A Dark Path
- Co-Founder / CEO
- Advisory Chief Security Officer
- CCIE Security
- NSA x2
- Former Fortune 500 Exec
- Governor - FBI - InfraGard
- Academy - FBI - Graduate
- Air Force Veteran
1. Cyber Security versus Information Security.
2. Evolution of cyber security from the past to modern America.
Genesis - 1
1. What industries should have information/cyber security?
Conformance - 3
1. What are you protecting?
2. What is it worth to you?
3. Who are you protecting it against?
4. What are the consequences of failure.
An unskilled self proclaimed hacker that does not develop their code and leverages downloads and programs from the internet.
An unknown employee who's plan is not inline with the firm's initiatives.
A hacker that looks to disrupts by denying service or exfiltrating date from firms.
Loose collection of hackers launching targeted attacks against specific entities to cause embarrassment or financial harm.
Motivations of a nation-state or terrorist group looking for damage, intellectual property financial and/or embarassement.
Trust no-one as your competitor could be motivated to steal your information, client share and more.
- Rogue Users
- Active Sync
- Software updates
- Corporate Wireless
- Zero Security Awareness
- Firms do not test the effectiveness of the program
- AV is not enough
- Users clicking on erroneous links
- Patch Management
- Weak Vendor Compliance
- 3rd Party Audit
- Infrastructure (FW, IPS, Segmentation.)
- INFOSEC Budget
- M&A Security
- IT/INFOSEC should not be combined
- Human Resources
- US Security
- Transborder Data Security
A. Inputs / Outputs
- SSAE 16
- Segmentation - Physical and Logical
- Regulatory Awareness
- Annual Re-compliane
- Frameworks (ISO, COBIT et cetera...)
Collection of network & system information used to detect and identify threats across multiple platforms.
Mobile Device Management is paramount as more companies are leaning toward reducing cost and adding flexibility.
- Identifying sensitive data and encrypting the data.
- All data in transport must use the highest encryption level.
The use of segmentation ensures sensitive data is handled, stored and secured separately from non-secure data.
Desktops and laptops require more protect than antivirus.
Servers are far too critical and require an additional layer of protection.
IT Leaders are lobbying for a more serious budget to match the threats.
Companies are realizing the need of an experienced C level presence.
Policies are being constructed with Board approval.
Board / Policies
- Businesses are becoming far more careful and are protecting themselves through contracts.
- Security awareness for Vendors.
Security awareness is being instituted and more importantly, testing the effectiveness of the awareness program is becoming a standard.
Non - Technical
Legal / Privacy
The Global reach of Information Security.
The evolution of Information Security.
Where the threats are coming from...
How are vulnerabilities implemented from a technical perspective.
How are vulnerabilities implemented from a non-technical perspective.
Threat mitigation solutions from a technical and non-technical perspective.