A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams [Presented by Steve Werby at ShmooCon 2012]

•Download as PPTX, PDF•

0 likes•545 views

Your organization has invested in a variety of tools to manage its information technology and the security of its systems. But it's a nightmare to synthesize this information so non-technical decision makers can make informed decisions and so information security and IT management can manage security effectively. We developed and implemented a web-based tool which has been integrated with numerous data sources to address this business need across our large, decentralized organization with a heterogeneous IT environment. Now non-technical staff who previously knew little about their technology can easily view information about their assets and how they.re being managed and information security staff have access to the information they need in a centralized tool. The tool will be demonstrated and the technology, implementation, management and usage of the system will be covered in order to share successes and lessons learned.

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
A Fistful of Fire Hoses:
Putting out Fires Without Crossing Streams
Steve Werby (@stevewerby)
Chief Information Security Officer
University of Texas at San Antonio

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
A Fistful of Fire Hoses:
Putting out Fires Without Crossing Streams
 AV
 FW
 IDS
 FIM
 SIEM
 Pen Test
 Config Mgmt
 IP Flow Mon
 Log Analysis
 Data Discovery
 Forensics
 Vuln Scanning 10 person department

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
One Size Does Not Fit All

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Obligatory Disclaimer
The opinions shared represent
my views, the views of my
employer, the views of my past
employers and the views of my
future employers.
Are presentation disclaimers REALLY
necessary?

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
My Org
 31k students
 6k FTEs
 155 classrooms
 65 labs
 1.5MM SQFT
 $450MM budget
 15k workstations
 1k servers
 /16

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
My Org
 Heterogeneous IT environment
 Silos
 Low visibility into state of IT security
 Inconsistent infosec risk mgmt & compliance

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Overview of Presentation

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Project Goals
 push(@manager, $info) => informed decisions
 push(@infosec, $info) => $visibility++
 Improve security posture of organization
 Change culture
 Facilitate standardization

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Development
 Project charter, steering committee, work plan
 Project team
 Project sponsor (CIO)
 Project manager from IT Project Mgmt
 CISO and several infosec staff
 IT App Development staff
 IT Marketing/Communications staff
 Pilot users

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Implementation
 Piloted
 while (1==1) communicate();
 Email and postcard marketing
 Presentations to key groups
 Started small
 Staged release phases

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Architecture

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
InSight – Indicator Dashboard

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
InSight – Indicator Summary

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
InSight – Indicator Detail

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
InSight – Indicator Detail #2

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
InSight – Indicator Description

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
InSight – Asset View

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
InSight – Exemption Request

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Reaction
☑ “How can we get all of our laptops encrypted?”
☑ “IT, fix it!”
☑ “I’m not going to look at it.”
☑ “Security is YOUR job. Why should I help do your job?

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Carrots and Sticks
 Peer pressure
 Eligibility for IT funding

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Project Goals Revisited
☑ push(@manager, $info) => informed decisions
☑ push(@infosec, $info) => $visibility++
☑ Improve security posture of organization
☑ Change culture
☑ Facilitate standardization

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Lessons Learned
 process(“garbage”) = “garbage”
 Inventory, computer name, etc.
 A computer is…huh
 A laptop is a server
 Intended audience != actual audience
 Anticipate how app will be used

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
The Future
risk profiles
$awareness++
$scope++
$functionality++

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
The Future – $awareness++
 Monthly automated emails to managers
 Periodic reporting to governance groups
 Expand access to all employees

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
The Future - $scope++
 More endpoint devices
 Include servers and apps
 More data sources (IP Flow, SIEM, etc.)
 More granularity
 Information about people and processes

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
The Future - $functionality++
 Maintain historical information
 Increase update frequency
 Triggers

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
The Future – risk profiles
 By device, person, biz unit, system
Take the number of vehicles in the field, A), and
multiply it by the probable rate of failure, (B), then
multiply the result by the average out-of-court
settlement, (C). A times B times C equals X. If X
is less than the cost of a recall, we don't do one.

