SlideShare uma empresa Scribd logo

2022 - Killer Bunny - TPRA Conference.pptx

Transferir como PPTX, PDF
C
Chris Roberts

Talk around what IS happening in the industry AND what we need to change!

Tecnologia
1 de 93
Welcome to the Dark Side We have ALL your cookies
Who’s The Hairy Thing? Geek & Dr. Dark Web Researcher Hacker Dad Chris.roberts@boomsupersonic.co m @Sidragon1 (LinkedIn AND Twitter) Boom Supersonic
Agenda • Pat on the back? • Y’all got a nice tick in the box... • Why THIS talk? • Isn’t everything ok? • Audits • Breeding like rabbits • Choice • Choice IS good, too much choice corrupts • You • The authorities... • The businesses • Passing the cost along • So, what next? • ...
Congratulations
You Ticked The Boxes...  You have a security posture  You integrate your teams  You have digital cybersurveillance  You‘ve passed audits  You’ve done your awareness training  You have a trustworthy system  You use encryption You have good security folks..
Feeling Nice, Warm, AND Fuzzy? Good, hold onto that...
You KNOW the bunny get’s it...
Let’s Talk Reality...
Why THIS Talk?
We give ourselves awards FOR What? Losing 22.5 million records a day
All we wanted was a tick in the box!
Tick NOT D...
Apparently, we “have to” answer questions...
And more questions, and more boxes...
Really Why?
Now we have more boxes from LOTS of sources
Each one telling me they want more
Each one building their own empires...
Incident Response Companies Be Like… “Your Turn, I Just Ate A Ransomware Attack…”
With their own “select” solutions and bodies...
And ALL I want is to tick the bloody box!
Now I have: 10 flavors of AI 25 options for ML 30 frameworks 100 boxes to tick How many QSA’s? 7,000 vendors...
Business Is Booming!!
I MEAN Booming!! • The global average mean time to identify a data breach is 197 days. • The mean time to recover from a data breach is around 70 days. • 76% of organizations were targeted by a phishing attack in the past 12 months. • 75% companies say a data breach has caused a material disruption to business processes. • The global average cost of a breach is around $4m. • We are losing an average of 22.5 million records a DAY. • Statistically you now have a 33% chance of being breached in the next 24 months. • USA is still the most popular target, 57% of breaches, 97% of the data...
Cybercrime damages expected to hit $6 trillion
And more code, more systems, clouds, etc...
More platforms, more suppliers, vendors, etc...
I HAD 3 layers, now I have 53!!
It’s ok, AI will save us!
With adversarial machine learning, pigs CAN fly!
Squirrel moment over...
Can I PLEASE just tick the bloody box?
What do you mean the box isn’t secure?
So, I tick the bloody box and I get breached?!?
YOU told me if I ticked the box, I’d be safe!
YOU are meant to stop this!
What do you mean you can’t?
Why IS someone inside my house?
What do you mean I can’t retaliate?
Hang on! You get more $ for doing what?!?
YOU hassle, ignore, prosecute those helping you?!
YOUR red tape is in the way of my tick in the box!
So, lets talk insurance...
Dammit, more than one tick in a box now?
So, I just charge more for my goods? Got it...
Do I still need to tick that box? Doesn’t seem so?
Oh, hang on, what do you mean they check?!?
Congress and crocodile tears you say?
Let’s talk about the InfoSec trifecta (racketeering)
Ignoring the tick in the box...
Is this sustainable?
What IF we decided to change, what DO we do?
Accept Change
What DO We Do About It?
So STFU and Listen Please
Reality! • It takes 1 minute to convince you to hand me your email… • It takes 1 free offer to get your phone number… • It takes 1 time to get you to click an email… • It takes 1 connection with your Bluetooth or wireless… • It takes 1 guess to work out you re-use your passwords… • It takes 1 minute with your unattended electronics… • It takes 1 connection on your social media networks… YET… • It takes 7-20 times to get through to you about awareness
Soft Skills...
Communication: Take time to exchange ideas with each other… Cooperation: Independent goals, with an aim to share data Coordination: ALL rowing in same direction for once… Collaboration: The whole is greater than the sum of its parts
Different Approach
Use language OTHERS understand
Ask MORE questions
DevSecOps
Share BEFORE it’s too late
Understand YOUR surroundings
Observe, Orient, Decide, Act Before It’s Too Late...
Choose Wisely
I AM the 24*7*365
Ever vigilant…
Help!!!
Well, he looks trustworthy…
Baubles AND Blinky Lights
Assets, what do you have? Assets, where are they? Who’s got access to them, and why? What DO they do, what is their purpose? What’s on them? Which ones do you need to care about?
When NOT What if… “…million-to-one chances… crop up nine times out of ten.”
Closing “I know you won't believe me, but the highest form of Human Excellence is to question oneself and others.”
Feeling left out? Feeling helpless? Feeling like you want in? THEN TALK WITH PEOPLE.. Anyone around you! Everyone close to you! ALL the people...
“We may have all come on different ships, but we’re in the same boat now” Martin LutherKing, Jr.
I will fail We will succeed
Thank You ALL For Listening Now, Let’s Actually DO Something...
ASK More Questions! Chris@hillbillyhitsquad.com @Sidragon1 (LinkedIn AND Twitter)

