SlideShare a Scribd company logo

Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)

Download as PPTX, PDF
C
centralohioissa

Securing an enterprise is never easy, especially if the organizations culture and orthodoxy does not accept change easily. Covering lessons learned from the perspective of an information security practitioner who has spent her career building security programs, we will look at the lessons learned on challenges and opportunities associated with implementing an information security program, addressing technical, security and business risks.

Technology
1 of 19
Don’t Try This at Home!!! RECURRING THEMES FROM TRYING TO SECURING AN ORGANIZATION
Jessica Hebenstreit CISSP | CRISC | GCIH | GNFA @secitup |Jessica@Dehnert.us | www.linkedin.com/in/jessicahebenstreit
A Little About Me  16 years in security  Multiple verticals  Lover of memes What more do you need to know? I Love Memes More Than Kanye Loves Kanye
Topics  But First! WHY?  Recurring Themes  TIL: Today I Learned  And now….a fun video!  Q & A
But First! Why?  Those who don’t learn from history are doomed to repeat it  Common themes in shared war stories  Common themes across verticals
Recurring Themes  The Right / Wrong game  Secure at All Costs  Tools “Save us Tool-wan Kenobi”  Policy Won’t Save You Either  Eating Our Young  Skipping The Basics
The Right / Wrong game  The “wrong” game to play  It’s like arguing on the Internet  Not about winning or being right  Know when to back down  Remember it’s about informing about risk and options  You don’t have to like it (It’s not a Facebook post)
Secure at All Costs  Old School Security Mentality  Relates to Right/Wrong game  It goes back to Risk and business tolerance
Save Us Tool-wan Kenobi  You must PAY ATTENTION to the tools  It’s called logging AND MONITORING  You must invest in your people  Continuously  You must have proper procedures in place  You must have policies to back you up
Policy Won’t Save You Either  Must be enforceable  Must be enforced  Must have teeth  Must be supported by and from Leadership  A “policy” that does not meet the above is not a policy
Eating Our Young  It’s getting better, buuuuuuut…  We should be encouraging and welcoming  Critical shortage of info sec professionals  Women…
Skipping the Basics  Innovation and pushing the envelope is great but…  It doesn’t matter if you don’t have basics* in place  Software and Hardware Inventory  Secure Configurations (Hardening standards and guidelines)  Vulnerability Management process  Controlled use of Administrative Access * The first 5 SANS Critical Controls
This and That  Assuming compliance is enough  Losing sight of the big picture  Proper Risk Classification  Not everything is highest risk or most critical  Properly remediating systems  Just reimage it already  More on this in a moment
TIL: Today I Learned  It’s not about being right or wrong  Do the right thing for the business  Balance Risk and Security  Tools won’t save you but neither will policy  Start with the basics and go from there  Support and grow fledgling security professionals
And now… TIME FOR A FUN VIDEO
REMOVED DUE TO SIZE – CONTACT JESSICA IF YOU ARE INTERESTED IN SEEING IT
One Last Thing…  Equal Respect Initiative  Executive Women’s Forum
THANK YOU!
QUESTIONS?

Recommended

Orientation and alignment in a vuca world
Orientation and alignment in a vuca worldOrientation and alignment in a vuca world
Orientation and alignment in a vuca worldBernhard Sterchi
 
Arcadia alive operational decision making may 2014 video
Arcadia alive operational decision making may 2014 videoArcadia alive operational decision making may 2014 video
Arcadia alive operational decision making may 2014 videoArcadiaAlive
 
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818People Risks, Compliance Motivation and Culture Part 2 Ve 20090818
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818Keryl Egan
 
L1 1.1 10 things you need to know before doing your own qualitative research
L1 1.1 10 things you need to know before doing your own qualitative researchL1 1.1 10 things you need to know before doing your own qualitative research
L1 1.1 10 things you need to know before doing your own qualitative researchJoanna Chrzanowska
 
How Teams Work Recognizing Resistance to Team Work
How Teams Work Recognizing Resistance to Team WorkHow Teams Work Recognizing Resistance to Team Work
How Teams Work Recognizing Resistance to Team WorkMike Cardus
 
Patrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerPatrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerBay Area Consultants Network
 
Patrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerPatrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerBay Area Consultants Network
 
7 Ways to Positively Influence Others
7 Ways to Positively Influence Others7 Ways to Positively Influence Others
7 Ways to Positively Influence OthersHilary Potts
 

Recommended

Orientation and alignment in a vuca world
Orientation and alignment in a vuca worldOrientation and alignment in a vuca world
Orientation and alignment in a vuca worldBernhard Sterchi
 
Arcadia alive operational decision making may 2014 video
Arcadia alive operational decision making may 2014 videoArcadia alive operational decision making may 2014 video
Arcadia alive operational decision making may 2014 videoArcadiaAlive
 