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Just Passing This On

Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby
Questions [Answers…Maybe]

This document describes a non-percolating flexible delivery hose used for water delivery in firefighting and civil engineering applications. The hose has a circular woven jacket made from cotton and synthetic yarn that is heat and abrasion resistant. It also has a thin fabric reinforcement bonded with adhesive and an inner rubber lining that provides flexibility, durability and resistance. The hose comes in standard lengths of 7.5, 15, 22.5 and 30 meters and can have customized end connections. Its key features include being compact, flexible, lightweight and able to withstand high pressure and abrasion.

Shmoocon 2015 - httpscreenshot

jstnkndy

httpscreenshot is a tool developed internally over the past year and a half. It has become one of our go to tools for the reconnaissance phase of every penetration test. The tool itself takes a list of addresses, domains, URLs, and visits each in a browser, parses SSL certificates to add new hosts, and captures a screenshot/HTML of the browser instance. Similar tools exist but none met our needs with regards to speed (threaded), features (JavaScript support, SSL auto detection and certificate scraping), and reliability. The cluster portion of the tool will go through and group "similar" websites together, where "similar" is determined by a fuzzy matching metric. This tool can be used by both blue and red teams. The blue teams can use this tool to quickly create an inventory of applications and devices they have running in their environments. This inventory will allow them to quickly see if there is anything running in their environment that they may not know about which should be secured or in many cases removed. The red teams can use this tool to quickly create the same inventory as part of our reconnaissance, which is often very effective in identifying potential target assets.

smoke alram project for students

Jitu Mehta

This document describes the components and workings of a smoke alarm. It contains the following key points: - Smoke alarms use components like a 555 timer IC, light dependent resistor, light emitting diode, resistors, capacitors, diodes, reset switch, preset resistor, buzzer, battery, printed circuit board, and connecting wires to detect smoke. - The 555 timer IC and light dependent resistor are important components that help detect changes in light levels from smoke. When smoke enters the chamber and scatters light, the light dependent resistor senses this and triggers the alarm. - Photoelectric detectors, which use light beams positioned at 90 degree angles, are better than other methods at sensing sm

Automatic theft controller system using burglar alram

Surya Balaji

The document discusses burglar alarm systems and their components. It explains that burglar alarms consist of sensors to detect intruders, a control panel to power the sensors and provide alerts, and connections between these components. Some common sensor types mentioned are door and window contacts, motion detectors, light dependent resistors, and magnetic contacts. The control panel monitors the sensor circuits and sounds an alarm until someone enters a security code at the keypad. The control panel is usually hidden away for added security so intruders cannot disable it.

Types of Firefighting Equipment

tradeford

Sprinkler system

محمد طه أحمد

This document summarizes the components and operation of a sprinkler system on a ship. It describes how sprinkler heads are activated by heat and spray water over a large area. The system includes a pressurized water tank, pumps, valves, and an alarm system. When a sprinkler activates, an alarm sounds and the location is indicated. The installation has multiple sections that can be isolated. Fresh water is used initially to reduce corrosion, and cleaning is important to ensure proper operation.

Fire alarm system

Md Emran Saidi

fire detection and alarm system

singh1515

The document discusses fire detection and alarm systems. It provides details on: 1) The purposes of fire detection systems which are to detect fires, notify occupants, summon assistance and initiate suppression systems. 2) The basic components of systems including input devices like manual pull stations and detectors, and output devices like alarms and controls. 3) Different types of detectors like heat, smoke and gas detectors and their functions. 4) Factors to consider for detector placement like area size and layout. 5) Conventional and addressable microprocessor-based systems and their advantages. 6) Approvals and standards required for fire detection systems.

