[Lithuania] I am the cavalry

OWASP EEE
OWASP EEEOWASP
I AM THE CAVALRY http://iamthecavalry.org @iamthecavalry SHOULDN’T YOU BE ALSO?
CLAUS CRAMON HOUMANN Infosec Community Manager @ Peerlyst (A start-up Infosec community/Social platform that wants to turn the tables on cyber security) Infosec Consultant The Analogies contributor Twitter: @claushoumann
IDEA “Our dependence on technology is growing faster than our ability to secure it”
IDEA “Our society has evolved faster than our laws”
IDEA But why wait.......
ALL SYSTEMS FAIL* * Yes; all
WHERE DO WE SEE CONNECTIVITY NOW? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
HEARTBLEED + (UNPATCHABLE) INTERNET OF THINGS == ___ ? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
SAY BABY MONITORS AGAIN? In Our Homes Source: Rapid7 research/Mark Stanislav: Baby monitors https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-
THEN
BUT ALSO
IT’S SAFETY NOT JUST SECURITY Ouch!
Cars have computers Computers have security issues Security issues in cars are safety issues Safety issues can cost or imperil lives
www.iamthecavalry.org @iamthecavalry Past versus Future Bolt-On Vs Built-In
SOMEONE WILL FIX IT FOR US Chapter 2
[Lithuania] I am the cavalry
OR NOT…….. Chapter 3
Let’s create ripples
A DO-OCRACY OF DO’ERS. W H ER E D OIN G STARTS W ITH EMPATHY And by ripples I mean
[Lithuania] I am the cavalry
[Lithuania] I am the cavalry
[Lithuania] I am the cavalry
The Point?
NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED CITIZENS CAN CHANGE THE WORLD; IT’S THE ONLY THING THAT EVER HAS. - MAR GAR ET MEAD ( A N A M E R I C A N C U LT U R A L A N T H R O P O L O G I S T )
•The The Cavalry isn’t coming… It falls to us Problem Statement Our society is adopting connected technology faster than we are able to secure it. Mission Statement To ensure connected technologies with the potential to impact public safety and human life are worthy of our trust. Collecting existing research, researchers, and resources Connecting researchers with each other, industry, media, policy, and legal Collaborating across a broad range of backgrounds, interests, and skillsets Catalyzing positive action sooner than it would have happened on its own Why Trust, public safety, human life How Education, outreach, research Who Infosec research community Who Global, grass roots initiative WhatLong-term vision for cyber safety Medical Automotive Connected Home Public Infrastructure I Am The Cavalry
Connections and Ongoing Collaborations 5-Star Framework 5-Star Capabilities  Safety by Design – Anticipate failure and plan mitigation  Third-Party Collaboration – Engage willing allies  Evidence Capture – Observe and learn from failure  Security Updates – Respond quickly to issues discovered  Segmentation & Isolation – Prevent cascading failure Addressing Automotive Cyber Systems Automotive Engineers Security Researchers Policy Makers Insurance Analysts Accident Investigators Standards Organizations https://www.iamthecavalry.org/auto/5star/
www.iamthecavalry.org @iamthecavalry 5-Star Cyber Safety Formal Capacities 1. Safety By Design 2. Third Party Collaboration 3. Evidence Capture 4. Security Updates 5. Segmentation and Isolation Plain Speak 1. Avoid Failure 2. Engage Allies To Avoid Failure 3. Learn From Failure 4. Respond to Failure 5. Isolate Failure
5 STARS 5 star ICS 5 star IoT 5 star medical devices
www.iamthecavalry.org @iamthecavalry And! • Dräger on board with I am the Cavalry as first medical device producer working directly in sync with us • Their Product Security Manager is even directly involved now
AND MORE IN OTHER AREAS COMING We try to connect researchers to 1. Lawmakers to inform of meaningful changes to laws to enforce secure by default 2. Vendors/producers to inform of secure ways to build securely by design and of identified vulnerabilities 3. Purchasers of devices (example: Pacemakers, car distributors) to explain to them why they need to contractually demand security – if there is demand vendors will supply
AND YES I DID SAY LAWMAKERS It is WEIRD for you to have to listen to. I agree, but
WHAT YOU CAN DO Chapter 5
CONNECTIONS/CONNECTORS WANTED Breakers and Builders Legal and Policy Citizens, Connectors Parents/Guardians Community Leaders/Bloggers/Podcasters/etc.
MOUNT UP AND BE THE CAVALRY YOU DON’T ACTUALY NEED A HORSE
SAFER. SOONER. TOGETHER http://iamthecavalry.org @iamthecavalry
-> OWASK SKF -> OWASP SECURITY SHEPHERD -> OWASP ZAP Recommendations: Use SDLC
1 of 36

