SlideShare a Scribd company logo

Dojo Con 09

Download as PPT, PDF
Michael Smith
Michael Smith

My presentation for DojoCon 2009 talking about compliance, where it fails, and how to make life better.

Technology
1 of 47
Compliancy, Why Me? Living with the Compliance Staff, a BSOFH Guide Michael Smith
Who is Michael Smith? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Compliance is the arsenic and cyanide of the information security world! Source: Wikimedia Commons
Since it’s Election Week ,[object Object],[object Object],[object Object],[object Object]
But First, a Dramatization… Hi, I’m from the Compliance Team, I’m here to help!
But First, a Dramatization… And the Security Engineering Team is glad to have you here!
But First, a Dramatization… Here’s a report for you too look at on our current compliance status.
But First, a Dramatization… Wow, it’s big.
But First, a Dramatization… Your project is out of compliance with Section 15 of the FROBITZ Act of 1994. This is troublesome!
But First, a Dramatization… First of all, what the hell does that mean? And secondly…why should I care?
But First, a Dramatization… It means you have to fix it.
But First, a Dramatization… I can't do it—the YoyoDyne Frobulator is the only product that fits our needs.
But First, a Dramatization… But the rulebook says...
But First, a Dramatization… I’m not going to do it. Besides, the rulebook was made by a bunch of old men who have no idea what technology is.
But First, a Dramatization… You suck and are a rogue cowboy
But First, a Dramatization… You suck and are a wannnabe data center lawyer.
But First, a Dramatization… This guy is brain-damaged and I can’t work with him. We’ll never be secure now. This guy is brain-damaged and I can’t work with him. We’ll never be secure now.
Questions ,[object Object],[object Object],[object Object],[object Object]
With compliance, you can strong-arm people into doing your bidding. Source: Wikimedia Commons
The Problems with Compliance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
My View of the World* ,[object Object],[object Object],[object Object],*There will be a test later on this.
The Gap in the Security Workforce ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],$8B Question: How do we bridge this gap?
Professor Rybolov Says ,[object Object],[object Object],[object Object]
Phrase of the Minute ,[object Object]
Phrase of the Hour ,[object Object]
Phrase of the Day ,[object Object]
Phrase of the Week ,[object Object]
Phrase of the Month ,[object Object]
Phrase of the Year ,[object Object],*There will be a test later on this.
Regulatory Capture Examples ,[object Object],[object Object],[object Object]
And a Quote for Free ,[object Object],[object Object]
Source: Wikimedia Commons So there isn’t any magic where we become ultra-compliant?
Compliance Exercise: Requirement ,[object Object],[object Object],Source: SP 800-53
Compliance Exercise: BSOFH Answer ,[object Object]
WTF People? ,[object Object]
Rybolov’s Law ,[object Object]
Compliance Truthiness ,[object Object],[object Object],[object Object],[object Object],[object Object]
And More Importantly ,[object Object]
The more non-compliant you are, the more we can forgive you for! Source: Wikimedia Commons
Revisiting an Issue ,[object Object]
What my First Sergeant Told Me ,[object Object]
UR Doing it Wrong ,[object Object],[object Object]
Protip: Self-Regulation is the Shizzle! ,[object Object],[object Object],[object Object],[object Object],[object Object]
Remember This One? ,[object Object]
The Road Ahead ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Source: Wikimedia Commons Compliancy: it’s not so bad after all as long as you’re driving the oxcart!
[object Object],[object Object],[object Object]

Recommended

Test
TestTest
Testegermann
 
Representation of violence in the media complete
Representation of violence in the media completeRepresentation of violence in the media complete
Representation of violence in the media completejacksoc19
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Michael Smith
 
Backtrack 3 USB
Backtrack 3 USBBacktrack 3 USB
Backtrack 3 USB
Michael Smith
 
Why Care About Government Security
Why Care About Government SecurityWhy Care About Government Security
Why Care About Government Security
Michael Smith
 
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application SecuritySecurity Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Michael Smith
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner
 

Recommended

Test
TestTest
Testegermann
 
Representation of violence in the media complete
Representation of violence in the media completeRepresentation of violence in the media complete
Representation of violence in the media completejacksoc19
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Meta-Metrics: Building a Scorecard for the Evaluation of Security Management ...
Michael Smith
 
Backtrack 3 USB
Backtrack 3 USBBacktrack 3 USB
Backtrack 3 USB
Michael Smith
 
Why Care About Government Security
Why Care About Government SecurityWhy Care About Government Security
Why Care About Government Security
Michael Smith
 
Security Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application SecuritySecurity Content Automation Protocol and Web Application Security
Security Content Automation Protocol and Web Application Security
Michael Smith
 
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Cybersecurity Standards: The Open Group Explores Security and Ways to Assure ...
Dana Gardner
 
DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSO
Alexander Hutton
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
Varun Mithran
 
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose TutorialArchitecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Will Gallego
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
RedZone Technologies
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
Dana Gardner
 
SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLP
Nick Selby
 
Sem 003
Sem 003Sem 003
Sem 003SelectedPresentations
 
How to Secure America
How to Secure AmericaHow to Secure America
How to Secure America
SecurityStudio
 
Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...
Chris F Carroll
 
Short Essay Examples. Online assignment writing service.
Short Essay Examples. Online assignment writing service.Short Essay Examples. Online assignment writing service.
Short Essay Examples. Online assignment writing service.
Kimberly Brooks
 
Essay On My Favourite Player Sachin Tendulkar
Essay On My Favourite Player Sachin TendulkarEssay On My Favourite Player Sachin Tendulkar
Essay On My Favourite Player Sachin Tendulkar
Cassie Rivas
 
Social Media and The Law
Social Media and The LawSocial Media and The Law
Social Media and The Law
Our Social Times
 
Short Essay On Spirit Of Success
Short Essay On Spirit Of SuccessShort Essay On Spirit Of Success
Short Essay On Spirit Of Success
Andrea Warner
 
7 Steps To Writing A Winning Scholarship Essay - Globa
7 Steps To Writing A Winning Scholarship Essay - Globa7 Steps To Writing A Winning Scholarship Essay - Globa
7 Steps To Writing A Winning Scholarship Essay - Globa
Nicolle Dammann
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
Amanda Garrett
 
Assist You With Essay Homework And Other Assignments By Alihaider392 ...
Assist You With Essay Homework And Other Assignments By Alihaider392 ...Assist You With Essay Homework And Other Assignments By Alihaider392 ...
Assist You With Essay Homework And Other Assignments By Alihaider392 ...
Angel Jordan
 
History Essay Observational Research Paper Examples. Online assignment writin...
History Essay Observational Research Paper Examples. Online assignment writin...History Essay Observational Research Paper Examples. Online assignment writin...
History Essay Observational Research Paper Examples. Online assignment writin...
Jennifer Slattery
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
John Gilligan
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Dana Gardner
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 

More Related Content

Similar to Dojo Con 09

DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSO
Alexander Hutton
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
Varun Mithran
 
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose TutorialArchitecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Will Gallego
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
RedZone Technologies
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
Dana Gardner
 
SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLP
Nick Selby
 
How to Secure America
How to Secure AmericaHow to Secure America
How to Secure America
SecurityStudio
 
Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...
Chris F Carroll
 
Short Essay Examples. Online assignment writing service.
Short Essay Examples. Online assignment writing service.Short Essay Examples. Online assignment writing service.
Short Essay Examples. Online assignment writing service.
Kimberly Brooks
 
Essay On My Favourite Player Sachin Tendulkar
Essay On My Favourite Player Sachin TendulkarEssay On My Favourite Player Sachin Tendulkar
Essay On My Favourite Player Sachin Tendulkar
Cassie Rivas
 
Social Media and The Law
Social Media and The LawSocial Media and The Law
Social Media and The Law
Our Social Times
 
Short Essay On Spirit Of Success
Short Essay On Spirit Of SuccessShort Essay On Spirit Of Success
Short Essay On Spirit Of Success
Andrea Warner
 
7 Steps To Writing A Winning Scholarship Essay - Globa
7 Steps To Writing A Winning Scholarship Essay - Globa7 Steps To Writing A Winning Scholarship Essay - Globa
7 Steps To Writing A Winning Scholarship Essay - Globa
Nicolle Dammann
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
Amanda Garrett
 
Assist You With Essay Homework And Other Assignments By Alihaider392 ...
Assist You With Essay Homework And Other Assignments By Alihaider392 ...Assist You With Essay Homework And Other Assignments By Alihaider392 ...
Assist You With Essay Homework And Other Assignments By Alihaider392 ...
Angel Jordan
 
History Essay Observational Research Paper Examples. Online assignment writin...
History Essay Observational Research Paper Examples. Online assignment writin...History Essay Observational Research Paper Examples. Online assignment writin...
History Essay Observational Research Paper Examples. Online assignment writin...
Jennifer Slattery
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
John Gilligan
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
Matthew Pascucci
 
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Dana Gardner
 

Similar to Dojo Con 09 (20)

DeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSODeepSec 2014 - The Measured CSO
DeepSec 2014 - The Measured CSO
 
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
SOC Analyst Guide For Beginners SOC analysts work as members of a managed sec...
 
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose TutorialArchitecting a Post Mortem - Velocity 2018 San Jose Tutorial
Architecting a Post Mortem - Velocity 2018 San Jose Tutorial
 
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...
 
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
The Open Group San Diego Panel Explores Global Cybersecurity Issues for Impro...
 
SANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLPSANS WhatWorks - Compliance & DLP
SANS WhatWorks - Compliance & DLP
 
Sem 003
Sem 003Sem 003
Sem 003
 
How to Secure America
How to Secure AmericaHow to Secure America
How to Secure America
 
Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...Software Technical Design for Information Security: A short intro for Tech Le...
Software Technical Design for Information Security: A short intro for Tech Le...
 
