Typically Government security efforts are discounted as being for Government use only. The purpose of this presentation is to describe why it is important for security professionals to pay attention to what the Government is doing and learn from their successes and mistakes.
Understand, that Federal Government regulations have a nasty habit of working their way to the State and Local levels of government. Whatever your level of involvement with government and security, you would do well to get ahead of the curve.
Typically Government security efforts are discounted as being for Government use only. The purpose of this presentation is to describe why it is important for security professionals to pay attention to what the Government is doing and learn from their successes and mistakes.
Understand, that Federal Government regulations have a nasty habit of working their way to the State and Local levels of government. Whatever your level of involvement with government and security, you would do well to get ahead of the curve.
Architecting a Post Mortem - Velocity 2018 San Jose TutorialWill Gallego
Engineers are frequently tasked with being front and center in intense, highly demanding situations that require clear lines of communication. Our systems fail not because of a lack of attention or laziness but due to cognitive dissonance between what we believe about our environments and the objective interactions both internal and external to them.
It’s time to revisit your established beliefs surrounding failure scenarios, with an emphasis not on the “who” in decision making but instead on the “why” behind those decisions. With attention to growth mindset, you can encourage your teams to reject shallow explanations of human error for said failures and focus on how to gain greater understanding of these complexities and push the boundaries on what you believe to be static, unchanging context outside your sphere of influence.
Will Gallego walks you through the structure of postmortems used at large tech companies with real-world examples of failure scenarios and debunks myths regularly attributed to failures. You’ll learn how to incorporate open dialogue within and between teams to bridge these gaps in understanding.
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...RedZone Technologies
This webinar was developed in response to new developments with PCI 3.0, Omnibus HIPAA, BAAs, New Bank Regs, NCUA regs we reviewed important approaches to managing what I consider to be ground shaking changes with IT Security Processes, Capabilities, Communications, and Budgeting.
The content focused on what our customers are getting from regulators and banks as the deleterious effects of IT Security events over the past 12 months start to percolate into the market.
Topics :
1. How to Build Process Flows, Checklists, Reporting Structures, Assessment tools, to score IT Security risk for the CIO, CEO and Board.
2. How do you communicate risk across broad ranges of IT systems complexity accurately.
3. How to use a Scoreboard tool to communicate readiness of your IT Security Program from Tech staff, to CIO, to CEO and Board.
4. How do you balance IT Security risk and priorities so that decision makers can understand without losing them in the technical weeds.
5. How to simplify and manage your security architecture and design.
6. How to make managing security easily and simply when there is over lapping functionality?
7. How you can use these tools, processes, and risk scoring to build your IT Security Roadmap for 2015.
8. How to build a Data Governance and Risk communication plan for your IT Security portfolio.
Presentation delivered to the Minnesota Counties Computer Cooperative (http://mnccc.org/) on October 30, 2019. The talk was given by SecurityStudio's CEO, Evan Francen and focused on how local governments play a role in protecting all of us.
Software Technical Design for Information Security: A short intro for Tech Le...Chris F Carroll
Software Technical Design for Security
1) What is “Security” anyway? Using simple ISO27000 vocabulary to think about security
2) Example. A technical design for security of a small public-facing e-commerce site
3) The bigger picture. All the things that are not technical design needed for a secure design
Is your social media activity breaking the law? In this session Dominic provides his Top Tips to safeguard your brand, taken from Tempero’s recent eBook ‘UGC & The Law’. You may be surprised at the areas your brand is at risk.
Over the course of a year long investigation, we interviewed CIO, CISO, managers, security analysts, security engineers and compliance officers. Find out what we learned.
The Consensus Audit Guidelines is a collaborative effort between industry and government to identify the most critical security controls to defending our Nation’s cyber systems from attacks.
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Dana Gardner
Transcript of a BriefingsDirect podcast on how increased and more sophisticated attacks are forcing enterprises to innovate and expand security practices to not only detect, but predict, system intrusions.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Architecting a Post Mortem - Velocity 2018 San Jose TutorialWill Gallego
Engineers are frequently tasked with being front and center in intense, highly demanding situations that require clear lines of communication. Our systems fail not because of a lack of attention or laziness but due to cognitive dissonance between what we believe about our environments and the objective interactions both internal and external to them.
It’s time to revisit your established beliefs surrounding failure scenarios, with an emphasis not on the “who” in decision making but instead on the “why” behind those decisions. With attention to growth mindset, you can encourage your teams to reject shallow explanations of human error for said failures and focus on how to gain greater understanding of these complexities and push the boundaries on what you believe to be static, unchanging context outside your sphere of influence.
Will Gallego walks you through the structure of postmortems used at large tech companies with real-world examples of failure scenarios and debunks myths regularly attributed to failures. You’ll learn how to incorporate open dialogue within and between teams to bridge these gaps in understanding.
