SlideShare a Scribd company logo

The cyber security hype cycle is upon us

Jonathan Sinclair
Jonathan Sinclair

A review of where we are along with some predictions for 2018

Technology
1 of 61
Download to read offline
It seems what we were saying about: Government snooping, side-channel attacks, data exfiltration, corporate disclosure, poor product delivery, 3rd party vendor trust, security opt-out model, cloud, CEO ignorance etc. was right.
Is there a wave to be ridden or shall we keep our heads down until the disruption passes?
~15 years in the industry: ADI still confusing Advancement
Disruption…
An Englishman at heart Oxford Living Dictionary: • Disruption = “Disturbance or problems which interrupt an event, activity, or process”
Me vs. Silicon Valley
ADI – Looking at History: Ploughing
ADI – Looking at History: Ploughing
ADI – Looking at History: Ploughing
ADI – Looking at History: Ploughing
ADI - We actually want
ADI – Looking at History: Ploughing • Progress measured by Scale and the power-scale ratio • What’s actually important is not the nomenclature but what it stands for: • Removal of the human element and automation
Does the same apply to tech? • Progress measured by reduction in Size and increase in Capacity
Greed is good • Whether through • Reduction of work force = increase in profits • Reduction in size and increase in capacity (more information stored in less space) • More cores on a chip • More data in a lake • More bits down a pipe • Bigger is Better!
Nice story… but • You’re probably bored and this isn’t an academic treatise into definitions! • And what on earth does does this have to do with surfing waves or hiding in a bomb shelter and waiting for the debris to settle?
In ADI: Scalability makes the difference!
Old dayz (Local = No issue)
LAN (Bigger but controllable)
WAN (Bigger still, but still controllable)
Internet (Holy sh**, as large as it gets and no control)
Cloud (Out of control, kind of…) Vendor lock-in.
Progress Size of exposure = Out of control Threat landscape = Gigantic
Has Malware changed? Malware Viruses Worms Trojan Horses Ransomware
In fact; 1989 vs. 2016 (Mikko Hypponen Tweet from March 2016)
So things are the same? • The plough has become the automated machine, categories are the same. • What used to be this: • Is now this: • msf > use exploit/multi/java_rmi_server • msf exploit(java_rmi_server) > set RHOST 192.168.2.7 • msf exploit(java_rmi_server) > exploit • …….. • Meterpreter > shell Build/Simulate Environment Obtain software Install software Reverse software Create exploit Weaponize Deploy
Categories stay the same, scale changes, fall-out more important (Wannacry, no cyberwar in Ukraine right ;)
Change of the game: • Now the time to mention buzzwords • IoT, Big Data, Data Lakes, AI, Machine Learning etc. and
Algorithms create algorithms- Google, google and more google • Google – crypto algorithm • Alice and Bob communicating incognito blocking out Eve • Deepmind • AlphaGo, AlphaZero (Go and Chess) • Google: Voice synth on par with humans • Tacotron 2 Poof and magic: Accountability removed…
Backpropagation 1986: One trick pony? • The explosion of a singular idea: • Deep-learning Nets or Backpropagation nets are: “Neural nets can be thought of as trying to take things—images, words, recordings of someone talking, medical data—and put them into what mathematicians call a high- dimensional vector space, where the closeness or distance of the things reflects some important feature of the actual world.” –Hinton • The problem: • “Neural nets are just thoughtless fuzzy pattern recognizers, and as useful as fuzzy pattern recognizers can be—hence the rush to integrate them into just about every kind of software—they represent, at best, a limited brand of intelligence, one that is easily fooled”
The Others • Cylance • N/A • Darktrace • Bayesian learning • PatternEX • Supervised learning • DARPA, • Cyber Grand Challenge: AI at war: Mayhem wins
We are facing something new! • It’s happening on the fringes, for most … • But being integrated across the board meaning… ohh no the speed limit is 45mph
My Predictions for the Enterprise 2018 • Privacy moves into a leading position: Security supports Privacy Security
My Predictions for the Enterprise 2018 • Apple exploits gain more traction: root -> return, return, return
My Predictions for the Enterprise 2018 • Phishing, phishing and more phishing: Because it works
My Predictions for the Enterprise 2018 • More issues with Open Src stack • Because you thought it was hard to maintain and patch “managed software”, now you’re managing stuff created by non-professionals (for a large part)
My Predictions for the Enterprise 2018 • Side-channel attacks /
My Predictions for the Enterprise 2018 • DDoS – Doesn’t get enough press and is a fundamental problem: Mirai, Reaper etc. Scale again!
My Predictions for the Enterprise 2018 • 3rd party vendor breaches: Let’s go in through the backdoor • Queue: Target, Deloitte, Amazon, Equifax, DHS, etc. all organisations charged with responsibly handling customer information. • How secure are your partners really? • They WILL lie to you….
My Predictions for the Enterprise 2018 • ML/AI or simply Stochastic modelling • Model reliance will become more ubiquitous and explainable AI will increase in complexity. Trust the machine
My Predictions for the Enterprise 2018 • Companies continue to struggle with SOC deployments, incident response, log fatigue etc.
My Predictions for the Enterprise 2018 • Skills gap deteriorates further: Security Theatre continues LinkedIn trolling • Banking CISO: No formal education in IT • Pharma CISO: No formal education in IT • Manufacturing CISO: No formal education in IT • Energy CISO: No formal education in IT • Chemical CISO: No formal education in IT • Agriculture CISO: No formal education in IT • University CISO: Degree in Engineering • Government CISO: Degree in Computer Science • Technology CISO: Degree in Mathematics
Last thought(s) • No one talks about the on-premise solution offerings anymore • Have we forgotten how to build? • Where are the CBA’s for this vs. cloud, in today’s situation? • Pandora’s box has been opened, “there’s no going back, you’ve changed things”