Short Essay Examples. Online assignment writing service.
Short Essay Examples. Online assignment writing service.Short Essay Examples. Online assignment writing service.
Short Essay Examples. Online assignment writing service.
 
Essay On My Favourite Player Sachin Tendulkar
Essay On My Favourite Player Sachin TendulkarEssay On My Favourite Player Sachin Tendulkar
Essay On My Favourite Player Sachin Tendulkar
 
Social Media and The Law
Social Media and The LawSocial Media and The Law
Social Media and The Law
 
Short Essay On Spirit Of Success
Short Essay On Spirit Of SuccessShort Essay On Spirit Of Success
Short Essay On Spirit Of Success
 
7 Steps To Writing A Winning Scholarship Essay - Globa
7 Steps To Writing A Winning Scholarship Essay - Globa7 Steps To Writing A Winning Scholarship Essay - Globa
7 Steps To Writing A Winning Scholarship Essay - Globa
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 
Assist You With Essay Homework And Other Assignments By Alihaider392 ...
Assist You With Essay Homework And Other Assignments By Alihaider392 ...Assist You With Essay Homework And Other Assignments By Alihaider392 ...
Assist You With Essay Homework And Other Assignments By Alihaider392 ...
 
History Essay Observational Research Paper Examples. Online assignment writin...
History Essay Observational Research Paper Examples. Online assignment writin...History Essay Observational Research Paper Examples. Online assignment writin...
History Essay Observational Research Paper Examples. Online assignment writin...
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...
 

Recently uploaded

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 

Recently uploaded (20)

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 

Dojo Con 09

  • 1. Compliancy, Why Me? Living with the Compliance Staff, a BSOFH Guide Michael Smith
  • 2.
  • 3. Compliance is the arsenic and cyanide of the information security world! Source: Wikimedia Commons
  • 4.
  • 5. But First, a Dramatization… Hi, I’m from the Compliance Team, I’m here to help!
  • 6. But First, a Dramatization… And the Security Engineering Team is glad to have you here!
  • 7. But First, a Dramatization… Here’s a report for you too look at on our current compliance status.
  • 8. But First, a Dramatization… Wow, it’s big.
  • 9. But First, a Dramatization… Your project is out of compliance with Section 15 of the FROBITZ Act of 1994. This is troublesome!
  • 10. But First, a Dramatization… First of all, what the hell does that mean? And secondly…why should I care?
  • 11. But First, a Dramatization… It means you have to fix it.
  • 12. But First, a Dramatization… I can't do it—the YoyoDyne Frobulator is the only product that fits our needs.
  • 13. But First, a Dramatization… But the rulebook says...
  • 14. But First, a Dramatization… I’m not going to do it. Besides, the rulebook was made by a bunch of old men who have no idea what technology is.
  • 15. But First, a Dramatization… You suck and are a rogue cowboy
  • 16. But First, a Dramatization… You suck and are a wannnabe data center lawyer.
  • 17. But First, a Dramatization… This guy is brain-damaged and I can’t work with him. We’ll never be secure now. This guy is brain-damaged and I can’t work with him. We’ll never be secure now.
  • 18.
  • 19. With compliance, you can strong-arm people into doing your bidding. Source: Wikimedia Commons
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32. Source: Wikimedia Commons So there isn’t any magic where we become ultra-compliant?
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. The more non-compliant you are, the more we can forgive you for! Source: Wikimedia Commons
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46. Source: Wikimedia Commons Compliancy: it’s not so bad after all as long as you’re driving the oxcart!
  • 47.

Editor's Notes

  1. The following presentation contains insights and opinions gathered from over 15 years of combined experience in the government INFOSEC space. It’s interspersed with some humor – security presentations can be pretty dry without it. We hope that this presentation will provide you with the impetus to reemphasize security within your organization, and feel good about doing so. The subtitle means “Automatic, Practical, Good!” and is a play on the Ritter Sport tagline “Quadratisch, Praktish, Gut!” which translates as “Square, Practical, Good!” http://www.ritter-sport.de/
  2. Mike’s blog is at http://www.guerilla-ciso.com/ Mike teaches for Potomac Forum http://www.potomacforum.org/ Contact information for Mike is at the end of this presentation.
  3. Artwork by Melanie Smith
  4. Artwork by Melanie Smith
  5. Artwork by Melanie Smith
  6. Artwork by Melanie Smith
  7. Artwork by Melanie Smith
  8. Artwork by Melanie Smith
  9. Artwork by Melanie Smith
  10. Artwork by Melanie Smith
  11. Artwork by Melanie Smith
  12. Artwork by Melanie Smith
  13. Artwork by Melanie Smith
  14. Artwork by Melanie Smith
  15. Artwork by Melanie Smith
  16. If you would like us to speak for your event or group, please ask. If you would like to learn more and to keep up-to-date on groundbreaking Government security news, subscribe to the guerilla-ciso blog feed. Presentation released under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License. More information available at http://creativecommons.org/licenses/by-nc-sa/3.0/