Recomendados

Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Chris Roberts
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2Chris Roberts
 
protecting your digital personal life
protecting your digital personal lifeprotecting your digital personal life
protecting your digital personal lifeNathan Lesser
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible InterfaceExperience UX
 

Recomendados

Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Chris Roberts
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2Chris Roberts
 
protecting your digital personal life
protecting your digital personal lifeprotecting your digital personal life
protecting your digital personal lifeNathan Lesser
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible InterfaceExperience UX
 
Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015David Cooper
 
Grace's technology power point
Grace's technology power pointGrace's technology power point
Grace's technology power pointMarq2014
 
Gunning for granny
Gunning for grannyGunning for granny
Gunning for grannyChris Roberts
 
Cyber security - Trend Micro
Cyber security - Trend MicroCyber security - Trend Micro
Cyber security - Trend MicroAuckland Salesforce User Group
 
Security is dead, Long live the Hacker
Security is dead, Long live the HackerSecurity is dead, Long live the Hacker
Security is dead, Long live the HackerStuart Coulson
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and librariesDorothea Salo
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
 
Ethics in Data Science and Machine Learning
Ethics in Data Science and Machine LearningEthics in Data Science and Machine Learning
Ethics in Data Science and Machine LearningHJ van Veen
 
Youth and technology_r1
Youth and technology_r1Youth and technology_r1
Youth and technology_r1Sneha Patil
 
Chimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clientsChimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clientsWorkplace Trends
 
Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023Ed Morrissey
 
April27 dyc
April27 dycApril27 dyc
April27 dycAlex Wills
 
Foundations In the Age of Social Media
Foundations In the Age of Social MediaFoundations In the Age of Social Media
Foundations In the Age of Social MediaJereme Bivins
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfNoreen Whysel
 
Future Kids Future Customers v2
Future Kids Future Customers v2Future Kids Future Customers v2
Future Kids Future Customers v2Andy Hadfield
 
Digital Citizenship (2016)
Digital Citizenship (2016)Digital Citizenship (2016)
Digital Citizenship (2016)Daniel Budd
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah CoffmanMarq2014
 
Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers Openbar
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Mais conteúdo relacionado

Semelhante a 2022 - Killer Bunny - TPRA Conference.pptx

Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015David Cooper
 
Grace's technology power point
Grace's technology power pointGrace's technology power point
Grace's technology power pointMarq2014
 
Security is dead, Long live the Hacker
Security is dead, Long live the HackerSecurity is dead, Long live the Hacker
Security is dead, Long live the HackerStuart Coulson
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and librariesDorothea Salo
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
 
Ethics in Data Science and Machine Learning
Ethics in Data Science and Machine LearningEthics in Data Science and Machine Learning
Ethics in Data Science and Machine LearningHJ van Veen
 
Youth and technology_r1
Youth and technology_r1Youth and technology_r1
Youth and technology_r1Sneha Patil
 
Chimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clientsChimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clientsWorkplace Trends
 
Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023Ed Morrissey
 
Foundations In the Age of Social Media
Foundations In the Age of Social MediaFoundations In the Age of Social Media
Foundations In the Age of Social MediaJereme Bivins
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfNoreen Whysel
 
