So this last week I was notified that I was accepted to speak at DerbyCon 4.0 - talk about diametrically opposed emotions. I am excited and humbled at the same time for being accepted to present.
The reality of being accepted has set in and I've had the opportunity to share with those outside the industry what an honor it is to be accepted to publicly present ones efforts and the feedback that will ultimately grow the source material.
I had started kicking around the idea several years ago to build out a "business value" capability using a variety of open source tools and sources for identifying Internet borne threats that organizations the world over face on a regular basis. Building what I had to (I glue and duct tape, I do not code/develop professionally) to bridge where needed. What I've ended up doing was quite eye opening and (for me) extremely fun. I've got to meet some really cool folks and do some really cool things since I started working on the nuts and bolts of the program as a whole.
While sites like the Norse Live Attack Intelligence or FireEye's Threat Map offer great "eye candy" - they do very little in the ways beyond introducing you, the practitioner, to buy an additional services. I started this project with the hopes of being able to share how to leverage the open source community with how such information can be leveraged and tailored to the individual organization. In order to be of any value, threat intelligence must be actionable to you/the organization otherwise its of limited value and can be a drain on resources.
I'm looking forward to having the opportunity to share what I've put together and gain feedback to make it better. So, if you are at DerbyCon 4.0 this year, and you attend my presentation, please find me and give me your thoughts and comments.
Tuesday, August 26, 2014
Monday, August 25, 2014
ISACA 7th Annual Geek Week - The Atlanta Ebola Tour - Post-Mortem
I've survived another Geek Week. More appropriately, I've survived the drive back from Atlanta, GA to Columbus, OH which was absolutely grueling. I've been very fortunate to have been asked and allowed to continue share my experiences with fellow ISACA professionals in the New York of the South, or Hotlanta if you prefer.
So this year I had the opportunity to present on two topics, Building an Open Source Threat Intelligence Program and Information Security from a Criminal Perspective. The opportunity to share was amazing and I appreciate all the feedback and questions I've received. We also had the opportunity to hear Frank Abagnale speak and tell the story behind the movie. If you ever get the opportunity to hear him speak, please do.
In addition to rambling on, being able to sit in on some killer tracks presented this year, most enjoyable was the panel discussion on Vendor Management (lively topic), Web Application Pen Testing by James Edge (@jedge_com) POS RAM Scraping by Charles Burke (@cburkeinga) walked through how easy it was to build an application that collected credit cards. Watching the live demo of just how easy it is, I believe opened some eyes.
So this year I had the opportunity to present on two topics, Building an Open Source Threat Intelligence Program and Information Security from a Criminal Perspective. The opportunity to share was amazing and I appreciate all the feedback and questions I've received. We also had the opportunity to hear Frank Abagnale speak and tell the story behind the movie. If you ever get the opportunity to hear him speak, please do.
In addition to rambling on, being able to sit in on some killer tracks presented this year, most enjoyable was the panel discussion on Vendor Management (lively topic), Web Application Pen Testing by James Edge (@jedge_com) POS RAM Scraping by Charles Burke (@cburkeinga) walked through how easy it was to build an application that collected credit cards. Watching the live demo of just how easy it is, I believe opened some eyes.
I also had the privileged to train the next round of Certified in Risk and Information Systems Control (CRISC) professionals which covered a two day review. This class was absolutely awesome to teach, share and overall engage with. It is always great to hear someone say "Before I sat for the class, I was just going to sit for my CPE's -- now I want to take the exam".
What I was unable to do was ensure that I got the presentations to the appropriate folks, this is in part due to the fact that the presentations were highly animated and rather large in file size. I'm currently working on getting the presentations converted into something smaller that folks can download directly.
Additionally, the following will take you to the content of this years Geek Week 2014 Conference Presentations Available for Download for those of you who attended.
So I made it back to Columbus Ohio, for a day before I was back on the road (or rather in the air) heading back to a client site in Rochester Minnesota. FYI, all this stories that Garrison Keeler shares about Lake Wobegon - absolutely true. If you want to know what it's like here, I urge you to check out http://prairiehome.org and listen to their weekly podcasts Listen to the complete show.
So, upon arrival to the Twin Cities (no direct connect flight from Columbus to Rochester) and while I was waiting on my partner to arrive, I noticed something that got me all giggling like mad - another instance of PCI Security Theatre (sigh). 250XP if anyone can tell me what is wrong with these pictures?
Alright, times up folks. For those of you following along with the PCI craze, that should be your retailers, hospitality, service providers, basically anyone that TAKES A CREDIT CARD, PCI DSS in requirement 9.1.2 Restrict physical access to publicly accessible network jacks. Now, I don't know how this complies with the requirement, and if someone could share that with me, I would greatly appreciate it. But from my observation of this particular instance (and it could be that it is the ONLY one like this anywhere and I just happened to stumble upon it by the luck of the Irish) of this being deployed in such a fashion. Next time I have a three hour layover in MSP, I'll have to do some wandering around and taking a look.
So what can one do with physical access? One might put something like this into play, not to saying ANYONE would ever do this:
This little box, costing a few dollars from your local Mendards/Home Depot/Lowes, sits on the wire between the device and the network drop and can listen passively without being discovered logically. This means, outside of a quick unplug and plug of the network cable, one could sit and capture details all day long. With a couple of quick additions (Thank you Raspberry Pi & Teensy) you could install a the drop and then remotely access via wifi or cellular. But no one would EVER do something like that right? I need to head off to the lab and see what I can do.
What I was unable to do was ensure that I got the presentations to the appropriate folks, this is in part due to the fact that the presentations were highly animated and rather large in file size. I'm currently working on getting the presentations converted into something smaller that folks can download directly.
Additionally, the following will take you to the content of this years Geek Week 2014 Conference Presentations Available for Download for those of you who attended.
So I made it back to Columbus Ohio, for a day before I was back on the road (or rather in the air) heading back to a client site in Rochester Minnesota. FYI, all this stories that Garrison Keeler shares about Lake Wobegon - absolutely true. If you want to know what it's like here, I urge you to check out http://prairiehome.org and listen to their weekly podcasts Listen to the complete show.
So, upon arrival to the Twin Cities (no direct connect flight from Columbus to Rochester) and while I was waiting on my partner to arrive, I noticed something that got me all giggling like mad - another instance of PCI Security Theatre (sigh). 250XP if anyone can tell me what is wrong with these pictures?
Alright, times up folks. For those of you following along with the PCI craze, that should be your retailers, hospitality, service providers, basically anyone that TAKES A CREDIT CARD, PCI DSS in requirement 9.1.2 Restrict physical access to publicly accessible network jacks. Now, I don't know how this complies with the requirement, and if someone could share that with me, I would greatly appreciate it. But from my observation of this particular instance (and it could be that it is the ONLY one like this anywhere and I just happened to stumble upon it by the luck of the Irish) of this being deployed in such a fashion. Next time I have a three hour layover in MSP, I'll have to do some wandering around and taking a look.
So what can one do with physical access? One might put something like this into play, not to saying ANYONE would ever do this:
This little box, costing a few dollars from your local Mendards/Home Depot/Lowes, sits on the wire between the device and the network drop and can listen passively without being discovered logically. This means, outside of a quick unplug and plug of the network cable, one could sit and capture details all day long. With a couple of quick additions (Thank you Raspberry Pi & Teensy) you could install a the drop and then remotely access via wifi or cellular. But no one would EVER do something like that right? I need to head off to the lab and see what I can do.
Subscribe to:
Posts (Atom)