Vendor lock-in • API’s, JSON calls and all other integration fudge = vendor lock in like we’ve never seen before. • CoreOS CEO Alex Polvi: • “Lambda and serverless is one of the worst forms of proprietary lock-in that we've ever seen in the history of humanity” • “It's code that tied not just to hardware – which we've seen before – but to a data center, you can't even get the hardware yourself. And that hardware is now custom fabbed for the cloud providers with dark fiber that runs all around the world, just for them. So literally the application you write will never get the performance or responsiveness or the ability to be ported somewhere else without having the deployment footprint of Amazon.“
Consumer rights • Tech’s wild-west and lack of accountability • Gov.uk: • You can get help if you’re treated unfairly or when things go wrong. This includes: • credit and store cards • faulty goods • counterfeit goods • poor service • problems with contracts • problems with builders • rogue traders • IT never mentioned anywhere and it’s going to get worse!
Handling of CPU bugs disclosure 'incredibly bad': OpenBSD’s Theo de Raadt "It is a scandal, and I want repaired processors for free. I don't care if they are 30% slower, as long as they work to spec. Intel has been exceedingly clever to mix Meltdown (speculative loads) with a separate issue (Spectre). This is pulling the wool over the public's eyes."
BACKUP Slides, for fun and reference Covering the topics: - ADI definition - Predictions - Threats - Thoughts from Lyft CISO
Is this advancement, innovation or just disruption? • Are they the same? • What is advancement (positive) • What is disruption (negative) • Each cause change • But when should we react? • Everything is ADI
Predications are always dangerous Speed differentials Enterprise, vs. small business vs. start-up
Enterprise 2018 • Not much will change • Asset inventory will still be challenging • AV, or NGAV will start to replace traditional AV, however more about re- branding • L1 SOC automation (PatternEX, Smart Algor’s, etc.) will start, but industry still immature • Data science and security staff skill shortage will still be an issue • Automation will be pushed harder • But real disruption around tech e.g. advanced data analytics, containerisation scalability, software robotics, AI powered incident response, advanced end- point protection, is likely not to happen outside specialised groups
Small business • Lack of in-house skills will likely lead to slow adoption, security will still be ‘bolted-on’ and not built in • Migration of service providers to Cloud IaaS and SaaS, but these will be packaged and re-sold. Small-businesses won’t actually feel the change, until it goes wrong
Start-up’s • Will pivot on new tech, because they need to ‘pretend’ they are mature and through this they can show glitz and glamour e.g. • Yeah we can scale to 1000+ endpoints as we leverage AWS Elastic compute • You want pretty dashboards, of course we leverage Elastic Search and the ELK stack • Deploy anywhere and access at any time, of course we have an HTTP(S) mgmt. dashboard hosted on Azure with seamless integration into your AD • Use of AI and cutting edge ML – Of course, we run Tensor flow, out of the box and scale it across our platform. • Blah, blah, blah
My Predictions for the Enterprise 2018 • Hardware attacks (Intel etc.)
Predictions: What are others saying?
Prediction: MIT’s takeaways • More breaches: Equifax • Thank you data consolidation, data lakes and the emergence of the data broker, queue service providers • Ransomware in the Cloud • Did I mention: Lack of control?  Maybe another Eternal Blue, Accidental leak? • NotPetya (Eternal Blue), Wannacry (Eternal Blue), Cryptolocker (email attachment) • Weaponisation of AI • Cyber-physical attacks • Mining Crypto currencies • Hacking elections
Prediction: PWC “2018 could be the year that the third leg of the information security triad, integrity of data, really comes to the fore. All organisations rely on the integrity of their data to function, from the food supply chain, to the medical profession, to any company reporting financial results. An attacker that can cause a question mark to appear over the integrity of their target's data could potentially cause huge damage.”
Prediction: Symantec Symantec: 1. Blockchain Will Find Uses Outside Of Cryptocurrencies But Cyber criminals Will Focus On Coins and Exchanges 2. Cyber criminals Will Use Artificial Intelligence (AI) & Machine Learning (ML) To Conduct Attacks 3. Supply Chain Attacks Will Become Mainstream 4. File-less and File-light Malware Will Explode 5. Organisations Will Still Struggle With Security-as-a-Service (SaaS) Security 6. Organisations Will Still Struggle With Infrastructure-as-a-Service (IaaS) Security – More Breaches Due to Error, Compromise & Design 7. Financial Trojans Will Still Account For More Losses Than Ransomware 8. Expensive Home Devices Will Be Held To Ransom 9. IoT Devices Will Be Hijacked and Used in DDoS Attacks 10. IoT Devices Will Provide Persistent Access to Home Networks
Threats are still easy: AV avoidance Old days (signature): • Byte change • Polymorphic engines • Dynamic programming techniques Modern day (AI, behaviour-based and NGAV): • Code obfuscation • Alternative Data Streams • In-memory
New threats • Air-gap bridged (laser keyboard analysis) • Marketing malware – marketing ads fight each other • Quote for Joanna Rutkowska “Don’t be deluded that a single user system is a non-shared computer… Modern computers execute so much 3rd-party code & parse so much untrusted input, that we must assume they are ‘shared’” 06.01.18
Lyft CISO: Mike Johnson I'm not interested in the top Security stories or top trends of 2017. I was there. I am more interested in what flew under the radar or what got too much coverage. My offerings: • Threat intelligence as a product is oversold and there are way too many companies in this space • We don’t have an officially appointed US Federal CISO (Grant Schneider is “acting”) • Your AI product is not intelligent • We are working on bringing in more diverse candidates in our entry level jobs, but not doing enough for our more experienced professionals from diverse backgrounds • Phishing your employees and then forcing anyone who clicks a link to sit through a half hour video is not raising security awareness - it's just making your employees resent you

