SlideShare a Scribd company logo

The Seven Axioms Of Security

Saumil Shah
Saumil Shah

This document summarizes Saumil Shah's presentation at Black Hat Asia 2017 where he outlines his seven axioms of security: 1) Defense does not mean risk reduction, 2) Intelligence begins by collecting everything, 3) Systems exist in both secure and hacked states simultaneously, 4) What can't be measured can't be used, 5) Users are one size fits none, 6) The best defense is a creative defense, and 7) Make defense visible and make defense count. The presentation traces the evolution of attacks and defenses from 2001 to 2017 and argues that existing reactive security approaches are insufficient and a new proactive, intelligence-driven approach is needed.

Software
1 of 64
BLACKHAT ASIA 2017NETSQUARE The Seven Axioms of Security SAUMIL SHAH CEO, NET SQUARE @therealsaumil BLACKHAT ASIA – SINGAPORE 2017NETSQUARE
BLACKHAT ASIA 2017NETSQUARE WARNING! Disruptive Thoughts Ahead
BLACKHAT ASIA 2017NETSQUARE WARNING! Block Diagrams Ahead
BLACKHAT ASIA 2017NETSQUARE About Me Saumil Shah CEO, Net Square @therealsaumil hacker, trainer, speaker, photographer, rebel educating, entertaining and exasperating audiences since 1999 Photo: BLACKHAT ASIA 2001 NETSQUARE
BLACKHAT ASIA 2017NETSQUARE The Evolution of Attacks: 2001-17
BLACKHAT ASIA 2017NETSQUARE Servers Applications Desktops Browsers Pockets Populations The Evolution of Targets: 2001-17
BLACKHAT ASIA 2017NETSQUARE ...Defense: 2001-17 Firewalls IDS/IPS Antivirus WAF DLP, EPS DEP, ASLR Sandbox One-way Attacks FragRouter Obfuscation Char Encoding DNS Exfil ROP, Infoleak Jailbreak Different.... but Same Same
BLACKHAT ASIA 2017NETSQUARE Example: ROWHAMMER By Dsimic https://commons.wikimedia.org/w/index.php?curid=38868341
BLACKHAT ASIA 2017NETSQUARE IMAJS STEGO- DECODER JAVASCRIPT TARGET BROWSER POLYGLOT PIXEL ENCODER EXPLOIT CODE IMAGE ENCODED IMAGE Example: STEGOSPLOIT http://stegosploit.info
BLACKHAT ASIA 2017NETSQUARE There will be Vulnerabilities
BLACKHAT ASIA 2017NETSQUARE wherein buildings reveal near- infinite interiors, capable of being traversed through all manner of non-architectural means http://www.bldgblog.com/2010/01/nakatomi-space/ Nakatomi Space
BLACKHAT ASIA 2017NETSQUARE Attacks succeed because the defense is REACTIVE...
BLACKHAT ASIA 2017NETSQUARE Exploit Development - 2002 Individual effort. 1 week dev time. 3-6 months shelf life. Hundreds of public domain exploits. "We did it for the LOLs."
BLACKHAT ASIA 2017NETSQUARE The evolution of a new species Credit @halvarflake
BLACKHAT ASIA 2017NETSQUARE The MitiGator raises the bar... ...until it sees no more exploits Credit @halvarflake
BLACKHAT ASIA 2017NETSQUARE Exploit Development - 2012 2-12 month dev time. 24h to 10d shelf life. Public domain exploits = zero. Cost,value of exploits has significantly risen. •  COMMERCIALIZED •  WEAPONIZED •  POLITICIZED
BLACKHAT ASIA 2017NETSQUARE The defenders tried to buy back their bugs...