How to Communicate the Actual Readiness of your IT Security Program for PCI 3...RedZone Technologies
This webinar was developed in response to new developments with PCI 3.0, Omnibus HIPAA, BAAs, New Bank Regs, NCUA regs we reviewed important approaches to managing what I consider to be ground shaking changes with IT Security Processes, Capabilities, Communications, and Budgeting.
The content focused on what our customers are getting from regulators and banks as the deleterious effects of IT Security events over the past 12 months start to percolate into the market.
Topics :
1. How to Build Process Flows, Checklists, Reporting Structures, Assessment tools, to score IT Security risk for the CIO, CEO and Board.
2. How do you communicate risk across broad ranges of IT systems complexity accurately.
3. How to use a Scoreboard tool to communicate readiness of your IT Security Program from Tech staff, to CIO, to CEO and Board.
4. How do you balance IT Security risk and priorities so that decision makers can understand without losing them in the technical weeds.
5. How to simplify and manage your security architecture and design.
6. How to make managing security easily and simply when there is over lapping functionality?
7. How you can use these tools, processes, and risk scoring to build your IT Security Roadmap for 2015.
8. How to build a Data Governance and Risk communication plan for your IT Security portfolio.
Presentation delivered to the Minnesota Counties Computer Cooperative (http://mnccc.org/) on October 30, 2019. The talk was given by SecurityStudio's CEO, Evan Francen and focused on how local governments play a role in protecting all of us.
Software Technical Design for Information Security: A short intro for Tech Le...Chris F Carroll
Software Technical Design for Security
1) What is “Security” anyway? Using simple ISO27000 vocabulary to think about security
2) Example. A technical design for security of a small public-facing e-commerce site
3) The bigger picture. All the things that are not technical design needed for a secure design
Is your social media activity breaking the law? In this session Dominic provides his Top Tips to safeguard your brand, taken from Tempero’s recent eBook ‘UGC & The Law’. You may be surprised at the areas your brand is at risk.
Over the course of a year long investigation, we interviewed CIO, CISO, managers, security analysts, security engineers and compliance officers. Find out what we learned.
The Consensus Audit Guidelines is a collaborative effort between industry and government to identify the most critical security controls to defending our Nation’s cyber systems from attacks.
Thought Leader Interview: HP's Global CISO Brett Wahlin on the Future of Secu...Dana Gardner
Transcript of a BriefingsDirect podcast on how increased and more sophisticated attacks are forcing enterprises to innovate and expand security practices to not only detect, but predict, system intrusions.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
9. But First, a Dramatization… Your project is out of compliance with Section 15 of the FROBITZ Act of 1994. This is troublesome!
10. But First, a Dramatization… First of all, what the hell does that mean? And secondly…why should I care?
11. But First, a Dramatization… It means you have to fix it.
12. But First, a Dramatization… I can't do it—the YoyoDyne Frobulator is the only product that fits our needs.
13. But First, a Dramatization… But the rulebook says...
14. But First, a Dramatization… I’m not going to do it. Besides, the rulebook was made by a bunch of old men who have no idea what technology is.
15. But First, a Dramatization… You suck and are a rogue cowboy
16. But First, a Dramatization… You suck and are a wannnabe data center lawyer.
17. But First, a Dramatization… This guy is brain-damaged and I can’t work with him. We’ll never be secure now. This guy is brain-damaged and I can’t work with him. We’ll never be secure now.
18.
19. With compliance, you can strong-arm people into doing your bidding. Source: Wikimedia Commons
39. The more non-compliant you are, the more we can forgive you for! Source: Wikimedia Commons
40.
41.
42.
43.
44.
45.
46. Source: Wikimedia Commons Compliancy: it’s not so bad after all as long as you’re driving the oxcart!
47.
Editor's Notes
The following presentation contains insights and opinions gathered from over 15 years of combined experience in the government INFOSEC space. It’s interspersed with some humor – security presentations can be pretty dry without it. We hope that this presentation will provide you with the impetus to reemphasize security within your organization, and feel good about doing so. The subtitle means “Automatic, Practical, Good!” and is a play on the Ritter Sport tagline “Quadratisch, Praktish, Gut!” which translates as “Square, Practical, Good!” http://www.ritter-sport.de/
Mike’s blog is at http://www.guerilla-ciso.com/ Mike teaches for Potomac Forum http://www.potomacforum.org/ Contact information for Mike is at the end of this presentation.
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
Artwork by Melanie Smith
If you would like us to speak for your event or group, please ask. If you would like to learn more and to keep up-to-date on groundbreaking Government security news, subscribe to the guerilla-ciso blog feed. Presentation released under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License. More information available at http://creativecommons.org/licenses/by-nc-sa/3.0/