Recommended

Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to EnterpriseArgyle Executive Forum
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...STASH | Datacentric Security
 
How to improve your system monitoring
How to improve your system monitoringHow to improve your system monitoring
How to improve your system monitoringAndrew White
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 

Recommended

Top 12 Threats to Enterprise
Top 12 Threats to EnterpriseTop 12 Threats to Enterprise
Top 12 Threats to EnterpriseArgyle Executive Forum
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
MT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechMT74 - Is Your Tech Support Keeping Up with Your Instr Tech
MT74 - Is Your Tech Support Keeping Up with Your Instr TechDell EMC World
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...Eyes Wide Shut: Cybersecurity Smoke & Mirrors...
Eyes Wide Shut: Cybersecurity Smoke & Mirrors...STASH | Datacentric Security
 
How to improve your system monitoring
How to improve your system monitoringHow to improve your system monitoring
How to improve your system monitoringAndrew White
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big DataLivingstone Advisory
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Livingstone Advisory
 
Lean Hunting
Lean HuntingLean Hunting
Lean HuntingBen Johnson
 
SecureWorld - Communicating With Your CFO
SecureWorld - Communicating With Your CFOSecureWorld - Communicating With Your CFO
SecureWorld - Communicating With Your CFOGene Kim
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseJason Luttrell, CISSP, CISM
 
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?Jason Bloomberg
 
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...SolarWinds
 
What does an internet of things business look like?
What does an internet of things business look like?What does an internet of things business look like?
What does an internet of things business look like?Alexandra Deschamps-Sonsino
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Thoughtworks
 
When IT Fails The Business Fails...
When IT Fails The Business Fails...When IT Fails The Business Fails...
When IT Fails The Business Fails...Gene Kim
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
Dell and Deloitte: Managing Risk in the Cloud with Salesforce
Dell and Deloitte: Managing Risk in the Cloud with SalesforceDell and Deloitte: Managing Risk in the Cloud with Salesforce
Dell and Deloitte: Managing Risk in the Cloud with SalesforceDreamforce
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of ThingsTripwire
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...
Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...
Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...TechSoup
 
Migrate to Google Apps? - Gillingham
Migrate to Google Apps? - GillinghamMigrate to Google Apps? - Gillingham
Migrate to Google Apps? - GillinghamMark Gillingham
 
Security in the News
Security in the NewsSecurity in the News
Security in the NewsJames Sutter
 
Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingJohn D. Johnson
 
The evolving CIO|CISO relationship
The evolving CIO|CISO relationship The evolving CIO|CISO relationship
The evolving CIO|CISO relationship Zscaler
 

More Related Content

What's hot

Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Livingstone Advisory
 
SecureWorld - Communicating With Your CFO
SecureWorld - Communicating With Your CFOSecureWorld - Communicating With Your CFO
SecureWorld - Communicating With Your CFOGene Kim
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseJason Luttrell, CISSP, CISM
 
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?Jason Bloomberg
 
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...SolarWinds
 
What does an internet of things business look like?
What does an internet of things business look like?What does an internet of things business look like?
What does an internet of things business look like?Alexandra Deschamps-Sonsino
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Thoughtworks
 
When IT Fails The Business Fails...
When IT Fails The Business Fails...When IT Fails The Business Fails...
When IT Fails The Business Fails...Gene Kim
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
Dell and Deloitte: Managing Risk in the Cloud with Salesforce
Dell and Deloitte: Managing Risk in the Cloud with SalesforceDell and Deloitte: Managing Risk in the Cloud with Salesforce
Dell and Deloitte: Managing Risk in the Cloud with SalesforceDreamforce
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of ThingsTripwire
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...
Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...
Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...TechSoup
 
Migrate to Google Apps? - Gillingham
Migrate to Google Apps? - GillinghamMigrate to Google Apps? - Gillingham
Migrate to Google Apps? - GillinghamMark Gillingham
 
Security in the News
Security in the NewsSecurity in the News
Security in the NewsJames Sutter
 

What's hot (20)

Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big Data
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
 
Lean Hunting
Lean HuntingLean Hunting
Lean Hunting
 
SecureWorld - Communicating With Your CFO
SecureWorld - Communicating With Your CFOSecureWorld - Communicating With Your CFO
SecureWorld - Communicating With Your CFO
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
DevOps, Digital, and Cloud - Two's Company, Three's a Crowd?
 
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
Government and Education Webinar: Public Sector Cybersecurity Survey - What I...
 
What does an internet of things business look like?
What does an internet of things business look like?What does an internet of things business look like?
What does an internet of things business look like?
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...Making best-in-class security ubiquitous - Why security is no longer just an ...
Making best-in-class security ubiquitous - Why security is no longer just an ...
 
When IT Fails The Business Fails...
When IT Fails The Business Fails...When IT Fails The Business Fails...
When IT Fails The Business Fails...
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
Dell and Deloitte: Managing Risk in the Cloud with Salesforce
Dell and Deloitte: Managing Risk in the Cloud with SalesforceDell and Deloitte: Managing Risk in the Cloud with Salesforce
Dell and Deloitte: Managing Risk in the Cloud with Salesforce
 
Adapting for the Internet of Things
Adapting for the Internet of ThingsAdapting for the Internet of Things
Adapting for the Internet of Things
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...
Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...
Webinar - Finding Local Tech Expertise and Support for Nonprofits and Librari...
 
Migrate to Google Apps? - Gillingham
Migrate to Google Apps? - GillinghamMigrate to Google Apps? - Gillingham
Migrate to Google Apps? - Gillingham
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 

Similar to The cyber security hype cycle is upon us

Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingJohn D. Johnson
 
The evolving CIO|CISO relationship
The evolving CIO|CISO relationship The evolving CIO|CISO relationship
The evolving CIO|CISO relationship Zscaler
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldHao Tran
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldInside Analysis
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP securityERPScan
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentationTim Willoughby
 
Redgate_summit_atl_kgorman_intersection.pptx
Redgate_summit_atl_kgorman_intersection.pptxRedgate_summit_atl_kgorman_intersection.pptx
Redgate_summit_atl_kgorman_intersection.pptxKellyn Pot'Vin-Gorman
 