BLACKHAT ASIA 2017NETSQUARE Bug Bounties: high stakes game Chris Evans – Pwnium: Element 1337
BLACKHAT ASIA 2017NETSQUARE Bug Bounties tried to fill a REACTIVE need.
BLACKHAT ASIA 2017NETSQUARE Bug Bounties Backfiring?
BLACKHAT ASIA 2017NETSQUARE
BLACKHAT ASIA 2017NETSQUARE More Reactive Security
BLACKHAT ASIA 2017NETSQUARE Compliance != Security
BLACKHAT ASIA 2017NETSQUARE
BLACKHAT ASIA 2017NETSQUARE Security = "RISK REDUCTION" Rules Signatures Updates Machine Learning
BLACKHAT ASIA 2017NETSQUARE
BLACKHAT ASIA 2017NETSQUARE Existing defense measures do not match attacker tactics.
BLACKHAT ASIA 2017NETSQUARE Attackers don't follow standards and certifications.
BLACKHAT ASIA 2017NETSQUARE The CISO: 2001-2017
BLACKHAT ASIA 2017NETSQUARE In 2001... CIO CIO INFOTECH = BUSINESS ENABLER CISO INFOSEC = RISK REDUCER $$$ C.Y.A.
BLACKHAT ASIA 2017NETSQUARE Who is Scarier? The Attacker or The Auditor
BLACKHAT ASIA 2017NETSQUARE It is time we ...not by building firewalls...
BLACKHAT ASIA 2017NETSQUARE @therealsaumil's SEVEN AXIOMS of Security
BLACKHAT ASIA 2017NETSQUARE Intelligence Driven Defense From REACTIVE to PROACTIVE
BLACKHAT ASIA 2017NETSQUARE Defense doesn't mean Risk Reduction Seven Axioms of Security: 1
BLACKHAT ASIA 2017NETSQUARE The CISO's job is DEFENSE Seven Axioms of Security: 1
BLACKHAT ASIA 2017NETSQUARE Compliance is NOT the CISO's job "Not my circus, Not my monkeys" 90% TIME SUCK! http://rafeeqrehman.com/2016/10/07/announcing-ciso-mindmap-2016/
BLACKHAT ASIA 2017NETSQUARE In 2017... CISO CISO INFOSEC = DEFENSE CCO CHIEF COMPLIANCE OFFICER "COST OF DOING BUSINESS"
BLACKHAT ASIA 2017NETSQUARE Intelligence begins by COLLECTING EVERYTHING! Seven Axioms of Security: 2
BLACKHAT ASIA 2017NETSQUARE Collect Everything! •  Security Data Warehouse: first step towards proactive security. •  Retention is CHEAPER than Deletion. •  Importance of HISTORICAL DATA increases exponentially with time.
BLACKHAT ASIA 2017NETSQUARE Sources of Security Intelligence?
BLACKHAT ASIA 2017NETSQUARE "The Universe tells you everything you need to know about it, as long as you are prepared to watch, to listen, to smell, in short to OBSERVE." Sources of Security Intelligence
BLACKHAT ASIA 2017NETSQUARE Get CREATIVE, Get ORGANIC ORGANIC SECURITY = Grow It Yourself!
BLACKHAT ASIA 2017NETSQUARE Schrödinger's Hack: Systems exist in both SECURE and HACKED states at the same time. Seven Axioms of Security: 3
BLACKHAT ASIA 2017NETSQUARE TEST REALISTICALLY Seven Axioms of Security: 3
BLACKHAT ASIA 2017NETSQUARE "My System Is SECURE" •  Wait for a new production build. •  Don't test on production only UAT. •  Perform Non-intrusive testing. •  X,Y,Z,.. are all out of Scope. •  Test during off-peak hours only.
BLACKHAT ASIA 2017NETSQUARE Can't MEASURE? Can't Use. Seven Axioms of Security: 4
BLACKHAT ASIA 2017NETSQUARE Why Keep Metrics? •  To show you are succeeding –  Corollary: to show you are failing •  To justify your existence and/or budget •  To argue for change •  For fun! Marcus Ranum Security Metrics: The Quest For Meaning IT Defense 2016, Mainz
