SlideShare uma empresa Scribd logo

2020 BSidesSF - Bootstrapping Security

J
Jared Casner

Let’s assume your budget for cybersecurity is $6,000 instead of $600,000,000. And let’s assume that you are responsible for collecting and securing PII (including SSNs), need to move money on behalf of your customers, and need to assure investors and partners that you have a robust security and compliance program. Where do you start? How on earth do you sleep well at night? This talk is all about bootstrapping your security program when your startup hasn't even raised seed capital yet.

Tecnologia
1 de 13
Baixar para ler offline
Bootstrapping Security
Source: Reuters “BofA’s Bessant says to spend $600 million on information security” - CNBC, October 4th, 2017 She also added that BofA would spend the same amount in 2018, and that it has 1,200 employees “dedicated to that effort”.
Introduction Jared Casner @jaredcaz VP of Engineering Rob Shaw @borwahs Principal Engineer CNote is a fintech company founded in 2016 that offers scalable socially responsible investments to institutions and individuals.
Security tools and ideas for a BIG IMPACT with a small budget
Job Descriptions Engineering “...design, develop, and secure software…” QA “...testing quality and security of software and systems…” Customer Service “...responsible for customer satisfaction and security…” Marketing “...and maintaining security of prospective customer records…” Finance “...and securing access to finances…”
Source: Varonis blog
Education
Automatic Detection
Logging / Reporting
Other Tools
Cost Savings Techniques
Sample Costs for Perspective ● Job Descriptions - $0 ● Threat Modeling - $0 ● Free Tools - $0 ● Education - $50 each for BSides ● Logging/Reporting - $10 - $120 / month ● IDS/IPS - $0.01 to $0.06 / hour / machine ● Antivirus - $50 / employee ● AWS Security Hub - depends on usage, but starts very low ● Servers (SonarQube + VPN) - < $20 / month Assuming 10 employees and 10 servers, you can do all of this for < $5k / year
Get in touch Jared Casner @jaredcaz VP of Engineering Rob Shaw @borwahs Principal Engineer CNote Github

Recomendados

Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Parag Deodhar
 
7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo Security7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo SecurityMarcos Ortiz Valmaseda
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CloudIDSummit
 
[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOCOWASP
 
Building World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsBuilding World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsJoyce Brocaglia
 
There's No AI Without IA with Seth Earley
There's No AI Without IA with Seth EarleyThere's No AI Without IA with Seth Earley
There's No AI Without IA with Seth EarleyInformation Development World
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Technology Audits- Today's Concerns , Tomorrow's Challenges
Technology Audits- Today's Concerns , Tomorrow's ChallengesTechnology Audits- Today's Concerns , Tomorrow's Challenges
Technology Audits- Today's Concerns , Tomorrow's ChallengesBiju Nair
 

Recomendados

Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...
Risks Beyond the Boundary: Data Protection & Privacy Challenges, OpRiskAsia 2...Parag Deodhar
 
7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo Security7 Ideas to Revamp Product Marketing at Duo Security
7 Ideas to Revamp Product Marketing at Duo SecurityMarcos Ortiz Valmaseda
 
CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CIS14: Are the Enterprises Ready for Identity of Everything?
CIS14: Are the Enterprises Ready for Identity of Everything?CloudIDSummit
 
[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOCOWASP
 
Building World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsBuilding World Class Cybersecurity Teams
Building World Class Cybersecurity TeamsJoyce Brocaglia
 
There's No AI Without IA with Seth Earley
There's No AI Without IA with Seth EarleyThere's No AI Without IA with Seth Earley
There's No AI Without IA with Seth EarleyInformation Development World
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
Technology Audits- Today's Concerns , Tomorrow's Challenges
Technology Audits- Today's Concerns , Tomorrow's ChallengesTechnology Audits- Today's Concerns , Tomorrow's Challenges
Technology Audits- Today's Concerns , Tomorrow's ChallengesBiju Nair
 
Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Gross, Mendelsohn & Associates
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Tseesuren - Data is the Key for Innovation
Tseesuren - Data is the Key for InnovationTseesuren - Data is the Key for Innovation
Tseesuren - Data is the Key for InnovationThe Business Council of Mongolia
 
The future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfThe future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfChristian Palau
 
EENA2019: Track3 session1 improving response times & decision making_Eric Basha
EENA2019: Track3 session1 improving response times & decision making_Eric BashaEENA2019: Track3 session1 improving response times & decision making_Eric Basha
EENA2019: Track3 session1 improving response times & decision making_Eric BashaEENA (European Emergency Number Association)
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityAnton Chuvakin
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
Power BI overview.pptx
Power BI overview.pptxPower BI overview.pptx
Power BI overview.pptxHungPham381
 
Modern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIModern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIDavid J Rosenthal
 
