SlideShare une entreprise Scribd logo
1  sur  29
Télécharger pour lire hors ligne
They are all
Scor pi ons
(Security and Business, Abusive Codependence)
. .WWW ISECOm OR
G
!Make a wish
Oooh you said
“ ”cybersecurity
Better
cybersecurity
The Frog and the Scorpion
And not without good
.reason
Cybersecurity
professionals
are an unhappy
.bunch
If you got into
cybersecurity
mostly because
you like to
hang out with
-middle aged
white men with
big egos who
...humble brag
If cybersecurity were an
animal
’ .But they won t
Business should
learn the
language of
.cybersecurity
companies will not change
Security is all too
often seen as the
thing in the way of
good profits like how
environmental
protection was viewed
, , ..in the 70s 80s 90s
… , ,Now well fracking
-reactor cooling
radioactive ocean
,water marine vehicle
,fuel leaks any kind
,of energy production
,Any carbon footprint
….plastic straws
’But This isn t a disney
movie
Yet business needs it
Cybersecurity is
a cost center
with a loss
motive and no
profit incentive
.We need each other
’But business doesn t know
.that yet
’But there s easier ways to
.do it
Security sells
itself as a way
to increase
,profits
,customers and
.stock price
“ !”Think of the children we
.say
So we try to
make
cybersecurity
sexier to get
’business
.attention
.Desperation
=Success numbers go
down
Times caught cheating
on spouse
Bones broken for
gambling debts
Raccoons in the
bedroom at night
Episodes of kardashians
’you ve watched
Security effectiveness is
going down
Security controls
%utilization from 40 to
%30
Avg Number of sec
products from 4 to 5
Avg Number of secops
from 3 to 2
The crowbar of statistics
:says
How do we move forward?
Cybersecurity is built
on human suffering
Cybersecurity analgesics
Separate threat and
security from assets
clean the environment
and own it
Control the interactions
Only after all that is
,done deal with vulns
4 Point Process
2. INQUEST
investigate emanations
1. INDUCTION
establish facts about the environment
4. INTERVENTION
changing resource interactions
3. INTERACTION
trigger responses
Trifecta
1. How do current operations work?
2. How do they work differently from how
everyone thinks they work?
3. How do they need to work?
TRIFECTA IN PRACTICE
Trifecta Table
VENDOR
SECURITY
CALC
ATTACK
SURFACE
METRICS
THE STAR
:In conclusion
’they re all
!scorpions
Thank you.
You have questions?
.I have answers

Contenu connexe

Similaire à They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzog - 44CON 2018

Things I wish I'd known
Things I wish I'd knownThings I wish I'd known
Things I wish I'd knownWill Critchlow
 
"The Cutting Edge" - Palletways Business Club Presentation
"The Cutting Edge" - Palletways Business Club Presentation"The Cutting Edge" - Palletways Business Club Presentation
"The Cutting Edge" - Palletways Business Club Presentationgeorge_edwards
 
Chemistry Essay Example
Chemistry Essay ExampleChemistry Essay Example
Chemistry Essay ExampleJill Johnson
 
Winter Border Writing Paper. Winter Page Borders. 201
Winter Border Writing Paper. Winter Page Borders. 201Winter Border Writing Paper. Winter Page Borders. 201
Winter Border Writing Paper. Winter Page Borders. 201Julie May
 
A Welcome At The World Of Biasi
A Welcome At The World Of BiasiA Welcome At The World Of Biasi
A Welcome At The World Of BiasiEvelyn Donaldson
 
The First of Me! Insights from the Future of Digital at SxSW 2019
The First of Me! Insights from the Future of Digital at SxSW 2019The First of Me! Insights from the Future of Digital at SxSW 2019
The First of Me! Insights from the Future of Digital at SxSW 2019Inês Almeida
 
Snia Eiw2007 Peter Mojica
Snia Eiw2007 Peter MojicaSnia Eiw2007 Peter Mojica
Snia Eiw2007 Peter MojicaPeter Mojica
 
The Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2BThe Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2BOmobono
 
What Is A Humorous Essay And Why ItS Useful - EssayVikings.Com
What Is A Humorous Essay And Why ItS Useful - EssayVikings.ComWhat Is A Humorous Essay And Why ItS Useful - EssayVikings.Com
What Is A Humorous Essay And Why ItS Useful - EssayVikings.ComAndrea Arias
 
The Core Of Any Good Business And Call Center
The Core Of Any Good Business And Call CenterThe Core Of Any Good Business And Call Center
The Core Of Any Good Business And Call CenterKelley Hunter
 
Youtube Persuasive Speech
Youtube Persuasive SpeechYoutube Persuasive Speech
Youtube Persuasive SpeechMelissa Grant
 
The Slide Short Story
The Slide Short StoryThe Slide Short Story
The Slide Short StoryErin Thompson
 
Internet Fraud Is Greater Than Ever
Internet Fraud Is Greater Than EverInternet Fraud Is Greater Than Ever
Internet Fraud Is Greater Than EverKaren Oliver
 
Essay Writing Service For College Students Before Th
Essay Writing Service For College Students Before ThEssay Writing Service For College Students Before Th
Essay Writing Service For College Students Before ThMyel Ramos
 
Case Study Of Tetra Pak And Nestle
Case Study Of Tetra Pak And NestleCase Study Of Tetra Pak And Nestle
Case Study Of Tetra Pak And NestleTammy Lacy
 
Lego Costumes For Children
Lego Costumes For ChildrenLego Costumes For Children
Lego Costumes For ChildrenApril Griffin
 
Back To School Handwriting Paper Free Printable For Kids
Back To School Handwriting Paper Free Printable For KidsBack To School Handwriting Paper Free Printable For Kids
Back To School Handwriting Paper Free Printable For KidsJamie Akers
 
Dialogue Essay Example For 4 Person - Interpre
Dialogue Essay Example For 4 Person - InterpreDialogue Essay Example For 4 Person - Interpre
Dialogue Essay Example For 4 Person - InterpreJessica Hill
 

Similaire à They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzog - 44CON 2018 (20)

Things I wish I'd known
Things I wish I'd knownThings I wish I'd known
Things I wish I'd known
 
"The Cutting Edge" - Palletways Business Club Presentation
"The Cutting Edge" - Palletways Business Club Presentation"The Cutting Edge" - Palletways Business Club Presentation
"The Cutting Edge" - Palletways Business Club Presentation
 
Chemistry Essay Example
Chemistry Essay ExampleChemistry Essay Example
Chemistry Essay Example
 
Winter Border Writing Paper. Winter Page Borders. 201
Winter Border Writing Paper. Winter Page Borders. 201Winter Border Writing Paper. Winter Page Borders. 201
Winter Border Writing Paper. Winter Page Borders. 201
 
A Welcome At The World Of Biasi
A Welcome At The World Of BiasiA Welcome At The World Of Biasi
A Welcome At The World Of Biasi
 
The First of Me! Insights from the Future of Digital at SxSW 2019
The First of Me! Insights from the Future of Digital at SxSW 2019The First of Me! Insights from the Future of Digital at SxSW 2019
The First of Me! Insights from the Future of Digital at SxSW 2019
 
Snia Eiw2007 Peter Mojica
Snia Eiw2007 Peter MojicaSnia Eiw2007 Peter Mojica
Snia Eiw2007 Peter Mojica
 
The Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2BThe Art and Psychology of Storytelling in B2B
The Art and Psychology of Storytelling in B2B
 
What Is A Humorous Essay And Why ItS Useful - EssayVikings.Com
What Is A Humorous Essay And Why ItS Useful - EssayVikings.ComWhat Is A Humorous Essay And Why ItS Useful - EssayVikings.Com
What Is A Humorous Essay And Why ItS Useful - EssayVikings.Com
 
The Core Of Any Good Business And Call Center
The Core Of Any Good Business And Call CenterThe Core Of Any Good Business And Call Center
The Core Of Any Good Business And Call Center
 
Perceptive Analytics is Hiring!
Perceptive Analytics is Hiring!Perceptive Analytics is Hiring!
Perceptive Analytics is Hiring!
 
Youtube Persuasive Speech
Youtube Persuasive SpeechYoutube Persuasive Speech
Youtube Persuasive Speech
 
The Slide Short Story
The Slide Short StoryThe Slide Short Story
The Slide Short Story
 
Internet Fraud Is Greater Than Ever
Internet Fraud Is Greater Than EverInternet Fraud Is Greater Than Ever
Internet Fraud Is Greater Than Ever
 
Persuasive Essay On A Camping Trip
Persuasive Essay On A Camping TripPersuasive Essay On A Camping Trip
Persuasive Essay On A Camping Trip
 
Essay Writing Service For College Students Before Th
Essay Writing Service For College Students Before ThEssay Writing Service For College Students Before Th
Essay Writing Service For College Students Before Th
 
Case Study Of Tetra Pak And Nestle
Case Study Of Tetra Pak And NestleCase Study Of Tetra Pak And Nestle
Case Study Of Tetra Pak And Nestle
 
Lego Costumes For Children
Lego Costumes For ChildrenLego Costumes For Children
Lego Costumes For Children
 
Back To School Handwriting Paper Free Printable For Kids
Back To School Handwriting Paper Free Printable For KidsBack To School Handwriting Paper Free Printable For Kids
Back To School Handwriting Paper Free Printable For Kids
 
Dialogue Essay Example For 4 Person - Interpre
Dialogue Essay Example For 4 Person - InterpreDialogue Essay Example For 4 Person - Interpre
Dialogue Essay Example For 4 Person - Interpre
 

Plus de 44CON

How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...44CON
 
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...44CON
 
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...44CON
 
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...44CON
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...44CON
 
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...44CON
 
Pwning the 44CON Nerf Tank
Pwning the 44CON Nerf TankPwning the 44CON Nerf Tank
Pwning the 44CON Nerf Tank44CON
 
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...44CON
 
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images44CON
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON
 
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...44CON
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON
 
44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train44CON
 
44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security44CON
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON
 
44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON
 
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON
 
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON
 
44CON London 2015 - reverse reverse engineering
44CON London 2015 - reverse reverse engineering44CON London 2015 - reverse reverse engineering
44CON London 2015 - reverse reverse engineering44CON
 

Plus de 44CON (20)

How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
How to Explain Post-Quantum Cryptography to a Middle School Student - Klaus S...
 
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
Using SmartNICs to Provide Better Data Center Security - Jack Matheson - 44CO...
 
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
JARVIS never saw it coming: Hacking machine learning (ML) in speech, text and...
 
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
Reverse Engineering and Bug Hunting on KMDF Drivers - Enrique Nissim - 44CON ...
 
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...The UK's Code of Practice for Security in Consumer IoT Products and Services ...
The UK's Code of Practice for Security in Consumer IoT Products and Services ...
 
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
Weak analogies make poor realities – are we sitting on a Security Debt Crisis...
 
Pwning the 44CON Nerf Tank
Pwning the 44CON Nerf TankPwning the 44CON Nerf Tank
Pwning the 44CON Nerf Tank
 
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
Security module for php7 – Killing bugclasses and virtual-patching the rest! ...
 
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
44CON London 2015 - Stegosploit - Drive-by Browser Exploits using only Images
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?44CON London 2015 - Is there an EFI monster inside your apple?
44CON London 2015 - Is there an EFI monster inside your apple?
 
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
44CON London 2015 - Indicators of Compromise: From malware analysis to eradic...
 
44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy44CON London 2015 - How to drive a malware analyst crazy
44CON London 2015 - How to drive a malware analyst crazy
 
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
44CON London 2015 - 15-Minute Linux Incident Response Live Analysis
 
44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train44CON London 2015 - Going AUTH the Rails on a Crazy Train
44CON London 2015 - Going AUTH the Rails on a Crazy Train
 
44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security44CON London 2015 - Software Defined Networking (SDN) Security
44CON London 2015 - Software Defined Networking (SDN) Security
 
44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection44CON London 2015 - DDoS mitigation EPIC FAIL collection
44CON London 2015 - DDoS mitigation EPIC FAIL collection
 
44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities44CON London 2015 - Hunting Asynchronous Vulnerabilities
44CON London 2015 - Hunting Asynchronous Vulnerabilities
 
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
44CON London 2015 - Reverse engineering and exploiting font rasterizers: the ...
 
