961 - MIT - CTSS - https://en.wikipedia.org/wiki/Compatible_Time-Sharing_System

 

Egg, coconut, brick ( my example of security --brbr)

   

Start with critical assets

    Layer outward, not perimeter in.

Medieval castles

    Create the keep, build out from that

    Active defenses

 

Dover Castle - https://en.wikipedia.org/wiki/Dover_Castle#/media/File:1_dover_castle_aerial_panorama_2017.jpg

 

Detection defenses - watchguards

Mitigation defenses - moats - give time/space to respond (network segmentation)

Active countermeasures - knights/archers/cannons 



DeepFake technology

Election year

Spoke at RSA

Business threat? 

        “Outsider trading”

            “Video of Elon talking about problems - fake…”

                Stocks tank - short

https://www.vice.com/en_us/article/ywyxex/deepfake-of-mark-zuckerberg-facebook-fake-video-policy 



Could it be done strategically to destabilize things

Extort business leaders

    Fake videos used to extort 

 

Still difficult to create

    What’s the hurdles stopping it from being mainstream?

        Huge render farms?

 

https://www.youtube.com/watch?v=18LN7VQM1aw - deepfake Sharon Stone/ Steve Buscemi

 

Threat modeling in devSecOps

Agile env needs to be quick, fast, and 

Build it into user stories

Shostack’s method is a bit weighty

    How do we implement that in such a way to make dev want to do them?

 

Organizing Virtual cons

    https://Allthetalks.online - April 15

        24 hour conference for charity

Talks, followed by interactive channels, community generation

Virtual Lobbycon

Comedian 

CFP is open 01 April 2020

Sticker swap!

   

    Bsides Atlanta

        27-29 March

        https://bsidesatl.org/ - All virtual this weekend!

       

 

    Infosec Oasis

        https://Infosecoasis.com - 18 April

 

https://mashable.com/article/zoom-conference-call-work-from-home-privacy-concerns/

 

https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-automatic-removal-silent-update-webcam-vulnerability

 

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#Pandora: https://pandora.app.link/p9AvwdTpT3

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Download here!

No comments: