Keynote slides from TagNW Summit 2019
My keynote slides from the TagNW Summit 2019, presented on November 8, 2019 in Bellingham, WA.
My keynote slides from the TagNW Summit 2019, presented on November 8, 2019 in Bellingham, WA.
Keeping an organization secure is every employee’s job. Instead of the obligatory employee training, Director of Security & IT for Pensar Development Kayne McGladrey recommends continuous engagement with the end-user community. “Provide opportunities and instrumentation to demonstrate policy violations rather than lecture at people.” Examples include leaving a USB data stick in a break room or using phishing tools to falsify emails from known employees that seem suspicious. “This helps educate and creates healthy suspicion,” said McGladrey.
2019 wasn’t a great year for cyber security. Although the number and scope of solutions available on the market increased, blue teams around the globe have been stymied by the increasing complexity and tactics of threat actors and the sheer volume of data to review. Here are four predictions for the coming storm, based on events in 2019.
There are three best practices that security professionals supporting schools can follow to help make the school year uneventful in their district: defending user identities, patching endpoints, and running quarterly tabletop exercises.
On December 12th, I moderated the #securityinsiderchat on Twitter, where more than twenty cybersecurity experts gathered to discuss their predictions for 2018. It’s always a pleasure and a privilege to learn from a diverse gathering of people and to read their ideas over the course of nearly 300 tweets. Plus, it’s an excellent opportunity to post animated cat gifs in the context of work.
Cloud computing will continue to grow despite the frequency of breaches due to a lack of administrative controls and unintentional configuration errors. When an administrator had access to an on-premises server, they could only administer that server; a “cloud administrator” can administer all the assets in a given cloud instance, including backing up and exfiltrating entire servers. This is like the unintentional configuration errors that have plagued so many Amazon S3 buckets in 2019, where organizations have stored PII in S3 in a default configuration, and then those data have been accessed by security researchers.
In the latest episode of The Cyber Security Recruiter podcast, I had an in-depth conversation with Thomas Richard about my 25-year journey in cybersecurity. From my unlikely beginnings in theater arts to my current role as the field CISO at Hyperproof, this conversation covers a wide array of subjects. We delve into the importance of implementing effective security controls and critique the industry’s heavy reliance on certifications. Thomas and I agree that while certifications can serve as useful benchmarks, their increasing prominence risks creating an exclusionary environment that could perpetuate a perceived “skills gap.” The episode covers not just technical matters but also broader philosophies and strategies that are essential for building a resilient cybersecurity posture