The document highlights key insights from a presentation on cybersecurity at the HITBGSEC 2019 event in Singapore, emphasizing the dichotomy between attackers and defenders. It includes the 'seven axioms of security' as guidelines for CISOs and discusses the importance of proactive defense, threat intelligence, and building strong partnerships within teams. Additionally, it addresses the challenges faced by cybersecurity leaders and the necessity for creative collaboration and honesty in addressing security issues.

1. #HITBGSEC2019NETSQUARE #HITBGSEC2019NETSQUARE
A presentation by Saumil Shah
HITBgsec2019 Singapore

2. #HITBGSEC2019NETSQUARE
special thanks to
Dr. Igor Podebrad
Kelly White
Anoop Sethi
Hiren Shah
Thomas Dullien

3. #HITBGSEC2019NETSQUARE
A TALE OF TWO KEYNOTES

4. #HITBGSEC2019NETSQUARE
ATTACKS ARE A
TECHNICAL PROBLEM,
DEFENSE IS A
POLITICAL PROBLEM
THOMAS DULLIEN,
"Why we are not building a
defendable Internet" BH ASIA 2O17

5. #HITBGSEC2019NETSQUARE
DEAR CISO,
WHO ARE YOU MOST
SCARED OF?
SAUMIL SHAH
"The Seven Axioms Of Security"
BH ASIA 2O17

6. #HITBGSEC2019NETSQUARE
DILEMMA:
ATTACKERS or AUDITORS?

7. #HITBGSEC2019NETSQUARE
1. CISO - Defend the organization.
2. Threat Intel - Collect Everything.
3. Test Realistically.
4. Can't Measure? Can't Use.
5. Users - One Size Fits NONE!
6. Best Defense = Proactive Defense.
7. Make Defense Visible.
The Seven Axioms of Security

8. #HITBGSEC2019NETSQUARE
x 3 WORLD 1-1

9. #HITBGSEC2019NETSQUARE
$2.5M!!

10. #HITBGSEC2019NETSQUARE

11. #HITBGSEC2019NETSQUARE

12. #HITBGSEC2019NETSQUARE
LIFE's A BEACH!

13. #HITBGSEC2019NETSQUARE
HIGH MEDIUM LOW

14. #HITBGSEC2019NETSQUARE
LIFE's A BEA*CH!

15. #HITBGSEC2019NETSQUARE

16. #HITBGSEC2019NETSQUARE

17. #HITBGSEC2019NETSQUARE
x 2 WORLD 2-1
DILEMMA: ^C

18. #HITBGSEC2019NETSQUARE
REGULATORS
BOARD
IT VENDORS
YOUR TEAM
CISO
Understand the relationships

19. #HITBGSEC2019NETSQUARE

20. #HITBGSEC2019NETSQUARE

21. #HITBGSEC2019NETSQUARE
CODE vs TOIL
!
MANUALLY
RUNS SCRIPT
WRITES
SCRIPT
"#
non GEEK
GEEK
MANUALLY
MAKES FUN
OF GEEK'S
COMPLICATED
METHOD
CAN'T
COPE

22. #HITBGSEC2019NETSQUARE
SHOULDERS OF GIANTS
ANOOP SETHI
formerly BT
KELLY WHITE
formerly Zionsbank
Dr IGOR PODEBRAD
Commerzbank AG

23. #HITBGSEC2019NETSQUARE
THERE IS A WAY

24. #HITBGSEC2019NETSQUARE
HAVE NOTS HAVES
Capable of
custom analytics
threat detection
and response
Owning Cyber Security
Sucked up all the talent
Not capable
Cyber Security is a
necessary evil
Purely dependent upon
commercial solutions
CYBERSECURITY ASYMMETRY DILEMMA

25. #HITBGSEC2019NETSQUARE
BUILD SWARM
INTELLIGENCE

26. #HITBGSEC2019NETSQUARE
Spiral Dynamics

27. #HITBGSEC2019NETSQUARE
TRANSPERSONAL
PERSONAL
Survival
Power Gods
control & ego
Kin Spirits
protection
Truth Force
conformity
Strive Drive
achievement
Human Bond
relationships
Flex Flow
adaptability
Whole View
experential

28. #HITBGSEC2019NETSQUARE
Spiral Dynamics
HIVE MIND
The swarm will learn and
overcome any obstacle
The Leader is the CATALYST
SELECT THE GOALS
WORTH FIGHTING FOR

29. #HITBGSEC2019NETSQUARE
The Downward Spiral
Cascade Effect
Doesn't take much to de-orbit
It all hinges upon the
LEADER

30. #HITBGSEC2019NETSQUARE
Nurturing the Spiral
The Leader's Reflection
PROTECT the Swarm
EMPOWER
the Swarm
Form strong
PARTNERSHIPS

31. #HITBGSEC2019NETSQUARE
Catalyst
Listen more
than you speak
Build capabilities
Strong relationships
with the business
Authoritative
Behave in a superior way
over their team-mates
Fight the business
The "Sky Is Falling"

32. #HITBGSEC2019NETSQUARE
A CENTRE OF EXCELLENCE FOR
ALL OF TECHNICAL SECURITY
An Independent Consultancy
within the organisation

33. #HITBGSEC2019NETSQUARE
PROTECT
THE SWARM
Creative Insulation
HONESTY and
OPENNESS
! Happens
Don't throw them
under the bus!
No Blank Cheques

34. #HITBGSEC2019NETSQUARE

35. #HITBGSEC2019NETSQUARE
EMPOWER The Swarm
Call you out on your bull!

36. #HITBGSEC2019NETSQUARE
PARTNERSHIPS
Surround yourself with Smart
people in Small teams

37. #HITBGSEC2019NETSQUARE
THE TALENT WILL
COME TO YOU

38. #HITBGSEC2019NETSQUARE
THE CISO'S DILEMMA
YOUR OWN SIDE THE TEAM'S SIDE

39. #HITBGSEC2019NETSQUARE
THE CISO'S DILEMMA
YOUR OWN SIDE THE TEAM'S SIDE

40. #HITBGSEC2019NETSQUARE
ALL ALONE AND
NO WAY OUT

41. #HITBGSEC2019NETSQUARE
A TALE OF TWO LETTERS
@NOTtheGRUGQ

42. #HITBGSEC2019NETSQUARE
THANK YOU
@therealsaumil