BLACKHAT ASIA 2017NETSQUARE How to Establish Metrics •  Look at your process and make a list of what is quantifiable •  Ask yourself what quantities you are interested in –  Once things are quantified they go up, or down – which is about the only convenient thing of metrics: they don't go sideways, too •  Which is a "good" direction: up or down? •  Do you know what constitutes a significant movement? •  Measure and iterate Marcus Ranum Security Metrics: The Quest For Meaning IT Defense 2016, Mainz
BLACKHAT ASIA 2017NETSQUARE Why Metrics Win •  Often information security becomes what I call a "battle of two narratives" –  Your opponent has the advantage of lying: –  "moving this to the cloud will save us $500,000/year!" –  To defend your narrative you need facts (from metrics) and credible extrapolations (based on metrics) or your opponent controls the narrative! * * Plan B is to respond with lies of your own Marcus Ranum Security Metrics: The Quest For Meaning IT Defense 2016, Mainz
BLACKHAT ASIA 2017NETSQUARE Users: One Size Fits NONE! Seven Axioms of Security: 5
BLACKHAT ASIA 2017NETSQUARE The user's going to pick dancing pigs over security every time. Bruce Schneier
BLACKHAT ASIA 2017NETSQUARE Technology in the hands of users @needadebitcard
BLACKHAT ASIA 2017NETSQUARE
BLACKHAT ASIA 2017NETSQUARE numberofusers infosec maturity Hopeless Uninformed Proactive Rock Stars Identify your target users... Always going to be an enigma. If properly guided, these users are willing to improve their usage habits. The next Rock Star users. Leave them alone, and possibly learn from them.
BLACKHAT ASIA 2017NETSQUARE ...and improve their maturitynumberofusers infosec maturity Hopeless Uninformed Proactive Rock Stars
BLACKHAT ASIA 2017NETSQUARE The Best Defense is a CREATIVE Defense. Seven Axioms of Security: 6
BLACKHAT ASIA 2017NETSQUARE A Creative Defense is an UNEXPECTED Defense. Seven Axioms of Security: 6
BLACKHAT ASIA 2017NETSQUARE
BLACKHAT ASIA 2017NETSQUARE Make Defense VISIBLE, Make Defense COUNT. Seven Axioms of Security: 7
BLACKHAT ASIA 2017NETSQUARE Visible Defense •  Improve the User Maturity Curve. •  Reduce Blue Team's Response Time. •  Money Saved = Money Earned Consistent Reduction in Frauds. •  Produce Creative Defense Tools. •  Attract Smarter Talent in Infosec. •  Weekly fitness check...
BLACKHAT ASIA 2017NETSQUARE ASSET INVENTORY REAL-TIME VISIBILITY OF EVENTS DETECT UNAUTHORIZED ACTIVITY CLASSIFY UNAUTHORIZED ACTIVITY ATTACKER CAPABILITY DETECT INTRUSIONS UNCOVER ATTACKERS TRACK ATTACKERS DEFEND & RECOVER ...The CISO Strength Test https://github.com/swannman/ircapabilities
BLACKHAT ASIA 2017NETSQUARE Is your Infosec team doing something creative every day?
BLACKHAT ASIA 2017NETSQUARE @therealsaumil www.net-square.com #BHASIA 2017 Thank You, Drive Through NETSQUARE

