Stuck in Traffic – SBAR and 8-D

We need to do more than speak business language. We need to embrace industry processes and terms to drive action. Example? 8-D in manufacturing and SBAR in medical.

Watch more videos on my YouTube channel.

The heist movie Ocean’s 11 wasn’t about using an casino ocean aquarium to steal from high rollers. But maybe it should have been. Turns out, IoT has reached the fish tank.

Watch more videos on my YouTube channel.

It takes on average 90-days to recover from a breach. Equifax did it in 3. If we were to be compromised, do we have the tools and processes for rapid response?

Watch more videos on my YouTube channel.

A couple of examples for tracking adversaries on the web applications, and using those metrics to drive security activities.

Watch more videos on my YouTube channel.

RSA: DevOps Connect, Hosted by Courtney Kissler

As DevOps continues to be adopted across industries, IT security and application security professionals are being asked to secure the workflow and products. And we get asked to evaluate, recommend, and implement security controls well after the DevOps team has been established. Sometimes, months or even years after the team has launched. This talk speaks to that audience, sharing practices on how to start off strong. Approaches for building relationships, creating intuition, and becoming a trusted partner will be discussed and demonstrated. It is imperative we add security without taking away speed and agility, and the first 90-days is a crucial period.

Watch more videos on my YouTube channel.

A brief bit on what we can learn from the RSA Conference app leaking attendee data.

Watch more videos on my YouTube channel.

A lesson learned from watching this year’s FIRST Michigan state competition.

Watch more videos on my YouTube channel.

Remember the old Bell-LaPadula model for data classification? Time to dust those classic concepts off. Take microservices, the new and shiny. These introduce new areas of problems when different classifications of services are used by different classifications of apps. Here’s an example.

Watch more videos on my YouTube channel.

Microsoft Malware Protection Engine is fatally flawed. Patch now. So that’s a tad scary. But how the flaw got there, that’s more interesting.

Watch more videos on my YouTube channel.

Security happens where man meshes with machine. Human psychology, things like object permanence and object constancy, just might influence whether our cloud (SaaS, IaaS, PaaS) environments are secured.

Watch more videos on my YouTube channel.