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818People Risks, Compliance Motivation and Culture Part 2 Ve 20090818
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818Keryl Egan
 
L1 1.1 10 things you need to know before doing your own qualitative research
L1 1.1 10 things you need to know before doing your own qualitative researchL1 1.1 10 things you need to know before doing your own qualitative research
L1 1.1 10 things you need to know before doing your own qualitative researchJoanna Chrzanowska
 
How Teams Work Recognizing Resistance to Team Work
How Teams Work Recognizing Resistance to Team WorkHow Teams Work Recognizing Resistance to Team Work
How Teams Work Recognizing Resistance to Team WorkMike Cardus
 
Patrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerPatrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerBay Area Consultants Network
 
Patrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerPatrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerBay Area Consultants Network
 
7 Ways to Positively Influence Others
7 Ways to Positively Influence Others7 Ways to Positively Influence Others
7 Ways to Positively Influence OthersHilary Potts
 
CTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionCTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionBrittanyShear
 
Influencer
InfluencerInfluencer
InfluencerErik Smakman
 
Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Sebabatso Mtimkulu
 
Psychological safety how to become a team that learns
Psychological safety how to become a team that learnsPsychological safety how to become a team that learns
Psychological safety how to become a team that learnsGeorg Sorst
 
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Lois Kelly
 
Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conference Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conferenceLois Kelly
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
The Change Challenge
The Change Challenge The Change Challenge
The Change Challenge Lois Kelly
 
Learnings from startups
Learnings from startupsLearnings from startups
Learnings from startupsTopi Järvinen
 
Influence without authority - ITMPI
Influence without authority - ITMPIInfluence without authority - ITMPI
Influence without authority - ITMPIMichael Nir Business Agility Speaker and Coach
 
Identifying and addressing risks in business nbi 2013
Identifying and addressing risks in business nbi 2013Identifying and addressing risks in business nbi 2013
Identifying and addressing risks in business nbi 2013ThiyagaRajan Maruthavanan (Rajan)
 
Personal accountability
Personal accountability Personal accountability
Personal accountability Alaa 3esmat.Cairo Sy essmat
 
Is My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsIs My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsContrary Domino ®, Inc.
 
When left brain is not enough
When left brain is not enoughWhen left brain is not enough
When left brain is not enoughSaxbee Consultants
 
So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...CharityComms
 
LI Shorts 1
LI Shorts 1LI Shorts 1
LI Shorts 1Geoff Crane
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspectivecanadianlawyer
 
How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...CharityComms
 
Inner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyInner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyGuy Martin
 
Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamicsMOMOBACHIR
 
Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamicsFlora Runyenje
 
The bully buster
The bully busterThe bully buster
The bully busterFlora Runyenje
 

More Related Content

What's hot

CTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionCTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionBrittanyShear
 
Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Sebabatso Mtimkulu
 
Psychological safety how to become a team that learns
Psychological safety how to become a team that learnsPsychological safety how to become a team that learns
Psychological safety how to become a team that learnsGeorg Sorst
 
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Lois Kelly
 
Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conference Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conferenceLois Kelly
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
The Change Challenge
The Change Challenge The Change Challenge
The Change Challenge Lois Kelly
 
Learnings from startups
Learnings from startupsLearnings from startups
Learnings from startupsTopi Järvinen
 
Is My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsIs My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsContrary Domino ®, Inc.
 
So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...CharityComms
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspectivecanadianlawyer
 
How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...CharityComms
 
Inner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyInner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyGuy Martin
 

What's hot (19)

CTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionCTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of Persuasion
 
Influencer
InfluencerInfluencer
Influencer
 
Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...
 
Psychological safety how to become a team that learns
Psychological safety how to become a team that learnsPsychological safety how to become a team that learns
Psychological safety how to become a team that learns
 
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
 
Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conference Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conference
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
The Change Challenge
The Change Challenge The Change Challenge
The Change Challenge
 
Learnings from startups
Learnings from startupsLearnings from startups
Learnings from startups
 
Influence without authority - ITMPI
Influence without authority - ITMPIInfluence without authority - ITMPI
Influence without authority - ITMPI
 
Identifying and addressing risks in business nbi 2013
Identifying and addressing risks in business nbi 2013Identifying and addressing risks in business nbi 2013
Identifying and addressing risks in business nbi 2013
 
Personal accountability
Personal accountability Personal accountability
Personal accountability
 
Is My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsIs My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales Questions
 
When left brain is not enough
When left brain is not enoughWhen left brain is not enough
When left brain is not enough
 
So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...
 
LI Shorts 1
LI Shorts 1LI Shorts 1
LI Shorts 1
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspective
 
How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...
 