From Microfilm to Big Data - How Can One Brain Handle This Much Change Withou...
From Microfilm to Big Data - How Can One Brain Handle This Much Change Withou...From Microfilm to Big Data - How Can One Brain Handle This Much Change Withou...
From Microfilm to Big Data - How Can One Brain Handle This Much Change Withou...John Mancini
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectivePositive Hack Days
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
We cant hack ourselves secure
We cant hack ourselves secureWe cant hack ourselves secure
We cant hack ourselves secureEoin Keary
 
CompTIA Cyber Career Pathway: Developing skills for 2020 and beyond
CompTIA Cyber Career Pathway: Developing skills for 2020 and beyondCompTIA Cyber Career Pathway: Developing skills for 2020 and beyond
CompTIA Cyber Career Pathway: Developing skills for 2020 and beyondZeshan Sattar
 
Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"CompTIA
 
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve PooleDevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve PooleJAXLondon_Conference
 
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"Daniel Bryant
 
Threat Modeling All Day!
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!Steven Carlson
 
How would AI shape Future Integrations?
How would AI shape Future Integrations?How would AI shape Future Integrations?
How would AI shape Future Integrations?Srinath Perera
 
Brand Commerce - We all know the shiny stuff at the front. But what magic is ...
Brand Commerce - We all know the shiny stuff at the front. But what magic is ...Brand Commerce - We all know the shiny stuff at the front. But what magic is ...
Brand Commerce - We all know the shiny stuff at the front. But what magic is ...Rien van den Bosch
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetuppbink
 

Similar to The cyber security hype cycle is upon us (20)

Security & Privacy in Cloud Computing
Security & Privacy in Cloud ComputingSecurity & Privacy in Cloud Computing
Security & Privacy in Cloud Computing
 
The evolving CIO|CISO relationship
The evolving CIO|CISO relationship The evolving CIO|CISO relationship
The evolving CIO|CISO relationship
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP security
 
20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation20170613 iasa architecture - Tim Willoughby presentation
20170613 iasa architecture - Tim Willoughby presentation
 
Redgate_summit_atl_kgorman_intersection.pptx
Redgate_summit_atl_kgorman_intersection.pptxRedgate_summit_atl_kgorman_intersection.pptx
Redgate_summit_atl_kgorman_intersection.pptx
 
From Microfilm to Big Data - How Can One Brain Handle This Much Change Withou...
From Microfilm to Big Data - How Can One Brain Handle This Much Change Withou...From Microfilm to Big Data - How Can One Brain Handle This Much Change Withou...
From Microfilm to Big Data - How Can One Brain Handle This Much Change Withou...
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
We cant hack ourselves secure
We cant hack ourselves secureWe cant hack ourselves secure
We cant hack ourselves secure
 
Is IIOT Right for You?
Is IIOT Right for You?Is IIOT Right for You?
Is IIOT Right for You?
 
CompTIA Cyber Career Pathway: Developing skills for 2020 and beyond
CompTIA Cyber Career Pathway: Developing skills for 2020 and beyondCompTIA Cyber Career Pathway: Developing skills for 2020 and beyond
CompTIA Cyber Career Pathway: Developing skills for 2020 and beyond
 
Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"
 
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve PooleDevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
DevOps and the cloud: all hail the (developer) king - Daniel Bryant, Steve Poole
 
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
JAXLondon 2015 "DevOps and the Cloud: All Hail the (Developer) King"
 
Threat Modeling All Day!
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!
 
How would AI shape Future Integrations?
How would AI shape Future Integrations?How would AI shape Future Integrations?
How would AI shape Future Integrations?
 
Brand Commerce - We all know the shiny stuff at the front. But what magic is ...
Brand Commerce - We all know the shiny stuff at the front. But what magic is ...Brand Commerce - We all know the shiny stuff at the front. But what magic is ...
Brand Commerce - We all know the shiny stuff at the front. But what magic is ...
 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
 

More from Jonathan Sinclair

Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Jonathan Sinclair
 
Machine learning 101 - or less
Machine learning 101 - or lessMachine learning 101 - or less
Machine learning 101 - or lessJonathan Sinclair
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofJonathan Sinclair
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
XAI – accountability unchecked
XAI – accountability uncheckedXAI – accountability unchecked
XAI – accountability uncheckedJonathan Sinclair
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentJonathan Sinclair
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingCyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingJonathan Sinclair
 
Vulnerability management today and tomorrow
Vulnerability management today and tomorrowVulnerability management today and tomorrow
Vulnerability management today and tomorrowJonathan Sinclair
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012Jonathan Sinclair
 

More from Jonathan Sinclair (11)

Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?Is the SOC working as a viable business model (or security model)?
Is the SOC working as a viable business model (or security model)?
 