Malicious URLs have been plaguing users for years. Leveraging of shortened URLs, redirect exploits, and other techniques have made detection of malicious links a much tougher problem for users who have to make a decision and for technical controls. This has gotten worse with the proliferation of QR codes and NFC tags. In this talk, I'll discuss research I conducted concerning the effectiveness of attacks using malicious QR codes, issues with mobile device QR code readers, an education campaign that resulted, and recommendations for users, publishers, app developers, and information security practitioners.

A Futurist Perspective

Joseph M Bradley

Analytics for Startups - Dublin Web Summit 2015

Andy Young

The document provides guidance on using analytics for startups. It recommends identifying key performance indicators (KPIs) like sales, subscribers, or transactions that drive the business. Additional metrics like conversion rates, average order value, and customer/supplier numbers provide nuance behind the KPI. Events should be tracked to analyze user behavior through the funnel from acquisition to monetization. Cohort analysis of different user groups is important to understand performance over time. The document stresses the importance of automated and real-time tracking and analysis to guide business decisions.

Mobile can be a Goldmine

Russell Lewis

The document discusses strategies for monetizing mobile applications and websites. It encourages companies to view mobile as an "unclaimed goldmine" and provides tips for "digging" into mobile to realize value. It identifies key stakeholders in mobile like product managers and developers. It also outlines tools in the Adobe Marketing Cloud that can help with mobile personalization, testing, messaging and analytics. Overall the document promotes a more robust mobile strategy and tapping into mobile opportunities.

Lean Product Analytics by Dan Olsen

Dan Olsen

This document provides an overview of Dan Olsen's background and approach to lean product analytics. It summarizes Olsen's 20 years of experience in product management and consulting. The presentation defines key lean startup concepts like achieving product-market fit, testing hypotheses, and minimizing waste. It also provides models and frameworks for validating product-market fit using both qualitative and quantitative metrics and analyzing user behavior and satisfaction. The document emphasizes using analytics to optimize business results and user experience through iterative learning and improvement.

Preparing for the Next Shellshock

Threat Stack

Using Agile IRL with Big Customers

Alex Cowan

This document discusses using agile methods when working with big customers. It advocates focusing expertise, leveraging economies of scale, and using an outside perspective to help resolve internal disagreements. It also notes that initiatives can lose momentum and provides tips for maintaining initiative. Some key agile practices discussed include focusing on individuals and interactions over processes, working software over documentation, customer collaboration, and responding to change. The document emphasizes writing user stories and testing ideas quickly through experiments.

The problem with impact measurement in Civic Tech (Matt Stempeck and Micah L....

mysociety

IT Security As A Service

Michael Davis

The Startup Owner's Manual

Pablo Rodriguez Bertorello

This document summarizes Steve Blank's presentation on "The Startup Owners Manual". It discusses the concepts of customer development, business models, and turning hypotheses into facts through testing ideas with customers. The presentation is based on several of Steve Blank's books and promotes getting outside the building to test problems and solutions with real customers. It also highlights that the manual provides examples and guidance for startups on topics like customer relationships, key resources, revenue streams, and other business model components.

Is One Second Enough? Evaluating QoE for Inter-Destination Multimedia Synchro...

Alpen-Adria-Universität

Modern-age technology enables us to consume multimedia for enjoyment and as a social experience. The traditional way to consume multimedia together (e.g., with family or friends in the living room) is being superseded by a location-independent scenario where geographically distributed users consume the same content while having a real-time communication channel among each other. Inter-Destination Multimedia Synchronization (IDMS) is the tool of choice in order to enable users a high-quality multimedia experience. In this paper, we investigate the influence of asynchronism when consuming multimedia content together while being geographically distributed. In particular, we adopt the concept of human computation and developed a reaction game which we used to conduct a crowdsourced subjective quality assessment in order to evaluate a threshold for multimedia synchronization within an IDMS scenario. Our results show a significant decrease in overall Quality of Experience (QOE) at an asynchronism level of 750ms. At the same time, we were able to show that asynchronism at a level of 400ms does not have significant differences regarding the QoE when compared to the synchronous reference case.