Inner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyInner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological Safety
 

Similar to Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)

Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamicsMOMOBACHIR
 
Research and Initial Ideas
Research and Initial Ideas Research and Initial Ideas
Research and Initial Ideas Toni Gibson
 
1. research + initial ideas unit 9
1. research + initial ideas unit 91. research + initial ideas unit 9
1. research + initial ideas unit 9Toni Gibson
 
Presentation on understanding and preventing bullying by stephen carrick davi...
Presentation on understanding and preventing bullying by stephen carrick davi...Presentation on understanding and preventing bullying by stephen carrick davi...
Presentation on understanding and preventing bullying by stephen carrick davi...Stephen Carrick-Davies
 
SafetyCoach_Five Critical Mistakes Safety Professionals Make
SafetyCoach_Five Critical Mistakes Safety Professionals MakeSafetyCoach_Five Critical Mistakes Safety Professionals Make
SafetyCoach_Five Critical Mistakes Safety Professionals MakeIan Collins
 
Signs of Safety Supervision Reflective Practice Tool
Signs of Safety Supervision Reflective Practice ToolSigns of Safety Supervision Reflective Practice Tool
Signs of Safety Supervision Reflective Practice ToolAlex Clapson
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso saysBarry Caplin
 
Can asking the right questions be the answer
Can asking the right questions be the answerCan asking the right questions be the answer
Can asking the right questions be the answerBryan Daly
 
Gateway Data to-Insights
Gateway Data to-InsightsGateway Data to-Insights
Gateway Data to-InsightsKelli Matthews
 
Steve Vitto Challeng of the Children Breaking Down the Walls
Steve Vitto Challeng of the Children Breaking Down the WallsSteve Vitto Challeng of the Children Breaking Down the Walls
Steve Vitto Challeng of the Children Breaking Down the WallsSteve Vitto
 
The 7 deadly sins freds
The 7 deadly sins fredsThe 7 deadly sins freds
The 7 deadly sins fredsmikesteinle
 
What to know when working with children in your research, university of guelph
What to know when working with children in your research, university of guelphWhat to know when working with children in your research, university of guelph
What to know when working with children in your research, university of guelphManuel García
 
Positve parenting the case against spanking
Positve parenting the case against spankingPositve parenting the case against spanking
Positve parenting the case against spankingSteve Vitto
 
Safety Compass Asse Region 3
Safety Compass Asse Region 3Safety Compass Asse Region 3
Safety Compass Asse Region 3The RAD Group
 
Chapter One 10 Ways To Fail
Chapter One 10 Ways To FailChapter One 10 Ways To Fail
Chapter One 10 Ways To Faildayawanti
 
The Changing Workforce: Managing People Who Aren't Like You
The Changing Workforce: Managing People Who Aren't Like YouThe Changing Workforce: Managing People Who Aren't Like You
The Changing Workforce: Managing People Who Aren't Like Youmemberdevmanager
 
Life and Success- Missing Links - Dr Vijay Sardana
Life and Success- Missing Links - Dr Vijay SardanaLife and Success- Missing Links - Dr Vijay Sardana
Life and Success- Missing Links - Dr Vijay SardanaVijay Sardana
 

Similar to Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization) (20)

Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamics
 
Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamics
 
The bully buster
The bully busterThe bully buster
The bully buster
 
Research and Initial Ideas
Research and Initial Ideas Research and Initial Ideas
Research and Initial Ideas
 
1. research + initial ideas unit 9
1. research + initial ideas unit 91. research + initial ideas unit 9
1. research + initial ideas unit 9
 
Presentation on understanding and preventing bullying by stephen carrick davi...
Presentation on understanding and preventing bullying by stephen carrick davi...Presentation on understanding and preventing bullying by stephen carrick davi...
Presentation on understanding and preventing bullying by stephen carrick davi...
 
SafetyCoach_Five Critical Mistakes Safety Professionals Make
SafetyCoach_Five Critical Mistakes Safety Professionals MakeSafetyCoach_Five Critical Mistakes Safety Professionals Make
SafetyCoach_Five Critical Mistakes Safety Professionals Make
 
Signs of Safety Supervision Reflective Practice Tool
Signs of Safety Supervision Reflective Practice ToolSigns of Safety Supervision Reflective Practice Tool
Signs of Safety Supervision Reflective Practice Tool
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso says
 
Can asking the right questions be the answer
Can asking the right questions be the answerCan asking the right questions be the answer
Can asking the right questions be the answer
 
Gateway Data to-Insights
Gateway Data to-InsightsGateway Data to-Insights
Gateway Data to-Insights
 
Steve Vitto Challeng of the Children Breaking Down the Walls
Steve Vitto Challeng of the Children Breaking Down the WallsSteve Vitto Challeng of the Children Breaking Down the Walls
Steve Vitto Challeng of the Children Breaking Down the Walls
 
