SlideShare a Scribd company logo

Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)

Download as PPTX, PDF
C
centralohioissa

Securing an enterprise is never easy, especially if the organizations culture and orthodoxy does not accept change easily. Covering lessons learned from the perspective of an information security practitioner who has spent her career building security programs, we will look at the lessons learned on challenges and opportunities associated with implementing an information security program, addressing technical, security and business risks.

Technology
1 of 19
Don’t Try This at Home!!! RECURRING THEMES FROM TRYING TO SECURING AN ORGANIZATION
Jessica Hebenstreit CISSP | CRISC | GCIH | GNFA @secitup |Jessica@Dehnert.us | www.linkedin.com/in/jessicahebenstreit
A Little About Me  16 years in security  Multiple verticals  Lover of memes What more do you need to know? I Love Memes More Than Kanye Loves Kanye
Topics  But First! WHY?  Recurring Themes  TIL: Today I Learned  And now….a fun video!  Q & A
But First! Why?  Those who don’t learn from history are doomed to repeat it  Common themes in shared war stories  Common themes across verticals
Recurring Themes  The Right / Wrong game  Secure at All Costs  Tools “Save us Tool-wan Kenobi”  Policy Won’t Save You Either  Eating Our Young  Skipping The Basics
The Right / Wrong game  The “wrong” game to play  It’s like arguing on the Internet  Not about winning or being right  Know when to back down  Remember it’s about informing about risk and options  You don’t have to like it (It’s not a Facebook post)
Secure at All Costs  Old School Security Mentality  Relates to Right/Wrong game  It goes back to Risk and business tolerance
Save Us Tool-wan Kenobi  You must PAY ATTENTION to the tools  It’s called logging AND MONITORING  You must invest in your people  Continuously  You must have proper procedures in place  You must have policies to back you up
Policy Won’t Save You Either  Must be enforceable  Must be enforced  Must have teeth  Must be supported by and from Leadership  A “policy” that does not meet the above is not a policy
Eating Our Young  It’s getting better, buuuuuuut…  We should be encouraging and welcoming  Critical shortage of info sec professionals  Women…
Skipping the Basics  Innovation and pushing the envelope is great but…  It doesn’t matter if you don’t have basics* in place  Software and Hardware Inventory  Secure Configurations (Hardening standards and guidelines)  Vulnerability Management process  Controlled use of Administrative Access * The first 5 SANS Critical Controls
This and That  Assuming compliance is enough  Losing sight of the big picture  Proper Risk Classification  Not everything is highest risk or most critical  Properly remediating systems  Just reimage it already  More on this in a moment
TIL: Today I Learned  It’s not about being right or wrong  Do the right thing for the business  Balance Risk and Security  Tools won’t save you but neither will policy  Start with the basics and go from there  Support and grow fledgling security professionals
And now… TIME FOR A FUN VIDEO
REMOVED DUE TO SIZE – CONTACT JESSICA IF YOU ARE INTERESTED IN SEEING IT
One Last Thing…  Equal Respect Initiative  Executive Women’s Forum
THANK YOU!
QUESTIONS?

Recommended

Orientation and alignment in a vuca world
Orientation and alignment in a vuca worldOrientation and alignment in a vuca world
Orientation and alignment in a vuca worldBernhard Sterchi
 
Arcadia alive operational decision making may 2014 video
Arcadia alive operational decision making may 2014 videoArcadia alive operational decision making may 2014 video
Arcadia alive operational decision making may 2014 videoArcadiaAlive
 
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818People Risks, Compliance Motivation and Culture Part 2 Ve 20090818
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818Keryl Egan
 
L1 1.1 10 things you need to know before doing your own qualitative research
L1 1.1 10 things you need to know before doing your own qualitative researchL1 1.1 10 things you need to know before doing your own qualitative research
L1 1.1 10 things you need to know before doing your own qualitative researchJoanna Chrzanowska
 
How Teams Work Recognizing Resistance to Team Work
How Teams Work Recognizing Resistance to Team WorkHow Teams Work Recognizing Resistance to Team Work
How Teams Work Recognizing Resistance to Team WorkMike Cardus
 
Patrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerPatrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerBay Area Consultants Network
 
Patrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerPatrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerBay Area Consultants Network
 
7 Ways to Positively Influence Others
7 Ways to Positively Influence Others7 Ways to Positively Influence Others
7 Ways to Positively Influence OthersHilary Potts
 

Recommended

Orientation and alignment in a vuca world
Orientation and alignment in a vuca worldOrientation and alignment in a vuca world
Orientation and alignment in a vuca worldBernhard Sterchi
 
Arcadia alive operational decision making may 2014 video
Arcadia alive operational decision making may 2014 videoArcadia alive operational decision making may 2014 video
Arcadia alive operational decision making may 2014 videoArcadiaAlive
 
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818People Risks, Compliance Motivation and Culture Part 2 Ve 20090818
People Risks, Compliance Motivation and Culture Part 2 Ve 20090818Keryl Egan
 
L1 1.1 10 things you need to know before doing your own qualitative research
L1 1.1 10 things you need to know before doing your own qualitative researchL1 1.1 10 things you need to know before doing your own qualitative research
L1 1.1 10 things you need to know before doing your own qualitative researchJoanna Chrzanowska
 
How Teams Work Recognizing Resistance to Team Work
How Teams Work Recognizing Resistance to Team WorkHow Teams Work Recognizing Resistance to Team Work
How Teams Work Recognizing Resistance to Team WorkMike Cardus
 
Patrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerPatrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerBay Area Consultants Network
 
Patrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerPatrick Reilly: Taming the Abrasive Manager
Patrick Reilly: Taming the Abrasive ManagerBay Area Consultants Network
 
7 Ways to Positively Influence Others
7 Ways to Positively Influence Others7 Ways to Positively Influence Others
7 Ways to Positively Influence OthersHilary Potts
 
CTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionCTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionBrittanyShear
 
Influencer
InfluencerInfluencer
InfluencerErik Smakman
 
Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Sebabatso Mtimkulu
 
Psychological safety how to become a team that learns
Psychological safety how to become a team that learnsPsychological safety how to become a team that learns
Psychological safety how to become a team that learnsGeorg Sorst
 
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Lois Kelly
 
Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conference Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conferenceLois Kelly
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
The Change Challenge
The Change Challenge The Change Challenge
The Change Challenge Lois Kelly
 
Learnings from startups
Learnings from startupsLearnings from startups
Learnings from startupsTopi Järvinen
 
Influence without authority - ITMPI
Influence without authority - ITMPIInfluence without authority - ITMPI
Influence without authority - ITMPIMichael Nir Business Agility Speaker and Coach
 
Identifying and addressing risks in business nbi 2013
Identifying and addressing risks in business nbi 2013Identifying and addressing risks in business nbi 2013
Identifying and addressing risks in business nbi 2013ThiyagaRajan Maruthavanan (Rajan)
 
Personal accountability
Personal accountability Personal accountability
Personal accountability Alaa 3esmat.Cairo Sy essmat
 
Is My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsIs My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsContrary Domino ®, Inc.
 
When left brain is not enough
When left brain is not enoughWhen left brain is not enough
When left brain is not enoughSaxbee Consultants
 
So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...CharityComms
 
LI Shorts 1
LI Shorts 1LI Shorts 1
LI Shorts 1Geoff Crane
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspectivecanadianlawyer
 
How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...CharityComms
 
Inner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyInner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyGuy Martin
 
Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamicsMOMOBACHIR
 
Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamicsFlora Runyenje
 
The bully buster
The bully busterThe bully buster
The bully busterFlora Runyenje
 

More Related Content

What's hot

CTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionCTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionBrittanyShear
 
Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Sebabatso Mtimkulu
 
Psychological safety how to become a team that learns
Psychological safety how to become a team that learnsPsychological safety how to become a team that learns
Psychological safety how to become a team that learnsGeorg Sorst
 
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Lois Kelly
 
Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conference Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conferenceLois Kelly
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
The Change Challenge
The Change Challenge The Change Challenge
The Change Challenge Lois Kelly
 
Learnings from startups
Learnings from startupsLearnings from startups
Learnings from startupsTopi Järvinen
 
Is My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsIs My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsContrary Domino ®, Inc.
 
So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...CharityComms
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspectivecanadianlawyer
 
How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...CharityComms
 
Inner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyInner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyGuy Martin
 

What's hot (19)

CTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of PersuasionCTO Universe Leadership Series: The Six Principles of Persuasion
CTO Universe Leadership Series: The Six Principles of Persuasion
 
Influencer
InfluencerInfluencer
Influencer
 
Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...Psychological Safety: Creating conducive working environments for Designers t...
Psychological Safety: Creating conducive working environments for Designers t...
 
Psychological safety how to become a team that learns
Psychological safety how to become a team that learnsPsychological safety how to become a team that learns
Psychological safety how to become a team that learns
 
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
Ideas for Leading Change: NHS The Edge Webinar Oct. 2, 2015
 
Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conference Rocking the Boat, Creating Change: NAED ADventure conference
Rocking the Boat, Creating Change: NAED ADventure conference
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
The Change Challenge
The Change Challenge The Change Challenge
The Change Challenge
 
Learnings from startups
Learnings from startupsLearnings from startups
Learnings from startups
 
Influence without authority - ITMPI
Influence without authority - ITMPIInfluence without authority - ITMPI
Influence without authority - ITMPI
 
Identifying and addressing risks in business nbi 2013
Identifying and addressing risks in business nbi 2013Identifying and addressing risks in business nbi 2013
Identifying and addressing risks in business nbi 2013
 
Personal accountability
Personal accountability Personal accountability
Personal accountability
 
Is My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales QuestionsIs My Prospect Qualified--and Other Great Sales Questions
Is My Prospect Qualified--and Other Great Sales Questions
 
When left brain is not enough
When left brain is not enoughWhen left brain is not enough
When left brain is not enough
 
So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...So what? Tips for making people care | Psychology of communications conferenc...
So what? Tips for making people care | Psychology of communications conferenc...
 
LI Shorts 1
LI Shorts 1LI Shorts 1
LI Shorts 1
 
Privacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector PerspectivePrivacy Breaches - The Private Sector Perspective
Privacy Breaches - The Private Sector Perspective
 
How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...How to incorporate psychology into your comms strategy | Psychology of commu...
How to incorporate psychology into your comms strategy | Psychology of commu...
 
Inner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological SafetyInner Source Building Blocks: Pull Request Culture & Psychological Safety
Inner Source Building Blocks: Pull Request Culture & Psychological Safety
 

Similar to Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)

Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamicsMOMOBACHIR
 
Research and Initial Ideas
Research and Initial Ideas Research and Initial Ideas
Research and Initial Ideas Toni Gibson
 
1. research + initial ideas unit 9
1. research + initial ideas unit 91. research + initial ideas unit 9
1. research + initial ideas unit 9Toni Gibson
 
Presentation on understanding and preventing bullying by stephen carrick davi...
Presentation on understanding and preventing bullying by stephen carrick davi...Presentation on understanding and preventing bullying by stephen carrick davi...
Presentation on understanding and preventing bullying by stephen carrick davi...Stephen Carrick-Davies
 
SafetyCoach_Five Critical Mistakes Safety Professionals Make
SafetyCoach_Five Critical Mistakes Safety Professionals MakeSafetyCoach_Five Critical Mistakes Safety Professionals Make
SafetyCoach_Five Critical Mistakes Safety Professionals MakeIan Collins
 
Signs of Safety Supervision Reflective Practice Tool
Signs of Safety Supervision Reflective Practice ToolSigns of Safety Supervision Reflective Practice Tool
Signs of Safety Supervision Reflective Practice ToolAlex Clapson
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso saysBarry Caplin
 
Can asking the right questions be the answer
Can asking the right questions be the answerCan asking the right questions be the answer
Can asking the right questions be the answerBryan Daly
 
Gateway Data to-Insights
Gateway Data to-InsightsGateway Data to-Insights
Gateway Data to-InsightsKelli Matthews
 
Steve Vitto Challeng of the Children Breaking Down the Walls
Steve Vitto Challeng of the Children Breaking Down the WallsSteve Vitto Challeng of the Children Breaking Down the Walls
Steve Vitto Challeng of the Children Breaking Down the WallsSteve Vitto
 
The 7 deadly sins freds
The 7 deadly sins fredsThe 7 deadly sins freds
The 7 deadly sins fredsmikesteinle
 
