2020-011-Alyssa miller, deep fakes, threatmodeling for Devops environments, and virtual conferences
Published March 25, 2020
|
70 min
    Download
    Add to queue
    Copy URL
    Show notes

    https://twitter.com/AlyssaM_InfoSec/status/1159877471161839617?s=19

     

    Looking forward to sharing my vision for ending the 60 year cycle of bad defense strategies in #infosec and my challenge to think about security in a more effective way. https://sched.co/TAqU

    @dianainitiative

    #DianaInitiative2019 #cdwsocial

    @CDWCorp

     

    1961 - MIT - CTSS - https://en.wikipedia.org/wiki/Compatible_Time-Sharing_System

     

    Egg, coconut, brick ( my example of security --brbr)

       

    Start with critical assets

        Layer outward, not perimeter in.

    Medieval castles

        Create the keep, build out from that

        Active defenses

     

    Dover Castle - https://en.wikipedia.org/wiki/Dover_Castle#/media/File:1_dover_castle_aerial_panorama_2017.jpg

     

    Detection defenses - watchguards

    Mitigation defenses - moats - give time/space to respond (network segmentation)

    Active countermeasures - knights/archers/cannons 



    DeepFake technology

    Election year

    Spoke at RSA

    Business threat? 

            “Outsider trading”

                “Video of Elon talking about problems - fake…”

                    Stocks tank - short

    https://www.vice.com/en_us/article/ywyxex/deepfake-of-mark-zuckerberg-facebook-fake-video-policy 



    Could it be done strategically to destabilize things

    Extort business leaders

        Fake videos used to extort 

     

    Still difficult to create

        What’s the hurdles stopping it from being mainstream?

            Huge render farms?

     

    https://www.youtube.com/watch?v=18LN7VQM1aw - deepfake Sharon Stone/ Steve Buscemi

     

    Threat modeling in devSecOps

    Agile env needs to be quick, fast, and 

    Build it into user stories

    Shostack’s method is a bit weighty

        How do we implement that in such a way to make dev want to do them?

     

    Organizing Virtual cons

        https://Allthetalks.online - April 15

            24 hour conference for charity

    Talks, followed by interactive channels, community generation

    Virtual Lobbycon

    Comedian 

    CFP is open 01 April 2020

    Sticker swap!

       

        Bsides Atlanta

            27-29 March

            https://bsidesatl.org/ - All virtual this weekend!

           

     

        Infosec Oasis

            https://Infosecoasis.com - 18 April

     

    https://mashable.com/article/zoom-conference-call-work-from-home-privacy-concerns/

     

    https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-automatic-removal-silent-update-webcam-vulnerability

     

     

    Check out our Store on Teepub! https://brakesec.com/store

    Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

    #Brakesec Store!:https://www.teepublic.com/user/bdspodcast

    #Spotifyhttps://brakesec.com/spotifyBDS

    #Pandora: https://pandora.app.link/p9AvwdTpT3

    #RSShttps://brakesec.com/BrakesecRSS

    #Youtube Channel:  http://www.youtube.com/c/BDSPodcast

    #iTunes Store Link: https://brakesec.com/BDSiTunes

    #Google Play Store: https://brakesec.com/BDS-GooglePlay

    Our main site:  https://brakesec.com/bdswebsite

    #iHeartRadio App:  https://brakesec.com/iHeartBrakesec

    #SoundCloudhttps://brakesec.com/SoundcloudBrakesec

    Comments, Questions, Feedback: bds.podcast@gmail.com

    Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

    https://brakesec.com/BDSPatreon

    #Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

    #Player.FM : https://brakesec.com/BDS-PlayerFM

    #Stitcher Network: https://brakesec.com/BrakeSecStitcher

    #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

      15
      15
        0:00:00 / 0:00:00