APM leeds - reviews and assurance - Sep 2014

Upside Energy Ltd

The document discusses the role of project management offices (PMOs) in supporting reviews and assurance. It states that unnecessary project failure occurs when people lack full, validated information about project status and issues. The role of reviews and assurance is to provide this important information to project and portfolio managers. PMOs can help establish effective review processes to gather and disseminate this information.

Network Security Trends for 2016: Taking Security to the Next Level

Skybox Security

Shaping the Future of Open Innovation

Purdue RCODI

Bridging the Experience Gap - Bryan Lamkin

scoopnewsgroup

The document discusses Adobe's digital government assembly presentation. It focuses on how digital transformation, mobility, applications, analytics, cloud computing, security, and design-led experiences are important for government services. Specific points include that most Americans have smartphones, people spend more time on mobile than desktop, and over half of job seekers use smartphones to fill out applications. The presentation emphasizes that 85% of government processes begin with forms.

[DSC Europe 22] On building a video recommendation system and other use-cases...

DataScienceConferenc1

I will talk about building a recommendation system for our internal video-hosting used by thousands of employees. Will describe how our project is organized, ML approach we use and issues we are facing, what our business goal is, what kind of features do we use, how quality is measured, and model is monitored. In addition to that, I would cover some of the other recommender system use-cases we have in the company.

ScotSecure 2020

Ray Bugg

The national Scot-Secure Summit is the largest annual Cyber Security event in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking. The conference programme is focused on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.

Expand Your Communication Skills within Microsoft Project 2013

International Institute for Learning

Most project managers understand that effective communication is essential to project success. And most are familiar with and use Microsoft Project. However, many project managers are not aware of the rich functional benefits that can be realized from Microsoft’s integration of its products. This webinar will expose and demonstrate why and how the application of integrated Microsoft tools can dramatically improve your communication skills and increase project delivery success.

Meet Evernym's SSI Platform

Evernym

Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...

Steve Werby

20 years ago information security was a low corporate priority that was the realm of technical geeks. Factors such as the rapidly-evolving threat environment and increased corporate impact have elevated it to a multidisciplinary risk management discipline…which sometimes has a seat at the table. This talk explores what we’re doing wrong, why it’s ineffective (or worse), and better ways of thinking and doing. You will learn to question the status quo, rethink existing paradigms, and leverage better approaches from information security and other disciplines. Think different! Act different!

Information Security Threat Level Snapshot Template by Steve Werby 2014

Steve Werby

Similar to A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams [Presented by Steve Werby at ShmooCon 2012]

Mobile Security & Analytics: What Works and What Doesn't

Skycure

Forget Malicious Links and Fear the QR Code Presented by Steve Werby at ConSe...

Steve Werby

A Futurist Perspective

Joseph M Bradley

Analytics for Startups - Dublin Web Summit 2015

Andy Young

Mobile can be a Goldmine

Russell Lewis

Lean Product Analytics by Dan Olsen

Dan Olsen

Preparing for the Next Shellshock

Threat Stack

Using Agile IRL with Big Customers

Alex Cowan

The problem with impact measurement in Civic Tech (Matt Stempeck and Micah L....

mysociety

IT Security As A Service

Michael Davis

The Startup Owner's Manual

Pablo Rodriguez Bertorello

Is One Second Enough? Evaluating QoE for Inter-Destination Multimedia Synchro...

Alpen-Adria-Universität

APM leeds - reviews and assurance - Sep 2014

Upside Energy Ltd

Network Security Trends for 2016: Taking Security to the Next Level

Skybox Security

Shaping the Future of Open Innovation

Purdue RCODI

Bridging the Experience Gap - Bryan Lamkin

scoopnewsgroup

[DSC Europe 22] On building a video recommendation system and other use-cases...