[Lithuania] I am the cavalry

Download to read offline
Internet

I am the cavalry. Shouldn't you be also? Claus Cramon Houmann

OWASP EEE
OWASP EEEOWASP

Recommended

Threat Check for Struts Released, Equifax Breach Dominates News by
Threat Check for Struts Released, Equifax Breach Dominates NewsThreat Check for Struts Released, Equifax Breach Dominates News
Threat Check for Struts Released, Equifax Breach Dominates NewsBlack Duck by Synopsys
479 views17 slides
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability by
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 VulnerabilityOpen Source Insight: Equifax, Apache Struts, & CVE-2017-5638 Vulnerability
Open Source Insight: Equifax, Apache Struts, & CVE-2017-5638 VulnerabilityBlack Duck by Synopsys
586 views16 slides
Are Your IT Systems Secure? by
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?Nex-Tech
194 views14 slides
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses by
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
490 views16 slides
Any of these folks work with you? by
Any of these folks work with you?Any of these folks work with you?
Any of these folks work with you?Kevin O'Connor
121 views11 slides
What are the top 10 web security risks? by
What are the top 10 web security risks?What are the top 10 web security risks?
What are the top 10 web security risks?Jacklin Berry
113 views3 slides

More Related Content

What's hot

9 Alarming developments in the fight for digital privacy by
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacyEntefy
525 views14 slides
The Silver Bullet of Cyber Security v1.1 by
The Silver Bullet of Cyber Security v1.1The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1William Kiss
40 views1 slide
Security Awareness Training: Are We Getting Any Better at Organizational and ... by
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Enterprise Management Associates
522 views26 slides
Five Mistakes of Incident Response by
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident ResponseAnton Chuvakin
947 views4 slides
Stki summit2013 infra_pini sigaltechnologies_v5 final by
Stki summit2013 infra_pini sigaltechnologies_v5 finalStki summit2013 infra_pini sigaltechnologies_v5 final
Stki summit2013 infra_pini sigaltechnologies_v5 finalAriel Evans
788 views45 slides
Protecting your Data in Google Apps by
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google AppsElastica Inc.
751 views12 slides

What's hot(20)

