Stuck in Traffic – Memory and Certificates

Standards, technology, attack, verification. PCI DSS / 20 CSC, EMET, drive-by downloads and man-in-the-middle, red team testing. These and other lists of four, this morning in traffic.

Watch more videos on my YouTube channel.

Real traffic. Real feedback. Let’s use positive and negative feedback loops to drive secure behavior. For real.

Watch more videos on my YouTube channel.

Buy/Sells, ASNs, and other business processes that lead to financial penalties. Things to consider when costing out a security incident.

Watch more videos on my YouTube channel.

OSes hit end of life. Patching becomes prohibitively expensive. So organizations switch to host-based integrity. Now what if we were to convert this into security exercises? Presto chango. Business case for red teaming.

Watch more videos on my YouTube channel.

Mistaking your diagram for your network? Finding out in a breach is bad. Finding out in a penetration test is a bit better. Security exercises? Decent. But the best approach is automatically checking the security assumptions.

Watch more videos on my YouTube channel.

We can’t trust the coffee shop to get the order right. We can’t trust the service desk to not fall for social engineering. So, give up? Or put in place processes to help?

Watch more videos on my YouTube channel.

From Bring Your Own Device to Cloud Computing, ownership is not a control. The first thing in BYOD? Letting go of fear. The second thing? Coffee, probably.

Watch more videos on my YouTube channel.

Evening edition. A handful of ways ERP security goes sideways and a fistful of sand for building better castles.

Watch more videos on my YouTube channel.

Back to school has its own rituals and rhythms. So does corporate IT. Each becomes an opportunity to build and reinforce culture.

Watch more videos on my YouTube channel.