The 7 deadly sins freds
The 7 deadly sins fredsThe 7 deadly sins freds
The 7 deadly sins freds
 
What to know when working with children in your research, university of guelph
What to know when working with children in your research, university of guelphWhat to know when working with children in your research, university of guelph
What to know when working with children in your research, university of guelph
 
Positve parenting the case against spanking
Positve parenting the case against spankingPositve parenting the case against spanking
Positve parenting the case against spanking
 
Kids
KidsKids
Kids
 
Safety Compass Asse Region 3
Safety Compass Asse Region 3Safety Compass Asse Region 3
Safety Compass Asse Region 3
 
Chapter One 10 Ways To Fail
Chapter One 10 Ways To FailChapter One 10 Ways To Fail
Chapter One 10 Ways To Fail
 
The Changing Workforce: Managing People Who Aren't Like You
The Changing Workforce: Managing People Who Aren't Like YouThe Changing Workforce: Managing People Who Aren't Like You
The Changing Workforce: Managing People Who Aren't Like You
 
Life and Success- Missing Links - Dr Vijay Sardana
Life and Success- Missing Links - Dr Vijay SardanaLife and Success- Missing Links - Dr Vijay Sardana
Life and Success- Missing Links - Dr Vijay Sardana
 

More from centralohioissa

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospitalcentralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...centralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 

More from centralohioissa (20)

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospital
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)

  • 1. Don’t Try This at Home!!! RECURRING THEMES FROM TRYING TO SECURING AN ORGANIZATION
  • 2. Jessica Hebenstreit CISSP | CRISC | GCIH | GNFA @secitup |Jessica@Dehnert.us | www.linkedin.com/in/jessicahebenstreit
  • 3. A Little About Me  16 years in security  Multiple verticals  Lover of memes What more do you need to know? I Love Memes More Than Kanye Loves Kanye
  • 4. Topics  But First! WHY?  Recurring Themes  TIL: Today I Learned  And now….a fun video!  Q & A
  • 5. But First! Why?  Those who don’t learn from history are doomed to repeat it  Common themes in shared war stories  Common themes across verticals
  • 6. Recurring Themes  The Right / Wrong game  Secure at All Costs  Tools “Save us Tool-wan Kenobi”  Policy Won’t Save You Either  Eating Our Young  Skipping The Basics
  • 7. The Right / Wrong game  The “wrong” game to play  It’s like arguing on the Internet  Not about winning or being right  Know when to back down  Remember it’s about informing about risk and options  You don’t have to like it (It’s not a Facebook post)
  • 8. Secure at All Costs  Old School Security Mentality  Relates to Right/Wrong game  It goes back to Risk and business tolerance
  • 9. Save Us Tool-wan Kenobi  You must PAY ATTENTION to the tools  It’s called logging AND MONITORING  You must invest in your people  Continuously  You must have proper procedures in place  You must have policies to back you up
  • 10. Policy Won’t Save You Either  Must be enforceable  Must be enforced  Must have teeth  Must be supported by and from Leadership  A “policy” that does not meet the above is not a policy
  • 11. Eating Our Young  It’s getting better, buuuuuuut…  We should be encouraging and welcoming  Critical shortage of info sec professionals  Women…
  • 12. Skipping the Basics  Innovation and pushing the envelope is great but…  It doesn’t matter if you don’t have basics* in place  Software and Hardware Inventory  Secure Configurations (Hardening standards and guidelines)  Vulnerability Management process  Controlled use of Administrative Access * The first 5 SANS Critical Controls
  • 13. This and That  Assuming compliance is enough  Losing sight of the big picture  Proper Risk Classification  Not everything is highest risk or most critical  Properly remediating systems  Just reimage it already  More on this in a moment
  • 14. TIL: Today I Learned  It’s not about being right or wrong  Do the right thing for the business  Balance Risk and Security  Tools won’t save you but neither will policy  Start with the basics and go from there  Support and grow fledgling security professionals
  • 15. And now… TIME FOR A FUN VIDEO
  • 16. REMOVED DUE TO SIZE – CONTACT JESSICA IF YOU ARE INTERESTED IN SEEING IT
  • 17. One Last Thing…  Equal Respect Initiative  Executive Women’s Forum

Editor's Notes

  1. It’s about informing the appropriate business leaders to the risks and the options. Rely on the DREAMR framework letters E and A to reinforce. Our jobs are to explain risk, offer options and opinions and ultimately execute the business decision (even if we don’t agree or like it)
  2. It doesn’t work Negatively impacts the business Controls will be circumvented
  3. 1st – apologize for crossing the meme theme streams