Machine learning 101 - or less
Machine learning 101 - or lessMachine learning 101 - or less
Machine learning 101 - or less
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereof
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
XAI – accountability unchecked
XAI – accountability uncheckedXAI – accountability unchecked
XAI – accountability unchecked
 
Cyber speed – the unknown velocity component
Cyber speed – the unknown velocity componentCyber speed – the unknown velocity component
Cyber speed – the unknown velocity component
 
Cyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not workingCyber Security: Strategies, Defence and what’s not working
Cyber Security: Strategies, Defence and what’s not working
 
Blue Ocean IT Security
Blue Ocean IT SecurityBlue Ocean IT Security
Blue Ocean IT Security
 
Vulnerability management today and tomorrow
Vulnerability management today and tomorrowVulnerability management today and tomorrow
Vulnerability management today and tomorrow
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012
 
Breach analysis slideshare
Breach analysis slideshareBreach analysis slideshare
Breach analysis slideshare
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

The cyber security hype cycle is upon us

  • 1. It seems what we were saying about: Government snooping, side-channel attacks, data exfiltration, corporate disclosure, poor product delivery, 3rd party vendor trust, security opt-out model, cloud, CEO ignorance etc. was right.
  • 2.
  • 3. Is there a wave to be ridden or shall we keep our heads down until the disruption passes?
  • 4. ~15 years in the industry: ADI still confusing Advancement
  • 6. An Englishman at heart Oxford Living Dictionary: • Disruption = “Disturbance or problems which interrupt an event, activity, or process”
  • 7. Me vs. Silicon Valley
  • 8. ADI – Looking at History: Ploughing
  • 9. ADI – Looking at History: Ploughing
  • 10. ADI – Looking at History: Ploughing
  • 11. ADI – Looking at History: Ploughing
  • 12. ADI - We actually want
  • 13. ADI – Looking at History: Ploughing • Progress measured by Scale and the power-scale ratio • What’s actually important is not the nomenclature but what it stands for: • Removal of the human element and automation
  • 14. Does the same apply to tech? • Progress measured by reduction in Size and increase in Capacity
  • 15. Greed is good • Whether through • Reduction of work force = increase in profits • Reduction in size and increase in capacity (more information stored in less space) • More cores on a chip • More data in a lake • More bits down a pipe • Bigger is Better!
  • 16. Nice story… but • You’re probably bored and this isn’t an academic treatise into definitions! • And what on earth does does this have to do with surfing waves or hiding in a bomb shelter and waiting for the debris to settle?
  • 17. In ADI: Scalability makes the difference!
  • 18. Old dayz (Local = No issue)
  • 20. WAN (Bigger still, but still controllable)
  • 21. Internet (Holy sh**, as large as it gets and no control)
  • 22. Cloud (Out of control, kind of…) Vendor lock-in.
  • 23. Progress Size of exposure = Out of control Threat landscape = Gigantic
  • 24. Has Malware changed? Malware Viruses Worms Trojan Horses Ransomware
  • 25. In fact; 1989 vs. 2016 (Mikko Hypponen Tweet from March 2016)
  • 26. So things are the same? • The plough has become the automated machine, categories are the same. • What used to be this: • Is now this: • msf > use exploit/multi/java_rmi_server • msf exploit(java_rmi_server) > set RHOST 192.168.2.7 • msf exploit(java_rmi_server) > exploit • …….. • Meterpreter > shell Build/Simulate Environment Obtain software Install software Reverse software Create exploit Weaponize Deploy
  • 27. Categories stay the same, scale changes, fall-out more important (Wannacry, no cyberwar in Ukraine right ;)
  • 28. Change of the game: • Now the time to mention buzzwords • IoT, Big Data, Data Lakes, AI, Machine Learning etc. and
  • 29. Algorithms create algorithms- Google, google and more google • Google – crypto algorithm • Alice and Bob communicating incognito blocking out Eve • Deepmind • AlphaGo, AlphaZero (Go and Chess) • Google: Voice synth on par with humans • Tacotron 2 Poof and magic: Accountability removed…
  • 30. Backpropagation 1986: One trick pony? • The explosion of a singular idea: • Deep-learning Nets or Backpropagation nets are: “Neural nets can be thought of as trying to take things—images, words, recordings of someone talking, medical data—and put them into what mathematicians call a high- dimensional vector space, where the closeness or distance of the things reflects some important feature of the actual world.” –Hinton • The problem: • “Neural nets are just thoughtless fuzzy pattern recognizers, and as useful as fuzzy pattern recognizers can be—hence the rush to integrate them into just about every kind of software—they represent, at best, a limited brand of intelligence, one that is easily fooled”