DataScienceConferenc1

ScotSecure 2020

Ray Bugg

Expand Your Communication Skills within Microsoft Project 2013

International Institute for Learning

Meet Evernym's SSI Platform

Evernym

Similar to A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams [Presented by Steve Werby at ShmooCon 2012] (20)

Mobile Security & Analytics: What Works and What Doesn't

Forget Malicious Links and Fear the QR Code Presented by Steve Werby at ConSe...

A Futurist Perspective

Analytics for Startups - Dublin Web Summit 2015

Mobile can be a Goldmine

Lean Product Analytics by Dan Olsen

Preparing for the Next Shellshock

Using Agile IRL with Big Customers

The problem with impact measurement in Civic Tech (Matt Stempeck and Micah L....

IT Security As A Service

The Startup Owner's Manual

Is One Second Enough? Evaluating QoE for Inter-Destination Multimedia Synchro...

APM leeds - reviews and assurance - Sep 2014

Network Security Trends for 2016: Taking Security to the Next Level

Shaping the Future of Open Innovation

Bridging the Experience Gap - Bryan Lamkin

[DSC Europe 22] On building a video recommendation system and other use-cases...

ScotSecure 2020

Expand Your Communication Skills within Microsoft Project 2013

Meet Evernym's SSI Platform

More from Steve Werby

Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...

Steve Werby

Information Security Threat Level Snapshot Template by Steve Werby 2014

Steve Werby

Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...

Steve Werby

Data breach notification laws have proliferated worldwide, beginning with California’s law, which was enacted nearly a decade ago. As a result, citizens are being bombarded by breach notifications and media coverage of data exposures has skyrocketed. But are these increasingly onerous laws leading to stronger information security and better decisions by citizens or are they backfiring? I’ll compare existing laws, analyze data breach notifications and explore the effects of these laws, including feedback from citizens and information security professionals. By comparing data exposure disclosure to other negative events that don't require disclosure and sharing alternate disclosure models, I'll leave the audience questioning whether there's a better way.

Building Dictionaries and Destroying Hashes Using Amazon EC2 [Presented by St...

Steve Werby

By aggregating and creating new dictionaries and manipulating them to guess plaintext and hashed passwords in high profile password exposures, I'll demonstrate which dictionary attacks and password cracking strategies are the most effective. I will also discuss the building of passphrase dictionaries. The password and passphrase cracking will be performed primarily using Amazon EC2 and the time, cost, and resource constraints of EC2 and other options will be analyzed. Versions of this talk were also presented at Hack3rCon, DerbyCon, and SOURCE Seattle.

Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...

Steve Werby

A detailed analysis of password policies and authentication controls for widely-used websites hadn’t been conducted and seemed to be a daunting effort. To address this I supplemented automated and semi-automated data collection with the utilization of low-cost marketplaces like Amazon Mechanical Turk and unpaid volunteers. I will cover my methodology, analysis of the collected data, challenges, lessons learned, and future plans.

You're Bleeding Sensitive Data: Find it Before They Do [Presented by Steve We...

Steve Werby

With the proliferation of Internet accessible applications and files within organizations and the number of employees capable of making sensitive content available growing rapidly, knowing what sensitive information is accessible is increasingly difficult. And expensive DLP and scanning tools are not the only option. I will cover management strategies to reduce the risk, as well as demonstrate free and low-cost tools (FOCA, Shodan, Google Hacking Database and more) to discover sensitive data.

Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...

Steve Werby

20 years ago information security was a low corporate priority that was the realm of technical geeks. Factors such as the rapidly-evolving threat environment and increased corporate impact have elevated it to a multidisciplinary risk management discipline...which sometimes has a seat at the table. This talk explores what we're doing wrong, why it's ineffective (or worse), and better ways of thinking and doing. You will learn to question the status quo, rethink existing paradigms, and leverage better approaches from information security and other disciplines. Think different! Act different!

More from Steve Werby (7)

Bad Advice Unintended Consequences and Broken Paradigms - Think && Act Differ...

