"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Ron Martin - Human Shields for your Network
1. Human Shields for the Network
Making users part of the solution
Ron Martin, CISSP
2. whoami
• Ron Martin
– Christian, Husband, Father
– BS in CS
– MS in CIS
– CISSP, GCIA, GCIH, etc.
– ICE, inc.
• US Army Contractor
• Teach CISSP, Security+, IA Immersion
– Adjunct GRU
3. Motivation
• My passion is teaching
• IA Lexicon
– Password
– Awareness
• Extrusion Detection
– Richard Bejtlich
– ISBN 978-0321349965
4. Agenda
• What are we trying to accomplish?
• First point of attack
• Current state of the user
• Current state of training
• Solutions
5. What are we trying to accomplish?
Simple
A more secure network
6. First Point of Attack
• First point of attack = first point of defense
• Applications vs. Users as target
• Should we depend on Technology or Users for defense?
• Technology
– AV
– Firewall
– IDS
– Etc.
• Users
– Training
– Common Sense
7. Current State of the User
• Confused
– Lack of policy awareness
– Lack of policy existence
• Frustrated
– Threatened
– Unsure
• Scared
– Consequences for non-compliance are extremely negative
• Irritated
– Help Desk attitude
• Arrogant
• Condescending
• Lack of concern
– Help Desk typically is typically the First Responder
8. Current State of Training
• Leads to the current state of the user
• Ineffective
– Focuses on the Organization over the individual
– Too technical
– Too detailed
– Little user stake
9. Solutions
• Orient training to the individual
– Focus loss on individual work not just damage to
the organization
– BYOD could provide a huge opportunity here
• Train Helpdesk and support personnel
– Don’t let them be “Nick Burns”
• Clear well defined policies
– stress benefits of compliance rather than adverse
consequences
10. Conclusion
• We already have Human Shields – they’re
called users
• Leverage their familiarity of their own systems
• Let them be a part of the solution
• This will help us create a more secure network