  • 31. The Others • Cylance • N/A • Darktrace • Bayesian learning • PatternEX • Supervised learning • DARPA, • Cyber Grand Challenge: AI at war: Mayhem wins
  • 32. We are facing something new! • It’s happening on the fringes, for most … • But being integrated across the board meaning… ohh no the speed limit is 45mph
  • 33. My Predictions for the Enterprise 2018 • Privacy moves into a leading position: Security supports Privacy Security
  • 34. My Predictions for the Enterprise 2018 • Apple exploits gain more traction: root -> return, return, return
  • 35. My Predictions for the Enterprise 2018 • Phishing, phishing and more phishing: Because it works
  • 36. My Predictions for the Enterprise 2018 • More issues with Open Src stack • Because you thought it was hard to maintain and patch “managed software”, now you’re managing stuff created by non-professionals (for a large part)
  • 37. My Predictions for the Enterprise 2018 • Side-channel attacks /
  • 38. My Predictions for the Enterprise 2018 • DDoS – Doesn’t get enough press and is a fundamental problem: Mirai, Reaper etc. Scale again!
  • 39. My Predictions for the Enterprise 2018 • 3rd party vendor breaches: Let’s go in through the backdoor • Queue: Target, Deloitte, Amazon, Equifax, DHS, etc. all organisations charged with responsibly handling customer information. • How secure are your partners really? • They WILL lie to you….
  • 40. My Predictions for the Enterprise 2018 • ML/AI or simply Stochastic modelling • Model reliance will become more ubiquitous and explainable AI will increase in complexity. Trust the machine
  • 41. My Predictions for the Enterprise 2018 • Companies continue to struggle with SOC deployments, incident response, log fatigue etc.
  • 42. My Predictions for the Enterprise 2018 • Skills gap deteriorates further: Security Theatre continues LinkedIn trolling • Banking CISO: No formal education in IT • Pharma CISO: No formal education in IT • Manufacturing CISO: No formal education in IT • Energy CISO: No formal education in IT • Chemical CISO: No formal education in IT • Agriculture CISO: No formal education in IT • University CISO: Degree in Engineering • Government CISO: Degree in Computer Science • Technology CISO: Degree in Mathematics
  • 43. Last thought(s) • No one talks about the on-premise solution offerings anymore • Have we forgotten how to build? • Where are the CBA’s for this vs. cloud, in today’s situation? • Pandora’s box has been opened, “there’s no going back, you’ve changed things”
  • 44. Vendor lock-in • API’s, JSON calls and all other integration fudge = vendor lock in like we’ve never seen before. • CoreOS CEO Alex Polvi: • “Lambda and serverless is one of the worst forms of proprietary lock-in that we've ever seen in the history of humanity” • “It's code that tied not just to hardware – which we've seen before – but to a data center, you can't even get the hardware yourself. And that hardware is now custom fabbed for the cloud providers with dark fiber that runs all around the world, just for them. So literally the application you write will never get the performance or responsiveness or the ability to be ported somewhere else without having the deployment footprint of Amazon.“
  • 45. Consumer rights • Tech’s wild-west and lack of accountability • Gov.uk: • You can get help if you’re treated unfairly or when things go wrong. This includes: • credit and store cards • faulty goods • counterfeit goods • poor service • problems with contracts • problems with builders • rogue traders • IT never mentioned anywhere and it’s going to get worse!
  • 46. Handling of CPU bugs disclosure 'incredibly bad': OpenBSD’s Theo de Raadt "It is a scandal, and I want repaired processors for free. I don't care if they are 30% slower, as long as they work to spec. Intel has been exceedingly clever to mix Meltdown (speculative loads) with a separate issue (Spectre). This is pulling the wool over the public's eyes."
  • 47.
  • 48. BACKUP Slides, for fun and reference Covering the topics: - ADI definition - Predictions - Threats - Thoughts from Lyft CISO
  • 49. Is this advancement, innovation or just disruption? • Are they the same? • What is advancement (positive) • What is disruption (negative) • Each cause change • But when should we react? • Everything is ADI
  • 50. Predications are always dangerous Speed differentials Enterprise, vs. small business vs. start-up
