December 2013 wrap-up

December 2013 wrap-up

Quick round-up of things that has been happening:

We competed in the RuCTFe event last weekend. David Schwartzberg from Barracuda has a write-up: Moar Security War Games. “The team of ethical hackers is called MiSec, short for Michigan Security, and were testing their metal against 173 teams spread across the planet. The team captain, Wolfgang Goerlich, asked if I would join the MiSec team to deploy a Barracuda Web Application Firewall (WAF) and Barracuda NG Firewall in front of a highly vulnerable Linux server.”

VioPoint continues to grow and we are in the final stages of build a new Security Operations Center. Metromode did a brief piece: VioPoint doubles space and adds jobs in Auburn Hills. “If timing is everything, then the leadership team at VioPoint thinks it has the right ingredients for a significant growth spurt. ‘We have the right people and the right services and we’re going at the market at the right time,’ says Wolfgang Goerlich.”

BSides Columbus accepted a talk from Mark Kikta and me: Rapid Fire Threat Modeling. Everyone is talking about threat modeling. But when you get down to it, few are doing threat modeling. The reasons are simple: modeling can be complicated, there is conflicting information, and it is not clear what to do with the finished model. This session presents a pragmatic threat modeling exercise that can be accomplished in an afternoon. We will review how to find sources for threat models, communicating the findings, auditing and assessing the available controls, and driving change within the organization. In sum, this talk presents a practical approach to rapidly getting the most from threat modeling. (January 20, 2014. Columbus, OH)

ConFoo accepted my software development lifecycle talk: SDLC in Hostile Environments. What happens when end-users have the motive, opportunity, and skillset to attack our software? When two hacker conferences hosted a six week capture-the-flag contest, organizers learned first-hand how this impacts the software development life cycle (SDLC). We will discuss wins and losses, successes and failures, and hard lessons learned. (February 24 – February 28, 2014. Montreal, Canada)

Posted by