Future Kids Future Customers v2
Future Kids Future Customers v2Future Kids Future Customers v2
Future Kids Future Customers v2Andy Hadfield
 
Digital Citizenship (2016)
Digital Citizenship (2016)Digital Citizenship (2016)
Digital Citizenship (2016)Daniel Budd
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah CoffmanMarq2014
 
Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers Openbar
 

Semelhante a 2022 - Killer Bunny - TPRA Conference.pptx (20)

Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015Zoomer Show Presentation_October 31-2015
Zoomer Show Presentation_October 31-2015
 
Grace's technology power point
Grace's technology power pointGrace's technology power point
Grace's technology power point
 
Gunning for granny
Gunning for grannyGunning for granny
Gunning for granny
 
Cyber security - Trend Micro
Cyber security - Trend MicroCyber security - Trend Micro
Cyber security - Trend Micro
 
Security is dead, Long live the Hacker
Security is dead, Long live the HackerSecurity is dead, Long live the Hacker
Security is dead, Long live the Hacker
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and libraries
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
Ethics in Data Science and Machine Learning
Ethics in Data Science and Machine LearningEthics in Data Science and Machine Learning
Ethics in Data Science and Machine Learning
 
Youth and technology_r1
Youth and technology_r1Youth and technology_r1
Youth and technology_r1
 
Chimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clientsChimps and Jelly: Thoughts on influencing colleagues and clients
Chimps and Jelly: Thoughts on influencing colleagues and clients
 
Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023Integrity AI and Geospatial Keynote 2023
Integrity AI and Geospatial Keynote 2023
 
April27 dyc
April27 dycApril27 dyc
April27 dyc
 
Foundations In the Age of Social Media
Foundations In the Age of Social MediaFoundations In the Age of Social Media
Foundations In the Age of Social Media
 
IAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdfIAC21: Shedding Light on Dark Patterns.pdf
IAC21: Shedding Light on Dark Patterns.pdf
 
Future Kids Future Customers v2
Future Kids Future Customers v2Future Kids Future Customers v2
Future Kids Future Customers v2
 
Digital Citizenship (2016)
Digital Citizenship (2016)Digital Citizenship (2016)
Digital Citizenship (2016)
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)
 
Technology Report By Noah Coffman
Technology Report By Noah CoffmanTechnology Report By Noah Coffman
Technology Report By Noah Coffman
 
Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers Openbar Leuven // Ethics in technology - Laurens Somers
Openbar Leuven // Ethics in technology - Laurens Somers
 

Último

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Último (20)

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

2022 - Killer Bunny - TPRA Conference.pptx

Notas do Editor

  1. Good Morning, thank you for having me, and welcome to a slightly different approach to explaining what IS going on in the industry AND world around us all. You ARE going to have a LOT of people talk with you about ALL sorts of issues from maritime, to smart weapons, to EMP’s and how the world is basically wanting to take us down.... HOWEVER FIRST we have to solve OUR OWN problems, the fact that WE are doing a piss poor job of looking after ourselves AND each other... THE Fight within....
  2. This isn’t going to be nice; it’ll be blunt, informative and should make you think about things the next time you go near a keyboard...
  3. Moby Dick: Because MOST of the security industry is chasing “around” 31,000 larger enterprise sized companies for their business. The list is well known, circulated and targets are on the backs of ALL the C-Suite, most of the technical folks and the MSP/VARS that support them.
  4. Yes... This IS a thing.... We now apparently pat ourselves on the back for being bloody unicorns...
  5. The global average mean time to identify a data breach is 197 days. The mean time to recover from a data breach is around 70 days. 76% of organizations were targeted by a phishing attack in the past 12 months. 75% companies say a data breach has caused a material disruption to business processes. The global average cost of a breach is around $4m. We are losing an average of 22.5 million records a DAY. Statistically you now have a 33% chance of being breached in the next 24 months. USA is still the most popular target, 57% of breaches, 97% of the data in last 24 months
  6. Welcome to the root of ALL.. The humble tick in the box
  7. You know the ones... Do you have a firewall? NOT is it out of the shrink wrap or anything
  8. Dammit, now they want to know IF it’s actually turned on
  9. The Security industry circles them like packs of hyena or vultures waiting for one of them to fall, get breached, or for a vendor to be thrown out… pouncing on the fresh kill with glee…
  10. SOX, SOX2, Healthcare, PCI, FERC, NERC, NIST, CMMC, Etc.
  11. One wants to know IF we have something, the other wants to know what color it is, and CMMC want’s to know IF it’s plugged into the Pentagon...
  12. PC can only use QSA’s SOX needs accountants and lawyers CMMC wants it’s own folks FERC and NERC needs wizards with magic misslies Etc.
  13. You can only join OUR club if you “fit” or pay enough.... Elitist anyone?
  14. Sorry, not enough time to tick the box, have to build our auditing empire and take over all the others......
  15. Welcome to the bastard children spawned from Vulture capitalism and DEFCON
  16. We’re short millions of people We’re minting millionaires daily We’re attracting millions in investment weekly Etc.
  17. 2021 anticipated numbers....
  18. Not content with keeping stuff in one place, we have devised MORE ways to spread it all over the place, now we hide it all over the planet consuming great quantities of energy (BitCoin alone consumes enough energy to almost make it into the top 10 country list of energy consumers)
  19. Where one goes, the others follow soon after, think of us as a plague of locust.
  20. Used to be web-app-database.
  21. hahahahahahah
  22. An example of adversarial perturbation attack (deviation) used to evade classifiers… (other include cats to dogs, and STOP signs to SPEED signs…) We modified 0.005% of the data in the image.
  23. AND with about an hour inside YOUR environment I can turn Javelin, Carbon Black, AND Clownstrike against themselves and DoS your own systems.... (2018/2019)
  24. Each of those layers has it’s own tick boxes, own challenges, own regulatory bodies and ways that they need to be used/adhered to/worked with/managed/reported on....
  25. Ah, yep, this one… IF I speak nice words to it OR sacrifice the odd intern to the computer room it’ll all be ok?!? This ISN’T going to work, you can’t ignore that Windows 95 system OR BYOD any longer.
  26. Oh yea, incase anyone forgot Compliance does NOT equal security, it’s a fallacy and one we sell to companies AL the time
  27. Yup Even though you purchased the EDR, XDR, EIGRP, NAS, NAC, IDS/IPS, DLP, HIDS, Heck you got acronym soup and your shit’s still insecure.....
  28. Who us? We might have mentioned 100% protection BUT if you read the fine print you’d realize that only IS the case in a controlled environment.... Which means IF you turn the computer on you’ve voided the warranty Accountability anyone?
  29. Ah, well what we say and what we do ARE two different things.... CAN I offer you hostage (I mean ransomware) negotiation services? How about Incident response prepay? Or a discount on your next hacker proof piece of software?
  30. No perimeter No barriers No control No asset management No basics No chance.
  31. Because...
  32. Attribution sucks. Bad attribution is brinkmanship Really bad attribution is war (although we’re already AT war, just nobody want’s to tell the Internet)
  33. Why get a pittance for bug bounties when I can make bank selling the exploits to our own government (or someone elses)
  34. You don’t listen You are a ONE way street The intel you share is stale AND the very people whom you SHOULD listen to, you alienate for the most part Your field offices are a joke
  35. Hi, this is the FBI, look we’ve been watching your computes for a while, they got breached and we’ve been using them to gather evidence, hope you don’t mind leaving them on...... Really?!? You care about prosecutions and headlines, not helping.
  36. Might as well get some, nothing else is going to help, so at least WHEN I get breached I can go drown my sorrows in good whisky and bourbon OR tea.