  • 51. Enterprise 2018 • Not much will change • Asset inventory will still be challenging • AV, or NGAV will start to replace traditional AV, however more about re- branding • L1 SOC automation (PatternEX, Smart Algor’s, etc.) will start, but industry still immature • Data science and security staff skill shortage will still be an issue • Automation will be pushed harder • But real disruption around tech e.g. advanced data analytics, containerisation scalability, software robotics, AI powered incident response, advanced end- point protection, is likely not to happen outside specialised groups
  • 52. Small business • Lack of in-house skills will likely lead to slow adoption, security will still be ‘bolted-on’ and not built in • Migration of service providers to Cloud IaaS and SaaS, but these will be packaged and re-sold. Small-businesses won’t actually feel the change, until it goes wrong
  • 53. Start-up’s • Will pivot on new tech, because they need to ‘pretend’ they are mature and through this they can show glitz and glamour e.g. • Yeah we can scale to 1000+ endpoints as we leverage AWS Elastic compute • You want pretty dashboards, of course we leverage Elastic Search and the ELK stack • Deploy anywhere and access at any time, of course we have an HTTP(S) mgmt. dashboard hosted on Azure with seamless integration into your AD • Use of AI and cutting edge ML – Of course, we run Tensor flow, out of the box and scale it across our platform. • Blah, blah, blah
  • 54. My Predictions for the Enterprise 2018 • Hardware attacks (Intel etc.)
  • 55. Predictions: What are others saying?
  • 56. Prediction: MIT’s takeaways • More breaches: Equifax • Thank you data consolidation, data lakes and the emergence of the data broker, queue service providers • Ransomware in the Cloud • Did I mention: Lack of control?  Maybe another Eternal Blue, Accidental leak? • NotPetya (Eternal Blue), Wannacry (Eternal Blue), Cryptolocker (email attachment) • Weaponisation of AI • Cyber-physical attacks • Mining Crypto currencies • Hacking elections
  • 57. Prediction: PWC “2018 could be the year that the third leg of the information security triad, integrity of data, really comes to the fore. All organisations rely on the integrity of their data to function, from the food supply chain, to the medical profession, to any company reporting financial results. An attacker that can cause a question mark to appear over the integrity of their target's data could potentially cause huge damage.”
  • 58. Prediction: Symantec Symantec: 1. Blockchain Will Find Uses Outside Of Cryptocurrencies But Cyber criminals Will Focus On Coins and Exchanges 2. Cyber criminals Will Use Artificial Intelligence (AI) & Machine Learning (ML) To Conduct Attacks 3. Supply Chain Attacks Will Become Mainstream 4. File-less and File-light Malware Will Explode 5. Organisations Will Still Struggle With Security-as-a-Service (SaaS) Security 6. Organisations Will Still Struggle With Infrastructure-as-a-Service (IaaS) Security – More Breaches Due to Error, Compromise & Design 7. Financial Trojans Will Still Account For More Losses Than Ransomware 8. Expensive Home Devices Will Be Held To Ransom 9. IoT Devices Will Be Hijacked and Used in DDoS Attacks 10. IoT Devices Will Provide Persistent Access to Home Networks
  • 59. Threats are still easy: AV avoidance Old days (signature): • Byte change • Polymorphic engines • Dynamic programming techniques Modern day (AI, behaviour-based and NGAV): • Code obfuscation • Alternative Data Streams • In-memory
  • 60. New threats • Air-gap bridged (laser keyboard analysis) • Marketing malware – marketing ads fight each other • Quote for Joanna Rutkowska “Don’t be deluded that a single user system is a non-shared computer… Modern computers execute so much 3rd-party code & parse so much untrusted input, that we must assume they are ‘shared’” 06.01.18
  • 61. Lyft CISO: Mike Johnson I'm not interested in the top Security stories or top trends of 2017. I was there. I am more interested in what flew under the radar or what got too much coverage. My offerings: • Threat intelligence as a product is oversold and there are way too many companies in this space • We don’t have an officially appointed US Federal CISO (Grant Schneider is “acting”) • Your AI product is not intelligent • We are working on bringing in more diverse candidates in our entry level jobs, but not doing enough for our more experienced professionals from diverse backgrounds • Phishing your employees and then forcing anyone who clicks a link to sit through a half hour video is not raising security awareness - it's just making your employees resent you