Intervyo document
Intervyo documentIntervyo document
Intervyo documentSushant Thakur
 
Intervyo
Intervyo Intervyo
Intervyo Ronny Yakov
 
Leveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformLeveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformEvandro Silvestre
 
Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Software Guru
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinAnton Chuvakin
 
2018 01 smart city symposium - db
2018 01 smart city symposium - db2018 01 smart city symposium - db
2018 01 smart city symposium - dbDavid Bressler
 
The future of business intelligence
The future of business intelligence The future of business intelligence
The future of business intelligence Phocas Software
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Mais conteúdo relacionado

Semelhante a 2020 BSidesSF - Bootstrapping Security

Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application SecurityTy Sbano
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Gross, Mendelsohn & Associates
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
The future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfThe future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfChristian Palau
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsKen M. Shaurette
 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityAnton Chuvakin
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
Power BI overview.pptx
Power BI overview.pptxPower BI overview.pptx
Power BI overview.pptxHungPham381
 
Modern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIModern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIDavid J Rosenthal
 
Leveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformLeveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformEvandro Silvestre
 
Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Software Guru
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinAnton Chuvakin
 
2018 01 smart city symposium - db
2018 01 smart city symposium - db2018 01 smart city symposium - db
2018 01 smart city symposium - dbDavid Bressler
 
The future of business intelligence
The future of business intelligence The future of business intelligence
The future of business intelligence Phocas Software
 

Semelhante a 2020 BSidesSF - Bootstrapping Security (20)

Battle Tested Application Security
Battle Tested Application SecurityBattle Tested Application Security
Battle Tested Application Security
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Tseesuren - Data is the Key for Innovation
Tseesuren - Data is the Key for InnovationTseesuren - Data is the Key for Innovation
Tseesuren - Data is the Key for Innovation
 
The future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdfThe future of HR and talent in the age of generative AI.pdf
The future of HR and talent in the age of generative AI.pdf
 
EENA2019: Track3 session1 improving response times & decision making_Eric Basha
EENA2019: Track3 session1 improving response times & decision making_Eric BashaEENA2019: Track3 session1 improving response times & decision making_Eric Basha
EENA2019: Track3 session1 improving response times & decision making_Eric Basha
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Fdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessmentsFdic ffiec cyber_security_assessments
Fdic ffiec cyber_security_assessments
 
PCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and RealityPCI DSS Myths 2009: Myths and Reality
PCI DSS Myths 2009: Myths and Reality
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and Technologies
 
Power BI overview.pptx
Power BI overview.pptxPower BI overview.pptx
Power BI overview.pptx
 
Modern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBIModern Analytics with Microsoft PowerBI
Modern Analytics with Microsoft PowerBI
 
Intervyo document
Intervyo documentIntervyo document
Intervyo document
 
Intervyo
Intervyo Intervyo
Intervyo
 
Leveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital PlatformLeveraging exponential creation of Digital Products through a Digital Platform
Leveraging exponential creation of Digital Products through a Digital Platform
 
Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...Creditas Digital Platform: How we enabled business users to create new digita...
Creditas Digital Platform: How we enabled business users to create new digita...
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
 
2018 01 smart city symposium - db
2018 01 smart city symposium - db2018 01 smart city symposium - db
2018 01 smart city symposium - db
 
The future of business intelligence
The future of business intelligence The future of business intelligence
The future of business intelligence
 

Último

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Último (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

2020 BSidesSF - Bootstrapping Security

  • 2. Source: Reuters “BofA’s Bessant says to spend $600 million on information security” - CNBC, October 4th, 2017 She also added that BofA would spend the same amount in 2018, and that it has 1,200 employees “dedicated to that effort”.
  • 3. Introduction Jared Casner @jaredcaz VP of Engineering Rob Shaw @borwahs Principal Engineer CNote is a fintech company founded in 2016 that offers scalable socially responsible investments to institutions and individuals.
  • 4. Security tools and ideas for a BIG IMPACT with a small budget
  • 5. Job Descriptions Engineering “...design, develop, and secure software…” QA “...testing quality and security of software and systems…” Customer Service “...responsible for customer satisfaction and security…” Marketing “...and maintaining security of prospective customer records…” Finance “...and securing access to finances…”
  • 12. Sample Costs for Perspective ● Job Descriptions - $0 ● Threat Modeling - $0 ● Free Tools - $0 ● Education - $50 each for BSides ● Logging/Reporting - $10 - $120 / month ● IDS/IPS - $0.01 to $0.06 / hour / machine ● Antivirus - $50 / employee ● AWS Security Hub - depends on usage, but starts very low ● Servers (SonarQube + VPN) - < $20 / month Assuming 10 employees and 10 servers, you can do all of this for < $5k / year
  • 13. Get in touch Jared Casner @jaredcaz VP of Engineering Rob Shaw @borwahs Principal Engineer CNote Github