  37. Let’s have a frank discussion… this IS where many of you are at!
  38. Another work of fiction coming up......
  39. Take a leaf out of the Visa/MasterCard book of business, charge the banks, who charge the companies, and they in turn charge the consumers for all this additional overhead.... At the end of the day the patsy/sorry customer will pay, they don’t have a choice.
  40. Apparently MANY of you don’t think you do... OR that the cost OF putting that tick in the box is too high, so might as well just fly under the radar OR respond to ALL the requests with “working on it” and send the same plan to everyone, after all who the hell checks....
  41. Don’t even THINK of playing this game!!
  42. Welcome to 2021, the insurance companies have woken up and are finally NOT always simply believing your SAQ works of fiction... That checkbox is now going to be examined and woe betide you if you’ve lied..... Although, lets face it lying IS part of commerce apparently
  43. Got found out? Got breached? Got a smack on the wrist coming up? LEARN how to cry in public and apologize (or appear contrite) Free first lesson, heck we know you’ll be back.
  44. Money talks, and in the trifecta of our industry nothing talks louder than reoccurring revenues. What better way to generate those venture capital multipliers than to lock an entire population up and subject them to a battery of tests, exams, checks, probes, assessments, along with reams of paperwork? What’s better? Not just to do it once BUT do it quarterly, heck even monthly in some cases. Oh, while we’re at it lets increase the revenue streams by dividing the pie up... we can call it data, show folks how each different element needs its own set of checks, balances, and folks crawling ALL over your systems on a regular basis. We ALL win, heck even the consumer wins... They get free credit reporting for life!!
  45. Lets face it, YOU aren’t going to change a damm thing by chasing one criminal at a time, YOU won’t fix anything by hassling US the hackers, and you won’t stop taking people’s money... So yea, go ahead and ignore the tick in the box, nothings REALLY going to happen TO you. Heck even GDPR can’t get its shit together and we has high hopes for that.... There’s a queue of folks waiting to be assessed and not enough hands to go round...
  46. Good question, the general population’s not woken up The industry’s making bank (360 billionaires and counting) You’re not making progress The adversaries appear to be happy to just bleed us slowly and not kill us (yet) So, yea, probably, at least until I retire, then someone else can deal with it...
  47. Let’s look at some options....
  48. Stop bloody fighting it with red tape, compliance regulations, and bullshit that slows things down
  49. Best Buy? MicroCentre? Craigslist? Or go out onto the job market to compete for talent, or bring in an MSP/MSSP? How do you even benchmark them when there’s no Angie’s list to even evaluate them against? What questions DO you ask, HOW do you contact them, choose one, and what the hell is a bake off? Let’s face it, that’s not likely to solve ALL the issues, so how DO we change things?
  50. This is one of the core one, you get sold that perfect solution ONLY to find when things go wrong it’s NOT their fault, have you EVER read that agreement, that software license OR the contract that basically says it’s all YOUR fault, we get you coming, going AND in the middle AND then when it all breaks, we charge you twice as much to fix it all back up and start you again…
  51. NOTHING is 100% NOBODY can “keep you secure” ALL we can do (IF you listen and/or accept help) is to reduce your risk ALL we can do is educate
  52. We HAVE to reduce the complexity within our offerings! Too many screens Too many things to go wrong Too many things to forget AND not enough hands to go round let alone catch it when it all comes crashing down
  53. In our industry we are great at talking, at explaining ourselves AND we do it in a way that nobody understands ½ the time…. Talk in English or your native language Listen with BOTH ears AND shut up once in a while.
  54. 360,000 NEW pieces of malware, viruse, trojan, programs every day.....
  55. Kali is the Hindu goddess (or Devi) of death, time, and doomsday and is often associated with sexuality and violence but is also considered a strong mother-figure and symbolic of motherly-love
  56. Don’t feel like spending days or weeks dealing with assessments, vendors or other things, how about a nice simple game of D&D for business… How about throwing out a few scenario’s and seeing HOW you would fare?
  57. It doesn’t always end well, BUT at least it’s happening in a TAME environment!!
  58. I cannot over-emphasize this... Seriously the only way WE ALL win is if we work together!!
  59. FBI take fucking note!!
  60. Evaluate VENDORS BEFORE you bloody sign up!
  61. Because this IS how much some of them care about YOU!
  62. Yea, that “we consolidate into a single pane of glass...”
  63. You ARE allowed to taser vendors.
  64. SIMPLE THINGS!!!! STOP Complicating it, STOP wrapping it in red tape!!
  65. The Late Sir Terry Pratchett. It’s NEVER “what if” or ”never” or “maybe” it’s got to be a Plan for WHEN
  66. No matter what I say, what I’ve said, no matter how I’ve talked about it, many of you won’t do anything, some of you will do a little and hopefully ONE or two of you will do enough to NOT end up on the wrong side of an incident in the near future. For those of you who don’t do anything because security problems only happen to others, then I wish you luck, and will see you soon enough.
  67. Backups Patching MFA Awareness Question MORE
  68. Thanks to ALL for putting this on!