Upcoming SlideShare
-
Full NameComment goes here.Delete Reply Block
-
ambrerDOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................Reply
It's the people, stupid.
- 1. It’s the people, stupid. @jschauma Jan Schaumann
- 2. @jschauma Velocity NY 2016
- 3. @jschauma Velocity NY 2016
- 4. @jschauma Velocity NY 2016
- 5. @jschauma Velocity NY 2016
- 6. @jschauma Velocity NY 2016
- 7. @jschauma Velocity NY 2016
- 8. ServerUserless Systems @jschauma Velocity NY 2016
- 9. Useless Systems @jschauma Velocity NY 2016
- 10. @jschauma Velocity NY 2016
- 11. Change vs. more of the same. The people, stupid. Don’t forget malware. @jschauma Velocity NY 2016
- 12. Developers @jschauma • That can’t happen. • That doesn’t happen on my machine. • That shouldn’t happen. • Why does that happen? • Oh, I see. • How did that ever work?
- 13. Developers SRE @jschauma • That never worked. • Must be the network.
- 14. Developers SysAdmins @jschauma • It’s not the network. • Probably a bug in the OS. • Oh, ok. DNS. • Don’t monkey around with /etc/hosts. SRE
- 15. Developers SysAdmins BOFH @jschauma • An African or European swallow? • You don’t know what you’re doing. SRE
- 16. Developers SysAdmins BOFH Infosec @jschauma • That’s not how you do this. • Nobody knows what they’re doing. SRE
- 17. Developers SysAdmins BOFH Infosec New Yorkers @jschauma • What? I don’t care, keep walking. Don’t talk to me. • Seriously, don’t stop in the middle of the street. I will cut you. SRE
- 18. Developers SysAdmins BOFH Infosec New Yorkers New York Infosec SysAdmin @jschauma SRE
- 19. @jschauma Velocity NY 2016
- 20. @jschauma Velocity NY 2016
- 21. @jschauma Velocity NY 2016
- 22. @jschauma Velocity NY 2016
- 23. @jschauma
- 24. @jschauma Velocity NY 2016
- 25. @jschauma
- 26. @jschauma Velocity NY 2016
- 27. @jschauma Velocity NY 2016
- 28. @jschauma
- 29. @jschauma Velocity NY 2016
- 30. @jschauma Velocity NY 2016
- 31. @jschauma Velocity NY 2016 How not to be seen
- 32. @jschauma Changing other people’s habits is a wicked problem. Velocity NY 2016
- 33. @jschauma Prod Corp Long-‐lived SSH ConnecCons Velocity NY 2016
- 34. @jschauma Firewall / ACLs / idled(8) … Velocity NY 2016
- 35. @jschauma Reverse SSH tunnel Privkeys on prod cron(8) iniCated callbacks … Velocity NY 2016
- 36. @jschauma Velocity NY 2016
- 37. @jschauma Velocity NY 2016
- 38. @jschauma hLps://is.gd/80zCWX Velocity NY 2016
- 39. @jschauma Why we take our shoes off at the airport. Velocity NY 2016
- 40. @jschauma NSA-‐proofing TLS cipher spec LiSle Bobby Tables Secrets on GitHub XSS #Infosec: Silicon Valley’s TSA Velocity NY 2016
- 41. Security is not a value. @jschauma Velocity NY 2016
- 42. Nobody cares about security. @jschauma Velocity NY 2016
- 43. Nobody cares about security. That is neither incompetence nor malice, it’s pragmaSsm. @jschauma Velocity NY 2016
- 44. @jschauma People driven defense EffecCve defense “sophisCcated” “military grade encrypCon” “NSA-‐proof” “even more cyber” “cyber” Vendor Crap “Security Appliances”
- 45. @jschauma Velocity NY 2016
- 46. @jschauma Ceci n’est pas un hacker. Velocity NY 2016
- 47. @jschauma Velocity NY 2016
- 48. @jschauma Velocity NY 2016
- 49. @jschauma Velocity NY 2016
- 50. @jschauma Velocity NY 2016
- 51. @jschauma Velocity NY 2016
- 52. @jschauma Velocity NY 2016
- 53. Safety, not (just) security. @jschauma Velocity NY 2016
- 54. A system is secure if it protects the user when used correctly. A system is safe if it protects the user even when used incorrectly. @jschauma Velocity NY 2016
- 55. @jschauma Velocity NY 2016
- 56. @jschauma If your reacSon is “well, not like that”, you have a poka-‐yoke problem. Fix that. Velocity NY 2016
- 57. @jschauma The most convenient / intuiSve way to use your applicaSon must be the safest way to use your applicaSon. Velocity NY 2016
- 58. @jschauma Users will not change default sengs. Velocity NY 2016
- 59. @jschauma Users will not change default sengs. (Unless a less secure opSon is available.) Velocity NY 2016
- 60. @jschauma Failure must not lead the user to change their default sengs. Velocity NY 2016
- 61. @jschauma Failure must not lead the user to change their default sengs. Safety overrides must be temporary. Velocity NY 2016
- 62. @jschauma Your applicaSons, services, standards, etc., must age gracefully. Velocity NY 2016
- 63. Poka-‐yoke so^ware & systems • safe defaults • safe failure mode • automated, regular, unaLended updates • puts usability ahead of ‘security’ • encourages desired behavior • builds / strengthens safe habits • follows the users’ desire path Velocity NY 2016
- 64. @jschauma Velocity NY 2016
- 65. @jschauma Velocity NY 2016
- 66. Change vs. more of the same • avoid the downward spiral of cynicism • your users, developers, engineers, … are not stupid; they’re trying to get their job done • focus on realisSc threats, not high-‐profile security theater • understand that your aLackers are moSvated, dedicated, human adversaries The people, stupid. • security is not an end-‐goal • build safe applicaSons & services • understand your users’ desire paths • Poka-‐yoke Go! @jschauma Velocity NY 2016
- 67. “Fundamentally, the problem isn’t about security. It’s about people.” @jschauma -‐ Bill Clinton (not quite) Thanks!
- 68. Image ALribuSons • Monty Python, Paul Townsend hLps://flic.kr/p/nVFKH5 • Serverless, PolarFlex Rack Blanking hLp://polargy.com/air-‐flow-‐accessories/42u-‐blanking-‐ panels.php • Downward spiral, Davo Sime hLps://thenounproject.com/term/downward-‐spiral/ 589704/ hLps://creaSvecommons.org/licenses/by/3.0/us/ • Mouse, MarSn Driver, hLp://wallpapersafari.com/w/UzqRxW • Silly Walk Street Sign, Kayla Reed, hLp://www.avclub.com/arScle/crosswalk-‐norway-‐makes-‐ ciSzens-‐do-‐monty-‐python-‐si-‐203164 @jschauma