Tuesday, December 3, 2019

2019-043-Bea Hughes, dealing with realistic threats in your org


Realistic Threats 

Nation states aren’t after you

https://twitter.com/beajammingh/status/1191884466752385025

https://twitter.com/beajammingh/status/1198671660150226946

https://twitter.com/beajammingh/status/1198671952824565762

 

https://www.leviathansecurity.com/blog/the-calculus-of-threat-modeling 

 

What are credible threats?

Malicious insiders - 

Non-malicious insiders - https://www.scmagazine.com/home/security-news/not-every-insider-threat-is-malicious-but-all-are-dangerous/

    Education issue?

    Is there such a thing as ‘non-malicious’ or is this just bunk?

 

Real threats

    https://resources.infosecinstitute.com/5-new-threats-every-organization-prepared-2018/  

CIO magazine threats -- buzzword threats (we should totally containerize all the things)

Vulns that have names (blue team is stuck dealing with ‘theoretical’ issues e.g. SPECTRE/MELTDOWN)

Lack of well-priced training?

    Dev Training?

    Security Training?

 

Better management communication will reduce threats

    Building trust so they don’t freak when ‘$insert_named_vuln’ shows up

    Gotta frame it to business needs

    “Everyone is vulnerable” - keep FUD to a minimum, don’t exaggerate.

    Know your industry’s threats (phishing, money transfer fraud, malware

Patreon donor:  Michael K. $10 patron!

Layer8conf - https://www.workshopcon.com/events

https://layer8conference.com/

 

Regarding diversity scholarships, it's being worked on and the number of available spots will highly depend on the number of Sponsorships the conference secures.

As a side note WorkshopCon will sponsor a number of Layer8 conference tickets if people follow @WorkshopCon on Twitter and tweet to us why they are interested in Social Engineering and OSINT topics with hashtag #sendMeToLayer8. We will select folks from those tweets with the emphasis being on folks coming from underrepresented or minority groups.

In terms of sponsorship information for Layer8, Patrick wants people to send an email to sponsors@layer8conference.com

Please let us know if you have any other questions, and thank you so much for giving us a hand spreading the word!!!

 

Saturday June 6, 2020, RI Convention Center

 

https://www.dianainitiative.org/

https://twitter.com/DianaInitiative

 

Conference in Las Vegas (Aug 6-7, 2020) (Thu & Fri)

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Download here!

No comments: