The document discusses operational security (OPSEC) best practices for security analysts. It warns that adversaries are not necessarily enemies and have varying levels of resources. It advises analysts to be wary of mass surveillance by agencies and to use encrypted communication tools. When meeting suspicious people, analysts should not go alone, plan an exit, and have a dead man's switch. At borders, analysts should be collaborative with officers but not consent to searches or help without a warrant. Overall the document stresses preparation, having alternatives, and maintaining discipline over relying solely on tools when doing their work.
3. ADVERSARIES
3
• Adversary != Enemy
Resources vs No Resources
Agencies The rest
*.Mil
Big Bad Boys
Security Analyst Summit 2015
ProTip:
Don´t let your PR feed
these guys for free
4. MASS SURVEILLANCE
4
• Good ROI for Agencies!
• They don´t like encryption
• PGP, ZRTP, OTR, TrueCrypt
Security Analyst Summit 2015
5. MASS SURVEILLANCE
5
• Some inherent problems
• And some non-technical problems
Security Analyst Summit 2015
8. SUSPICIOUS MEETINGS
8
• Don´t go alone.
• Go on your own, plan how to get out.
• Dead man switch.
• Tell them you are ready.
• The trap might NOT be the meeting!
Security Analyst Summit 2015
9. UNPLEASANT COMPANY
9
• Suspicious patterns.
• You are not James Bond.
• Go to a safe place, protect contacts.
• Ask yourself what they want.
• Option: direct approach.
• Better: inform your people
Security Analyst Summit 2015
10. BORDERS
10
• If you consent a search, no warrant
needed.
• Police can search your computer at the
border without a warrant.
• Warrant limitations are ignored if they
see something illegal while searching.
• You don´t have to help or answer
questions.
• You cannot interfere or lie to an officer.
Security Analyst Summit 2015
11. BORDERS – OUR ADVICE
11
• Be collaborative.
• Don´t make things worse.
• Have your story ready and back it up.
• Don´t bring anything with you.
Security Analyst Summit 2015
12. EXTENDING OPSEC
12
Your company should provide you:
• Single POC for when in trouble.
• International legal support.
• Small briefing on the country you are
going to.
Security Analyst Summit 2015