9 Alarming developments in the fight for digital privacy by Entefy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy
Entefy525 views
The Silver Bullet of Cyber Security v1.1 by William Kiss
The Silver Bullet of Cyber Security v1.1The Silver Bullet of Cyber Security v1.1
The Silver Bullet of Cyber Security v1.1
William Kiss40 views
Security Awareness Training: Are We Getting Any Better at Organizational and ... by Enterprise Management Associates
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Enterprise Management Associates522 views
Five Mistakes of Incident Response by Anton Chuvakin
Five Mistakes of Incident ResponseFive Mistakes of Incident Response
Five Mistakes of Incident Response
Anton Chuvakin947 views
Stki summit2013 infra_pini sigaltechnologies_v5 final by Ariel Evans
Stki summit2013 infra_pini sigaltechnologies_v5 finalStki summit2013 infra_pini sigaltechnologies_v5 final
Stki summit2013 infra_pini sigaltechnologies_v5 final
Ariel Evans788 views
Protecting your Data in Google Apps by Elastica Inc.
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google Apps
Elastica Inc.751 views
Cybersecurity Powerpoint Presentation Slides by SlideTeam
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
SlideTeam206 views
How to Improve Your Board’s Cyber Security Literacy by Tripwire
How to Improve Your Board’s Cyber Security LiteracyHow to Improve Your Board’s Cyber Security Literacy
How to Improve Your Board’s Cyber Security Literacy
Tripwire967 views
100903 e assessment (dundee) by JISC Legal
100903 e assessment (dundee)100903 e assessment (dundee)
100903 e assessment (dundee)
JISC Legal385 views
Wiretap 5-collaboration-security-risks-revealed by Britt Newton
Wiretap 5-collaboration-security-risks-revealedWiretap 5-collaboration-security-risks-revealed
Wiretap 5-collaboration-security-risks-revealed
Britt Newton96 views
Maleeff university of toronto 11 july 2019 by Stephen Abram
Maleeff university of toronto 11 july 2019Maleeff university of toronto 11 july 2019
Maleeff university of toronto 11 july 2019
Stephen Abram96 views
Social Media Policy by Elizabeth Engel
Social Media PolicySocial Media Policy
Social Media Policy
Elizabeth Engel552 views
Autisable com-2020-05-13-cybersecurity-matters- by Saad Ahmad
Autisable com-2020-05-13-cybersecurity-matters-Autisable com-2020-05-13-cybersecurity-matters-
Autisable com-2020-05-13-cybersecurity-matters-
Saad Ahmad29 views
Business continuity in the lean times by Steven Aiello
Business continuity in the lean timesBusiness continuity in the lean times
Business continuity in the lean times
Steven Aiello510 views
How secure is your company's information? by eLeaP
How secure is your company's information?How secure is your company's information?
How secure is your company's information?
eLeaP78 views
7 cyber security questions for boards by Paul McGillicuddy
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
Paul McGillicuddy46.3K views
Managing insider threat by milliemill
Managing insider threatManaging insider threat
Managing insider threat
milliemill1.1K views
Review Paper ( Research Articles ) by SaadSaif6
Review Paper ( Research Articles )Review Paper ( Research Articles )
Review Paper ( Research Articles )
SaadSaif653 views
Philippines ‘lagging behind’ on cloud adoption by John Davis
Philippines ‘lagging behind’ on cloud adoptionPhilippines ‘lagging behind’ on cloud adoption
Philippines ‘lagging behind’ on cloud adoption
John Davis268 views
Valuing Data in the Age of Ransomware by IBM Security
Valuing Data in the Age of Ransomware Valuing Data in the Age of Ransomware
Valuing Data in the Age of Ransomware
IBM Security703 views

Viewers also liked

[Lithuania] Introduction to threat modeling by
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modelingOWASP EEE
444 views21 slides
[Russia] Node.JS - Architecture and Vulnerabilities by
[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and VulnerabilitiesOWASP EEE
560 views15 slides
Dia da Música by
Dia da MúsicaDia da Música
Dia da MúsicaPaulo Antunes
1.2K views18 slides
[Austria] Security by Design by
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by DesignOWASP EEE
665 views16 slides
[Cluj] CSP (Content Security Policy) by
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)OWASP EEE
576 views13 slides
[Bucharest] Catching up with today's malicious actors by
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
431 views25 slides

Viewers also liked(12)