Recommended

Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
Sounil Yu
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
EC-Council
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
n|u - The Open Security Community
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
manoharparakh
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
Margarete McGrath
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
Imperva
 

Recommended

Understanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor LandscapeUnderstanding the Cyber Security Vendor Landscape
Understanding the Cyber Security Vendor Landscape
Sounil Yu
 
Business Continuity & Disaster Recovery
Business Continuity & Disaster RecoveryBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery
EC-Council
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
Andrew Byers
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
n|u - The Open Security Community
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
manoharparakh
 
NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)NIST Risk Management Framework (RMF)
NIST Risk Management Framework (RMF)
James W. De Rienzo
 
Dell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbookDell Technologies Cyber Security playbook
Dell Technologies Cyber Security playbook
Margarete McGrath
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
Imperva
 
Enjeux et évolutions de la sécurité informatique - Présentation Centrale Nantes
Enjeux et évolutions de la sécurité informatique - Présentation Centrale NantesEnjeux et évolutions de la sécurité informatique - Présentation Centrale Nantes
Enjeux et évolutions de la sécurité informatique - Présentation Centrale Nantes
Maxime ALAY-EDDINE
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
Maxime CARPENTIER
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
Dam Frank
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Compliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRCompliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPR
SABSAcourses
 
Information Security Committee Presentation Sample
Information Security Committee Presentation SampleInformation Security Committee Presentation Sample
Information Security Committee Presentation Sample
oaes2006
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Ten Tenets of CISO Success
Ten Tenets of CISO SuccessTen Tenets of CISO Success
Ten Tenets of CISO Success
Frank Kim
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
Peter Wood
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
Tanmay Shinde
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
mfmurat
 
Club numica - Tableaux de bord DSI - ISlean consulting
Club numica - Tableaux de bord DSI - ISlean consultingClub numica - Tableaux de bord DSI - ISlean consulting
Club numica - Tableaux de bord DSI - ISlean consulting
ISlean consulting
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands
Secure Islands - Data Security Policy
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
Saumil Shah
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
Saumil Shah
 

More Related Content

What's hot

Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
mfmurat
 

What's hot (20)

Enjeux et évolutions de la sécurité informatique - Présentation Centrale Nantes
Enjeux et évolutions de la sécurité informatique - Présentation Centrale NantesEnjeux et évolutions de la sécurité informatique - Présentation Centrale Nantes
Enjeux et évolutions de la sécurité informatique - Présentation Centrale Nantes
 
Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...Operational security | How to design your information security GRC (governanc...
Operational security | How to design your information security GRC (governanc...
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Compliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRCompliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPR
 
Information Security Committee Presentation Sample
Information Security Committee Presentation SampleInformation Security Committee Presentation Sample
Information Security Committee Presentation Sample
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Ten Tenets of CISO Success
Ten Tenets of CISO SuccessTen Tenets of CISO Success
Ten Tenets of CISO Success
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
 
Club numica - Tableaux de bord DSI - ISlean consulting
Club numica - Tableaux de bord DSI - ISlean consultingClub numica - Tableaux de bord DSI - ISlean consulting
Club numica - Tableaux de bord DSI - ISlean consulting
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands18 Tips for Data Classification - Data Sheet by Secure Islands
18 Tips for Data Classification - Data Sheet by Secure Islands
 

Similar to The Seven Axioms Of Security

Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
Nevada County Tech Connection
 
CyberSecurity Futures: 2018 - 2025+ - Technology, Tools & Trends!
CyberSecurity Futures: 2018 - 2025+ - Technology, Tools & Trends!CyberSecurity Futures: 2018 - 2025+ - Technology, Tools & Trends!
CyberSecurity Futures: 2018 - 2025+ - Technology, Tools & Trends!
Dr David Probert
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
CrowdStrike
 
CyberSecurity Vision: 2017-2027 & Beyond!
CyberSecurity Vision: 2017-2027 & Beyond!CyberSecurity Vision: 2017-2027 & Beyond!
CyberSecurity Vision: 2017-2027 & Beyond!
Dr David Probert
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3
Stefan Streichsbier
 

Similar to The Seven Axioms Of Security (20)

The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
 
Hack.LU - The Infosec Crossroads
Hack.LU - The Infosec CrossroadsHack.LU - The Infosec Crossroads
Hack.LU - The Infosec Crossroads
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
CV | Michele Spagnuolo
CV | Michele SpagnuoloCV | Michele Spagnuolo
CV | Michele Spagnuolo
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacks
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
 
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
Forcepoint: Technická opatření pro ochranu osobních údajů (a citlivých dat) z...
 
The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016The Infosec Crossroads - 44CON 2016
The Infosec Crossroads - 44CON 2016
 
Cisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networkingCisco Connect 2018 Singapore - delivering intent for data center networking
Cisco Connect 2018 Singapore - delivering intent for data center networking
 
CyberSecurity Futures: 2018 - 2025+ - Technology, Tools & Trends!
CyberSecurity Futures: 2018 - 2025+ - Technology, Tools & Trends!CyberSecurity Futures: 2018 - 2025+ - Technology, Tools & Trends!
CyberSecurity Futures: 2018 - 2025+ - Technology, Tools & Trends!
 