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
44CON London 2015 - Jtagsploitation: 5 wires, 5 ways to root
 
44CON London 2015 - reverse reverse engineering
44CON London 2015 - reverse reverse engineering44CON London 2015 - reverse reverse engineering
44CON London 2015 - reverse reverse engineering
 

Dernier

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Dernier (20)

The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

They're All Scorpions - Successful SecOps in a Hostile Workplace - Pete Herzog - 44CON 2018

Notes de l'éditeur

  1. Thanks to organizers.
  2. Quick intro
  3. If you could have anything you want in the whole world, what would you wish for? On the count of three I want you to say it out loud. Ready? One-- Two-- Three! You said “Better cybersecurity.” I know you did. Everyone always says that. And let me tell you why the security fairy won’t grant you that wish.
  4. Society relies on processes. Everything in society has a role and is part of a process. If it’s not then it’s dangerous or unfair. And that’s really what it’s all about, isn’t it? Fairness. You follow the rules and you get rewarded. That’s fair. Or you follow the rules and you don’t get rewarded. That’s life. Or you get fired. That’s ass-covering. People want fair. That’s why security is a process to make sure it’s consistently spread and maintained. That’s why we security people are told to make sure that management itself is under compliance to the security policies. Because it should all be equal. But that’s crap. It’s not equal. Equal maybe like a grizzly and a raccoon are both bears but that wouldn’t be a fair fight. (Unless it’s a washing putrid garbage in a stream before eating it competition and then the raccoon wins tiny, filthy hands down.) Look, you don’t follow the process and you get things done then people idolize you. They say you’re the person who rewrote the rules and rocked the idle establishment. But if you fail. Then people say it’s criminal how you thought you were above the rules. The point of hacking is to get things done and damn the rules. That’s probably why it’s been a bad word for so long and why only the kids, counter culture, and truly productive people don’t fear the word. It’s also why hacking is so closely tied to security.
  5. If you could have anything you want in the whole world, what would you wish for? On the count of three I want you to say it out loud. Ready? One-- Two-- Three! You said “Better cybersecurity.” I know you did. Everyone always says that. And let me tell you why the security fairy won’t grant you that wish.
  6. Society relies on processes. Everything in society has a role and is part of a process. If it’s not then it’s dangerous or unfair. And that’s really what it’s all about, isn’t it? Fairness. You follow the rules and you get rewarded. That’s fair. Or you follow the rules and you don’t get rewarded. That’s life. Or you get fired. That’s ass-covering. People want fair. That’s why security is a process to make sure it’s consistently spread and maintained. That’s why we security people are told to make sure that management itself is under compliance to the security policies. Because it should all be equal. But that’s crap. It’s not equal. Equal maybe like a grizzly and a raccoon are both bears but that wouldn’t be a fair fight. (Unless it’s a washing putrid garbage in a stream before eating it competition and then the raccoon wins tiny, filthy hands down.) Look, you don’t follow the process and you get things done then people idolize you. They say you’re the person who rewrote the rules and rocked the idle establishment. But if you fail. Then people say it’s criminal how you thought you were above the rules. The point of hacking is to get things done and damn the rules. That’s probably why it’s been a bad word for so long and why only the kids, counter culture, and truly productive people don’t fear the word. It’s also why hacking is so closely tied to security.
  7. Society relies on processes. Everything in society has a role and is part of a process. If it’s not then it’s dangerous or unfair. And that’s really what it’s all about, isn’t it? Fairness. You follow the rules and you get rewarded. That’s fair. Or you follow the rules and you don’t get rewarded. That’s life. Or you get fired. That’s ass-covering. People want fair. That’s why security is a process to make sure it’s consistently spread and maintained. That’s why we security people are told to make sure that management itself is under compliance to the security policies. Because it should all be equal. But that’s crap. It’s not equal. Equal maybe like a grizzly and a raccoon are both bears but that wouldn’t be a fair fight. (Unless it’s a washing putrid garbage in a stream before eating it competition and then the raccoon wins tiny, filthy hands down.) Look, you don’t follow the process and you get things done then people idolize you. They say you’re the person who rewrote the rules and rocked the idle establishment. But if you fail. Then people say it’s criminal how you thought you were above the rules. The point of hacking is to get things done and damn the rules. That’s probably why it’s been a bad word for so long and why only the kids, counter culture, and truly productive people don’t fear the word. It’s also why hacking is so closely tied to security.