[Lithuania] Introduction to threat modeling by OWASP EEE
[Lithuania] Introduction to threat modeling[Lithuania] Introduction to threat modeling
[Lithuania] Introduction to threat modeling
OWASP EEE444 views
[Russia] Node.JS - Architecture and Vulnerabilities by OWASP EEE
[Russia] Node.JS - Architecture and Vulnerabilities[Russia] Node.JS - Architecture and Vulnerabilities
[Russia] Node.JS - Architecture and Vulnerabilities
OWASP EEE560 views
Dia da Música by Paulo Antunes
Dia da MúsicaDia da Música
Dia da Música
Paulo Antunes1.2K views
[Austria] Security by Design by OWASP EEE
[Austria] Security by Design[Austria] Security by Design
[Austria] Security by Design
OWASP EEE665 views
[Cluj] CSP (Content Security Policy) by OWASP EEE
[Cluj] CSP (Content Security Policy)[Cluj] CSP (Content Security Policy)
[Cluj] CSP (Content Security Policy)
OWASP EEE576 views
[Bucharest] Catching up with today's malicious actors by OWASP EEE
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
OWASP EEE431 views
[Poland] It's only about frontend by OWASP EEE
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontend
OWASP EEE521 views
[Russia] Give me a stable input by OWASP EEE
[Russia] Give me a stable input[Russia] Give me a stable input
[Russia] Give me a stable input
OWASP EEE335 views
[Lithuania] DigiCerts and DigiID to Enterprise apps by OWASP EEE
[Lithuania] DigiCerts and DigiID to Enterprise apps[Lithuania] DigiCerts and DigiID to Enterprise apps
[Lithuania] DigiCerts and DigiID to Enterprise apps
OWASP EEE350 views
[Bucharest] XML Based Attacks by OWASP EEE
[Bucharest] XML Based Attacks[Bucharest] XML Based Attacks
[Bucharest] XML Based Attacks
OWASP EEE610 views
RESUME OF MAHFUZUR RAHMAN_Oct' 15 by Mahfuzur Rahman
RESUME OF MAHFUZUR RAHMAN_Oct' 15RESUME OF MAHFUZUR RAHMAN_Oct' 15
RESUME OF MAHFUZUR RAHMAN_Oct' 15
Mahfuzur Rahman317 views
[Russia] MySQL OOB injections by OWASP EEE
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
OWASP EEE1.6K views

Similar to [Lithuania] I am the cavalry

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015 by
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
447 views36 slides
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0 by
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0Claus Cramon Houmann
262 views25 slides
Netflix SIRT - Culture and Tech -Trainman by
Netflix SIRT - Culture and Tech -TrainmanNetflix SIRT - Culture and Tech -Trainman
Netflix SIRT - Culture and Tech -TrainmanAlex Maestretti
3.2K views49 slides
Questions On Article On Android Security by
Questions On Article On Android SecurityQuestions On Article On Android Security
Questions On Article On Android SecurityJulie Potts
3 views45 slides
Bad Credit by
Bad CreditBad Credit
Bad CreditJill Lyons
2 views80 slides
Unpatchable: Living with a vulnerable implanted device by
Unpatchable: Living with a vulnerable implanted deviceUnpatchable: Living with a vulnerable implanted device
Unpatchable: Living with a vulnerable implanted deviceMarie Elisabeth Gaup Moe
774 views32 slides

Similar to [Lithuania] I am the cavalry(20)

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015 by Claus Cramon Houmann
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
Claus Cramon Houmann447 views
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0 by Claus Cramon Houmann
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
Claus Cramon Houmann262 views
Netflix SIRT - Culture and Tech -Trainman by Alex Maestretti
Netflix SIRT - Culture and Tech -TrainmanNetflix SIRT - Culture and Tech -Trainman
Netflix SIRT - Culture and Tech -Trainman
Alex Maestretti3.2K views
Questions On Article On Android Security by Julie Potts
Questions On Article On Android SecurityQuestions On Article On Android Security
Questions On Article On Android Security
Julie Potts3 views
Bad Credit by Jill Lyons
Bad CreditBad Credit
Bad Credit
Jill Lyons2 views
Unpatchable: Living with a vulnerable implanted device by Marie Elisabeth Gaup Moe
Unpatchable: Living with a vulnerable implanted deviceUnpatchable: Living with a vulnerable implanted device
Unpatchable: Living with a vulnerable implanted device
Marie Elisabeth Gaup Moe774 views
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos by Neil Curran MSc CISSP CRISC CGEIT CISM CISA
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
Neil Curran MSc CISSP CRISC CGEIT CISM CISA1.3K views
Tech Talent Meetup Hacking Security Event Recap by Dominic Vogel
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
Dominic Vogel195 views
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx by woodruffeloisa
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
woodruffeloisa3 views
Cyber Terrorism And Cyber Attacks by Michele Lata
Cyber Terrorism And Cyber AttacksCyber Terrorism And Cyber Attacks
Cyber Terrorism And Cyber Attacks
Michele Lata4 views
Cybrary's navigating a security wasteland by Devendra kashyap
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
Devendra kashyap93 views
Cognitive Computing in Security with AI by JoAnna Cheshire
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI
JoAnna Cheshire1.3K views
IT security by Steven Aiello
IT securityIT security
IT security
Steven Aiello536 views
Digital Defense for Activists (and the rest of us) by Michele Chubirka
Digital Defense for Activists (and the rest of us)Digital Defense for Activists (and the rest of us)
Digital Defense for Activists (and the rest of us)
Michele Chubirka3.8K views
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity by laurieannwilliams
The Rising Tide Raises All Boats: The Advancement of Science of CybersecurityThe Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
The Rising Tide Raises All Boats: The Advancement of Science of Cybersecurity
laurieannwilliams717 views
Avoiding The Seven Deadly Sins of IT by Envision Technology Advisors
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
Envision Technology Advisors446 views
My Fears Essay by Ginny Sagdalen
My Fears EssayMy Fears Essay
My Fears Essay
Ginny Sagdalen3 views
Intro to INFOSEC by Sean Whalen
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen1.2K views
Why security is the kidney not the tail of the dog v3 by Ernest Staats
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
Ernest Staats250 views
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ... by Dana Gardner
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner411 views