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadkówPLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
PLNOG19 - Gaweł Mikołajczyk & Michał Garcarz - SOC, studium ciężkich przypadków
 
Short story about your information processing - cloud part
Short story about your information processing - cloud partShort story about your information processing - cloud part
Short story about your information processing - cloud part
 
Cloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint SecurityCloud-Enabled: The Future of Endpoint Security
Cloud-Enabled: The Future of Endpoint Security
 
CyberSecurity Vision: 2017-2027 & Beyond!
CyberSecurity Vision: 2017-2027 & Beyond!CyberSecurity Vision: 2017-2027 & Beyond!
CyberSecurity Vision: 2017-2027 & Beyond!
 
Cisco Cybersecurity #10YearChallenge
Cisco Cybersecurity #10YearChallengeCisco Cybersecurity #10YearChallenge
Cisco Cybersecurity #10YearChallenge
 
Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3Securing a great Developer Experience - v1.3
Securing a great Developer Experience - v1.3
 
Cisco Connect 2018 Philippines - security keynote
Cisco Connect 2018 Philippines - security keynoteCisco Connect 2018 Philippines - security keynote
Cisco Connect 2018 Philippines - security keynote
 

More from Saumil Shah

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
Saumil Shah
 

More from Saumil Shah (20)

The Hand That Strikes, Also Blocks
The Hand That Strikes, Also BlocksThe Hand That Strikes, Also Blocks
The Hand That Strikes, Also Blocks
 
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPSDebugging with EMUX - RIngzer0 BACK2WORKSHOPS
Debugging with EMUX - RIngzer0 BACK2WORKSHOPS
 
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation FrameworkUnveiling EMUX - ARM and MIPS IoT Emulation Framework
Unveiling EMUX - ARM and MIPS IoT Emulation Framework
 
Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332Announcing ARMX Docker - DC11332
Announcing ARMX Docker - DC11332
 
Precise Presentations
Precise PresentationsPrecise Presentations
Precise Presentations
 
Effective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual AudienceEffective Webinars: Presentation Skills for a Virtual Audience
Effective Webinars: Presentation Skills for a Virtual Audience
 
INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020INSIDE ARM-X Cansecwest 2020
INSIDE ARM-X Cansecwest 2020
 
Cyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade AheadCyberspace And Security - India's Decade Ahead
Cyberspace And Security - India's Decade Ahead
 
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In CyberspaceCybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
Cybersecurity And Sovereignty - A Look At Society's Transformation In Cyberspace
 
NSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade AheadNSConclave2020 The Decade Behind And The Decade Ahead
NSConclave2020 The Decade Behind And The Decade Ahead
 
Cybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade AheadCybersecurity In India - The Decade Ahead
Cybersecurity In India - The Decade Ahead
 
INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019INSIDE ARM-X - Countermeasure 2019
INSIDE ARM-X - Countermeasure 2019
 
Introducing ARM-X
Introducing ARM-XIntroducing ARM-X
Introducing ARM-X
 
The Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBDThe Road To Defendable Systems - Emirates NBD
The Road To Defendable Systems - Emirates NBD
 
The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019The CISO's Dilemma 44CON 2019
The CISO's Dilemma 44CON 2019
 
The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019The CISO's Dilemma HITBGSEC2019
The CISO's Dilemma HITBGSEC2019
 
Schrödinger's ARM Assembly
Schrödinger's ARM AssemblySchrödinger's ARM Assembly
Schrödinger's ARM Assembly
 
ARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMSARM Polyglot Shellcode - HITB2019AMS
ARM Polyglot Shellcode - HITB2019AMS
 
What Makes a Compelling Photograph
What Makes a Compelling PhotographWhat Makes a Compelling Photograph
What Makes a Compelling Photograph
 
Make ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEKMake ARM Shellcode Great Again - HITB2018PEK
Make ARM Shellcode Great Again - HITB2018PEK
 

Recently uploaded

AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 

Recently uploaded (20)

%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 

The Seven Axioms Of Security