2019-043-Bea Hughes, dealing with realistic threats in your org
Published December 4, 2019
|
70 min
    Download
    Add to queue
    Copy URL
    Show notes

    Realistic Threats 

    Nation states aren’t after you

    https://twitter.com/beajammingh/status/1191884466752385025

    https://twitter.com/beajammingh/status/1198671660150226946

    https://twitter.com/beajammingh/status/1198671952824565762

     

    https://www.leviathansecurity.com/blog/the-calculus-of-threat-modeling 

     

    What are credible threats?

    Malicious insiders - 

    Non-malicious insiders - https://www.scmagazine.com/home/security-news/not-every-insider-threat-is-malicious-but-all-are-dangerous/

        Education issue?

        Is there such a thing as ‘non-malicious’ or is this just bunk?

     

    Real threats

        https://resources.infosecinstitute.com/5-new-threats-every-organization-prepared-2018/  

    CIO magazine threats -- buzzword threats (we should totally containerize all the things)

    Vulns that have names (blue team is stuck dealing with ‘theoretical’ issues e.g. SPECTRE/MELTDOWN)

    Lack of well-priced training?

        Dev Training?

        Security Training?

     

    Better management communication will reduce threats

        Building trust so they don’t freak when ‘$insert_named_vuln’ shows up

        Gotta frame it to business needs

        “Everyone is vulnerable” - keep FUD to a minimum, don’t exaggerate.

        Know your industry’s threats (phishing, money transfer fraud, malware

    Patreon donor:  Michael K. $10 patron!

    Layer8conf - https://www.workshopcon.com/events

    https://layer8conference.com/

     

    Regarding diversity scholarships, it's being worked on and the number of available spots will highly depend on the number of Sponsorships the conference secures.

    As a side note WorkshopCon will sponsor a number of Layer8 conference tickets if people follow @WorkshopCon on Twitter and tweet to us why they are interested in Social Engineering and OSINT topics with hashtag #sendMeToLayer8. We will select folks from those tweets with the emphasis being on folks coming from underrepresented or minority groups.

    In terms of sponsorship information for Layer8, Patrick wants people to send an email to sponsors@layer8conference.com

    Please let us know if you have any other questions, and thank you so much for giving us a hand spreading the word!!!

     

    Saturday June 6, 2020, RI Convention Center

     

    https://www.dianainitiative.org/

    https://twitter.com/DianaInitiative

     

    Conference in Las Vegas (Aug 6-7, 2020) (Thu & Fri)

    Check out our Store on Teepub! https://brakesec.com/store

    Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

    #Brakesec Store!:https://www.teepublic.com/user/bdspodcast

    #Spotifyhttps://brakesec.com/spotifyBDS

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

      15
      15
        0:00:00 / 0:00:00