More from OWASP EEE

[Austria] ZigBee exploited by
[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploitedOWASP EEE
747 views48 slides
[Austria] How we hacked an online mobile banking Trojan by
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking TrojanOWASP EEE
654 views41 slides
[Poland] SecOps live cooking with OWASP appsec tools by
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec toolsOWASP EEE
461 views35 slides
[Cluj] Turn SSL ON by
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ONOWASP EEE
406 views16 slides
[Cluj] Information Security Through Gamification by
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through GamificationOWASP EEE
585 views17 slides
[Cluj] A distributed - collaborative client certification system by
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification systemOWASP EEE
163 views14 slides

More from OWASP EEE(17)

[Austria] ZigBee exploited by OWASP EEE
[Austria] ZigBee exploited[Austria] ZigBee exploited
[Austria] ZigBee exploited
OWASP EEE747 views
[Austria] How we hacked an online mobile banking Trojan by OWASP EEE
[Austria] How we hacked an online mobile banking Trojan[Austria] How we hacked an online mobile banking Trojan
[Austria] How we hacked an online mobile banking Trojan
OWASP EEE654 views
[Poland] SecOps live cooking with OWASP appsec tools by OWASP EEE
[Poland] SecOps live cooking with OWASP appsec tools[Poland] SecOps live cooking with OWASP appsec tools
[Poland] SecOps live cooking with OWASP appsec tools
OWASP EEE461 views
[Cluj] Turn SSL ON by OWASP EEE
[Cluj] Turn SSL ON[Cluj] Turn SSL ON
[Cluj] Turn SSL ON
OWASP EEE406 views
[Cluj] Information Security Through Gamification by OWASP EEE
[Cluj] Information Security Through Gamification[Cluj] Information Security Through Gamification
[Cluj] Information Security Through Gamification
OWASP EEE585 views
[Cluj] A distributed - collaborative client certification system by OWASP EEE
[Cluj] A distributed - collaborative client certification system[Cluj] A distributed - collaborative client certification system
[Cluj] A distributed - collaborative client certification system
OWASP EEE163 views
[Russia] Bugs -> max, time <= T by OWASP EEE
[Russia] Bugs -> max, time <= T[Russia] Bugs -> max, time <= T
[Russia] Bugs -> max, time <= T
OWASP EEE346 views
[Russia] Building better product security by OWASP EEE
[Russia] Building better product security[Russia] Building better product security
[Russia] Building better product security
OWASP EEE382 views
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent by OWASP EEE
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
[Lithuania] Cross-site request forgery: ways to exploit, ways to prevent
OWASP EEE774 views
[Hungary] I play Jack of Information Disclosure by OWASP EEE
[Hungary] I play Jack of Information Disclosure[Hungary] I play Jack of Information Disclosure
[Hungary] I play Jack of Information Disclosure
OWASP EEE510 views
[Hungary] Survival is not mandatory. The air force one has departured are you... by OWASP EEE
[Hungary] Survival is not mandatory. The air force one has departured are you...[Hungary] Survival is not mandatory. The air force one has departured are you...
[Hungary] Survival is not mandatory. The air force one has departured are you...
OWASP EEE378 views
[Hungary] Secure Software? Start appreciating your developers! by OWASP EEE
[Hungary] Secure Software? Start appreciating your developers![Hungary] Secure Software? Start appreciating your developers!
[Hungary] Secure Software? Start appreciating your developers!
OWASP EEE237 views
[Bucharest] Your intents are dirty, droid! by OWASP EEE
[Bucharest] Your intents are dirty, droid![Bucharest] Your intents are dirty, droid!
[Bucharest] Your intents are dirty, droid!
OWASP EEE390 views
[Bucharest] #DontTrustTheDarkSide by OWASP EEE
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide
OWASP EEE517 views
[Bucharest] From SCADA to IoT Cyber Security by OWASP EEE
[Bucharest] From SCADA to IoT Cyber Security[Bucharest] From SCADA to IoT Cyber Security
[Bucharest] From SCADA to IoT Cyber Security
OWASP EEE1.1K views
[Bucharest] Reversing the Apple Sandbox by OWASP EEE
[Bucharest] Reversing the Apple Sandbox[Bucharest] Reversing the Apple Sandbox
[Bucharest] Reversing the Apple Sandbox
OWASP EEE338 views
[Bucharest] Attack is easy, let's talk defence by OWASP EEE
[Bucharest] Attack is easy, let's talk defence[Bucharest] Attack is easy, let's talk defence
[Bucharest] Attack is easy, let's talk defence
OWASP EEE792 views