  8. If you could have anything you want in the whole world, what would you wish for? On the count of three I want you to say it out loud. Ready? One-- Two-- Three! You said “Better cybersecurity.” I know you did. Everyone always says that. And let me tell you why the security fairy won’t grant you that wish.
  9. Society relies on processes. Everything in society has a role and is part of a process. If it’s not then it’s dangerous or unfair. And that’s really what it’s all about, isn’t it? Fairness. You follow the rules and you get rewarded. That’s fair. Or you follow the rules and you don’t get rewarded. That’s life. Or you get fired. That’s ass-covering. People want fair. That’s why security is a process to make sure it’s consistently spread and maintained. That’s why we security people are told to make sure that management itself is under compliance to the security policies. Because it should all be equal. But that’s crap. It’s not equal. Equal maybe like a grizzly and a raccoon are both bears but that wouldn’t be a fair fight. (Unless it’s a washing putrid garbage in a stream before eating it competition and then the raccoon wins tiny, filthy hands down.) Look, you don’t follow the process and you get things done then people idolize you. They say you’re the person who rewrote the rules and rocked the idle establishment. But if you fail. Then people say it’s criminal how you thought you were above the rules. The point of hacking is to get things done and damn the rules. That’s probably why it’s been a bad word for so long and why only the kids, counter culture, and truly productive people don’t fear the word. It’s also why hacking is so closely tied to security.
  10. Society relies on processes. Everything in society has a role and is part of a process. If it’s not then it’s dangerous or unfair. And that’s really what it’s all about, isn’t it? Fairness. You follow the rules and you get rewarded. That’s fair. Or you follow the rules and you don’t get rewarded. That’s life. Or you get fired. That’s ass-covering. People want fair. That’s why security is a process to make sure it’s consistently spread and maintained. That’s why we security people are told to make sure that management itself is under compliance to the security policies. Because it should all be equal. But that’s crap. It’s not equal. Equal maybe like a grizzly and a raccoon are both bears but that wouldn’t be a fair fight. (Unless it’s a washing putrid garbage in a stream before eating it competition and then the raccoon wins tiny, filthy hands down.) Look, you don’t follow the process and you get things done then people idolize you. They say you’re the person who rewrote the rules and rocked the idle establishment. But if you fail. Then people say it’s criminal how you thought you were above the rules. The point of hacking is to get things done and damn the rules. That’s probably why it’s been a bad word for so long and why only the kids, counter culture, and truly productive people don’t fear the word. It’s also why hacking is so closely tied to security.
  11. We come clean and say, you know, we don’t really know how to keep you really safe AND let you open whatever links you want or bring whatever internet-connected technology into the office. Furthermore, we tell them that anything you buy needs to be hardened or sandboxed so all the amazing connectivity features they’ve sold you don’t work in the real world where anyone on the planet can wake up and decide it’s your breach time. And you know what? Maybe we’ll actually, finally, see some progress in cybersecurity.
  12. Society relies on processes. Everything in society has a role and is part of a process. If it’s not then it’s dangerous or unfair. And that’s really what it’s all about, isn’t it? Fairness. You follow the rules and you get rewarded. That’s fair. Or you follow the rules and you don’t get rewarded. That’s life. Or you get fired. That’s ass-covering. People want fair. That’s why security is a process to make sure it’s consistently spread and maintained. That’s why we security people are told to make sure that management itself is under compliance to the security policies. Because it should all be equal. But that’s crap. It’s not equal. Equal maybe like a grizzly and a raccoon are both bears but that wouldn’t be a fair fight. (Unless it’s a washing putrid garbage in a stream before eating it competition and then the raccoon wins tiny, filthy hands down.) Look, you don’t follow the process and you get things done then people idolize you. They say you’re the person who rewrote the rules and rocked the idle establishment. But if you fail. Then people say it’s criminal how you thought you were above the rules. The point of hacking is to get things done and damn the rules. That’s probably why it’s been a bad word for so long and why only the kids, counter culture, and truly productive people don’t fear the word. It’s also why hacking is so closely tied to security.