Presentation from #zoosec on things I’ve learned the hard way doing forensics. The DF in DFIR_v2 Most of the “good stuff” is in the speaker notes
Presentation deck from Northwest High School Career Fair 2018 Careers in Information Security Update: I just came across a twitter post chock full of excellent learning resources. Enjoy! https://twitter.com/DigitalEmpress/status/1067183905109884933
My son is learning programming using the MIT App Inventor to build apps for Android devices. One of his first projects was to make a Magic 8 Ball. Well, being in the Information Security industry I just couldn’t help myself. …..
This presentation will introduce a framework to build a comprehensive incident management program. The program is comprised of four foundational components; planning, preparing, practicing, and measuring. The framework has been designed to be compliant with multiple standards, which include PCI, …..
The information security community has for a long time been using the medieval strategy of building castles to secure territory; better known as defense in depth. The strategy of defense in depth, while still very effective, does have its weaknesses. …..
Today Computerworld published an article about an office complex that is implanting RFID chips in employees’ hands to facilitate access. While this was done on a voluntary basis, I find the idea troublesome on several levels. The two biggest problems …..
An interesting interview with Howard A. Schmidt, former Cybersecurity Advisor for President Obama, from the CIO Network was just posted by the Wall St. Journal. He discusses the steps an organization should take once they realize they have been breached. …..
I have always been a great fan of Splunk for analyzing log data when investigating incidents. One of the downfalls is that while Splunk does a wonderful job searching logs, the timeline it creates is missing critical time information about …..
I’ve watched our industry slowly mature itself over the last fifteen years, and I am still somewhat bemused regarding penetration testing. It seems like every standard now requires a penetration test to be done, why? I struggle to see the …..
In my previous post “The Root of All Compromise” input validation was touched on briefly, with links to further information on the subject. In this post I will provide further examples of why using input validation with white-listing is so …..