Recently uploaded

How to think like a threat actor for Kubernetes.pptx by
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptxLibbySchulze1
5 views33 slides
ATPMOUSE_융합2조.pptx by
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptxkts120898
35 views70 slides
hamro digital logics.pptx by
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptxtupeshghimire
10 views36 slides
The Dark Web : Hidden Services by
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden ServicesAnshu Singh
14 views24 slides
Affiliate Marketing by
Affiliate MarketingAffiliate Marketing
Affiliate MarketingNavin Dhanuka
17 views30 slides
Marketing and Community Building in Web3 by
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3Federico Ast
14 views64 slides

Recently uploaded(6)

How to think like a threat actor for Kubernetes.pptx by LibbySchulze1
How to think like a threat actor for Kubernetes.pptxHow to think like a threat actor for Kubernetes.pptx
How to think like a threat actor for Kubernetes.pptx
LibbySchulze15 views
ATPMOUSE_융합2조.pptx by kts120898
ATPMOUSE_융합2조.pptxATPMOUSE_융합2조.pptx
ATPMOUSE_융합2조.pptx
kts12089835 views
hamro digital logics.pptx by tupeshghimire
hamro digital logics.pptxhamro digital logics.pptx
hamro digital logics.pptx
tupeshghimire10 views
The Dark Web : Hidden Services by Anshu Singh
The Dark Web : Hidden ServicesThe Dark Web : Hidden Services
The Dark Web : Hidden Services
Anshu Singh14 views
Affiliate Marketing by Navin Dhanuka
Affiliate MarketingAffiliate Marketing
Affiliate Marketing
Navin Dhanuka17 views
Marketing and Community Building in Web3 by Federico Ast
Marketing and Community Building in Web3Marketing and Community Building in Web3
Marketing and Community Building in Web3
Federico Ast14 views