Information Security Threat Level Snapshot Template by Steve Werby 2014

Data Breach Notifications Laws - Time for a Pimp Slap Presented by Steve Werb...

Building Dictionaries and Destroying Hashes Using Amazon EC2 [Presented by St...

Crunching the Top 10000 Websites' Password Policies and Controls [Presented b...

You're Bleeding Sensitive Data: Find it Before They Do [Presented by Steve We...

Bad Advice, Unintended Consequences, and Broken Paradigms: Think & Act Di...

Recently uploaded

TrustArc Webinar - 2024 Global Privacy Survey

TrustArc

How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024? In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores. See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe. This webinar will review: - The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey - The top challenges for privacy leaders, practitioners, and organizations in 2024 - Key themes to consider in developing and maintaining your privacy program

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

OpenID AuthZEN Interop Read Out - Authorization

David Brossard

CAKE: Sharing Slices of Confidential Data on Blockchain

Claudio Di Ciccio

Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus. Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain. Paper: https://doi.org/10.1007/978-3-031-61000-4_16

Mind map of terminologies used in context of Generative AI

Kumud Singh

みなさんこんにちはこれ何文字まで入るの？40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの？えこ...

名前です男

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

akankshawande

UI5 Controls simplified - UI5con2024 presentation

Wouter Lemaire

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/ DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen! Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell. Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten. Diese Themen werden behandelt - Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten - Wie funktionieren CCB- und CCX-Lizenzen wirklich? - Verstehen des DLAU-Tools und wie man es am besten nutzt - Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw. - Praxisbeispiele und Best Practices zum sofortigen Umsetzen

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Infrastructure Challenges in Scaling RAG with Custom AI models

Zilliz

Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.

Full-RAG: A modern architecture for hyper-personalization

Zilliz

Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.

AI 101: An Introduction to the Basics and Impact of Artificial Intelligence

IndexBug

Serial Arm Control in Real Time Presentation

tolgahangng

Taking AI to the Next Level in Manufacturing.pdf

ssuserfac0301

Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as: 1. How quickly AI is being implemented in manufacturing. 2. Which barriers stand in the way of AI adoption. 3. How data quality and governance form the backbone of AI. 4. Organizational processes and structures that may inhibit effective AI adoption. 6. Ideas and approaches to help build your organization's AI strategy.

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Things to Consider When Choosing a Website Developer for your Website | FODUU

FODUU

Recently uploaded (20)

TrustArc Webinar - 2024 Global Privacy Survey

UiPath Test Automation using UiPath Test Suite series, part 6

OpenID AuthZEN Interop Read Out - Authorization

CAKE: Sharing Slices of Confidential Data on Blockchain

Mind map of terminologies used in context of Generative AI

Your One-Stop Shop for Python Success: Top 10 US Python Development Providers

UI5 Controls simplified - UI5con2024 presentation

Microsoft - Power Platform_G.Aspiotis.pdf

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU

Essentials of Automations: The Art of Triggers and Actions in FME

Infrastructure Challenges in Scaling RAG with Custom AI models

Full-RAG: A modern architecture for hyper-personalization

AI 101: An Introduction to the Basics and Impact of Artificial Intelligence

Serial Arm Control in Real Time Presentation

Taking AI to the Next Level in Manufacturing.pdf

20240607 QFM018 Elixir Reading List May 2024

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

National Security Agency - NSA mobile device best practices

Things to Consider When Choosing a Website Developer for your Website | FODUU

A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams [Presented by Steve Werby at ShmooCon 2012]

1. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams Steve Werby (@stevewerby) Chief Information Security Officer University of Texas at San Antonio

2. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams  AV  FW  IDS  FIM  SIEM  Pen Test  Config Mgmt  IP Flow Mon  Log Analysis  Data Discovery  Forensics  Vuln Scanning 10 person department

3. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby One Size Does Not Fit All

4. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Obligatory Disclaimer The opinions shared represent my views, the views of my employer, the views of my past employers and the views of my future employers. Are presentation disclaimers REALLY necessary?

5. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Obligatory Disclaimer The opinions shared represent my views, the views of my employer, the views of my past employers and the views of my future employers. Are presentation disclaimers REALLY necessary?

6. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby My Org  31k students  6k FTEs  155 classrooms  65 labs  1.5MM SQFT  $450MM budget  15k workstations  1k servers  /16

7. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby My Org  Heterogeneous IT environment  Silos  Low visibility into state of IT security  Inconsistent infosec risk mgmt & compliance

8. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Overview of Presentation

9. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Overview of Presentation

10. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Project Goals  push(@manager, $info) => informed decisions  push(@infosec, $info) => $visibility++  Improve security posture of organization  Change culture  Facilitate standardization

11. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Development  Project charter, steering committee, work plan  Project team  Project sponsor (CIO)  Project manager from IT Project Mgmt  CISO and several infosec staff  IT App Development staff  IT Marketing/Communications staff  Pilot users

12. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Implementation  Piloted  while (1==1) communicate();  Email and postcard marketing  Presentations to key groups  Started small  Staged release phases

13. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Architecture

14. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby InSight – Indicator Dashboard

15. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby InSight – Indicator Summary

16. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby InSight – Indicator Detail

17. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby InSight – Indicator Detail #2

18. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby InSight – Indicator Description

19. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby InSight – Asset View

20. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby InSight – Exemption Request

21. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Reaction ☑ “How can we get all of our laptops encrypted?” ☑ “IT, fix it!” ☑ “I’m not going to look at it.” ☑ “Security is YOUR job. Why should I help do your job?

22. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Carrots and Sticks  Peer pressure  Eligibility for IT funding

23. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Project Goals Revisited ☑ push(@manager, $info) => informed decisions ☑ push(@infosec, $info) => $visibility++ ☑ Improve security posture of organization ☑ Change culture ☑ Facilitate standardization

24. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Project Goals Revisited ☑ push(@manager, $info) => informed decisions ☑ push(@infosec, $info) => $visibility++ ☑ Improve security posture of organization ☑ Change culture ☑ Facilitate standardization  Additional impact  Increased IT staff accountability  Increased IT and infosec workload

25. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Lessons Learned  process(“garbage”) = “garbage”  Inventory, computer name, etc.  A computer is…huh  A laptop is a server  Intended audience != actual audience  Anticipate how app will be used

26. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby The Future risk profiles $awareness++ $scope++ $functionality++

27. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby The Future – $awareness++  Monthly automated emails to managers  Periodic reporting to governance groups  Expand access to all employees

28. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby The Future - $scope++  More endpoint devices  Include servers and apps  More data sources (IP Flow, SIEM, etc.)  More granularity  Information about people and processes

29. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby The Future - $functionality++  Maintain historical information  Increase update frequency  Triggers

30. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby The Future – risk profiles  By device, person, biz unit, system Take the number of vehicles in the field, A), and multiply it by the probable rate of failure, (B), then multiply the result by the average out-of-court settlement, (C). A times B times C equals X. If X is less than the cost of a recall, we don't do one.

31. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Just Passing This On

32. Steve Werby | ShmooCon 2012: A Fistful of Fire Hoses… | @stevewerby Questions [Answers…Maybe]

A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams [Presented by Steve Werby at ShmooCon 2012]

Recommended

Recommended

More Related Content

Similar to A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams [Presented by Steve Werby at ShmooCon 2012]

Similar to A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams [Presented by Steve Werby at ShmooCon 2012] (20)

More from Steve Werby

More from Steve Werby (7)

Recently uploaded

Recently uploaded (20)

A Fistful of Fire Hoses: Putting out Fires Without Crossing Streams [Presented by Steve Werby at ShmooCon 2012]