[Lithuania] I am the cavalry

  • 1. I AM THE CAVALRY http://iamthecavalry.org @iamthecavalry SHOULDN’T YOU BE ALSO?
  • 2. CLAUS CRAMON HOUMANN Infosec Community Manager @ Peerlyst (A start-up Infosec community/Social platform that wants to turn the tables on cyber security) Infosec Consultant The Analogies contributor Twitter: @claushoumann
  • 3. IDEA “Our dependence on technology is growing faster than our ability to secure it”
  • 4. IDEA “Our society has evolved faster than our laws”
  • 7. WHERE DO WE SEE CONNECTIVITY NOW? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
  • 8. HEARTBLEED + (UNPATCHABLE) INTERNET OF THINGS == ___ ? In Our Bodies In Our Homes In Our InfrastructureIn Our Cars
  • 9. SAY BABY MONITORS AGAIN? In Our Homes Source: Rapid7 research/Mark Stanislav: Baby monitors https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-
  • 10. THEN
  • 12. IT’S SAFETY NOT JUST SECURITY Ouch!
  • 13. Cars have computers Computers have security issues Security issues in cars are safety issues Safety issues can cost or imperil lives
  • 15. SOMEONE WILL FIX IT FOR US Chapter 2
  • 19. A DO-OCRACY OF DO’ERS. W H ER E D OIN G STARTS W ITH EMPATHY And by ripples I mean
  • 24. NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED CITIZENS CAN CHANGE THE WORLD; IT’S THE ONLY THING THAT EVER HAS. - MAR GAR ET MEAD ( A N A M E R I C A N C U LT U R A L A N T H R O P O L O G I S T )
  • 25. •The The Cavalry isn’t coming… It falls to us Problem Statement Our society is adopting connected technology faster than we are able to secure it. Mission Statement To ensure connected technologies with the potential to impact public safety and human life are worthy of our trust. Collecting existing research, researchers, and resources Connecting researchers with each other, industry, media, policy, and legal Collaborating across a broad range of backgrounds, interests, and skillsets Catalyzing positive action sooner than it would have happened on its own Why Trust, public safety, human life How Education, outreach, research Who Infosec research community Who Global, grass roots initiative WhatLong-term vision for cyber safety Medical Automotive Connected Home Public Infrastructure I Am The Cavalry
  • 26. Connections and Ongoing Collaborations 5-Star Framework 5-Star Capabilities  Safety by Design – Anticipate failure and plan mitigation  Third-Party Collaboration – Engage willing allies  Evidence Capture – Observe and learn from failure  Security Updates – Respond quickly to issues discovered  Segmentation & Isolation – Prevent cascading failure Addressing Automotive Cyber Systems Automotive Engineers Security Researchers Policy Makers Insurance Analysts Accident Investigators Standards Organizations https://www.iamthecavalry.org/auto/5star/
  • 27. www.iamthecavalry.org @iamthecavalry 5-Star Cyber Safety Formal Capacities 1. Safety By Design 2. Third Party Collaboration 3. Evidence Capture 4. Security Updates 5. Segmentation and Isolation Plain Speak 1. Avoid Failure 2. Engage Allies To Avoid Failure 3. Learn From Failure 4. Respond to Failure 5. Isolate Failure
  • 28. 5 STARS 5 star ICS 5 star IoT 5 star medical devices
  • 29. www.iamthecavalry.org @iamthecavalry And! • Dräger on board with I am the Cavalry as first medical device producer working directly in sync with us • Their Product Security Manager is even directly involved now
  • 30. AND MORE IN OTHER AREAS COMING We try to connect researchers to 1. Lawmakers to inform of meaningful changes to laws to enforce secure by default 2. Vendors/producers to inform of secure ways to build securely by design and of identified vulnerabilities 3. Purchasers of devices (example: Pacemakers, car distributors) to explain to them why they need to contractually demand security – if there is demand vendors will supply
  • 31. AND YES I DID SAY LAWMAKERS It is WEIRD for you to have to listen to. I agree, but
  • 32. WHAT YOU CAN DO Chapter 5
  • 33. CONNECTIONS/CONNECTORS WANTED Breakers and Builders Legal and Policy Citizens, Connectors Parents/Guardians Community Leaders/Bloggers/Podcasters/etc.
  • 34. MOUNT UP AND BE THE CAVALRY YOU DON’T ACTUALY NEED A HORSE
  • 36. -> OWASK SKF -> OWASP SECURITY SHEPHERD -> OWASP ZAP Recommendations: Use SDLC