What to know when working with children in your research, university of guelph
What to know when working with children in your research, university of guelphWhat to know when working with children in your research, university of guelph
What to know when working with children in your research, university of guelphManuel García
 
Positve parenting the case against spanking
Positve parenting the case against spankingPositve parenting the case against spanking
Positve parenting the case against spankingSteve Vitto
 
Safety Compass Asse Region 3
Safety Compass Asse Region 3Safety Compass Asse Region 3
Safety Compass Asse Region 3The RAD Group
 
Chapter One 10 Ways To Fail
Chapter One 10 Ways To FailChapter One 10 Ways To Fail
Chapter One 10 Ways To Faildayawanti
 
The Changing Workforce: Managing People Who Aren't Like You
The Changing Workforce: Managing People Who Aren't Like YouThe Changing Workforce: Managing People Who Aren't Like You
The Changing Workforce: Managing People Who Aren't Like Youmemberdevmanager
 
Life and Success- Missing Links - Dr Vijay Sardana
Life and Success- Missing Links - Dr Vijay SardanaLife and Success- Missing Links - Dr Vijay Sardana
Life and Success- Missing Links - Dr Vijay SardanaVijay Sardana
 

Similar to Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization) (20)

Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamics
 
Discipline dynamics
Discipline dynamicsDiscipline dynamics
Discipline dynamics
 
The bully buster
The bully busterThe bully buster
The bully buster
 
Research and Initial Ideas
Research and Initial Ideas Research and Initial Ideas
Research and Initial Ideas
 
1. research + initial ideas unit 9
1. research + initial ideas unit 91. research + initial ideas unit 9
1. research + initial ideas unit 9
 
Presentation on understanding and preventing bullying by stephen carrick davi...
Presentation on understanding and preventing bullying by stephen carrick davi...Presentation on understanding and preventing bullying by stephen carrick davi...
Presentation on understanding and preventing bullying by stephen carrick davi...
 
SafetyCoach_Five Critical Mistakes Safety Professionals Make
SafetyCoach_Five Critical Mistakes Safety Professionals MakeSafetyCoach_Five Critical Mistakes Safety Professionals Make
SafetyCoach_Five Critical Mistakes Safety Professionals Make
 
Signs of Safety Supervision Reflective Practice Tool
Signs of Safety Supervision Reflective Practice ToolSigns of Safety Supervision Reflective Practice Tool
Signs of Safety Supervision Reflective Practice Tool
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso says
 
Can asking the right questions be the answer
Can asking the right questions be the answerCan asking the right questions be the answer
Can asking the right questions be the answer
 
Gateway Data to-Insights
Gateway Data to-InsightsGateway Data to-Insights
Gateway Data to-Insights
 
Steve Vitto Challeng of the Children Breaking Down the Walls
Steve Vitto Challeng of the Children Breaking Down the WallsSteve Vitto Challeng of the Children Breaking Down the Walls
Steve Vitto Challeng of the Children Breaking Down the Walls
 
The 7 deadly sins freds
The 7 deadly sins fredsThe 7 deadly sins freds
The 7 deadly sins freds
 
What to know when working with children in your research, university of guelph
What to know when working with children in your research, university of guelphWhat to know when working with children in your research, university of guelph
What to know when working with children in your research, university of guelph
 
Positve parenting the case against spanking
Positve parenting the case against spankingPositve parenting the case against spanking
Positve parenting the case against spanking
 
Kids
KidsKids
Kids
 
Safety Compass Asse Region 3
Safety Compass Asse Region 3Safety Compass Asse Region 3
Safety Compass Asse Region 3
 
Chapter One 10 Ways To Fail
Chapter One 10 Ways To FailChapter One 10 Ways To Fail
Chapter One 10 Ways To Fail
 
The Changing Workforce: Managing People Who Aren't Like You
The Changing Workforce: Managing People Who Aren't Like YouThe Changing Workforce: Managing People Who Aren't Like You
The Changing Workforce: Managing People Who Aren't Like You
 
Life and Success- Missing Links - Dr Vijay Sardana
Life and Success- Missing Links - Dr Vijay SardanaLife and Success- Missing Links - Dr Vijay Sardana
Life and Success- Missing Links - Dr Vijay Sardana
 

More from centralohioissa

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Programcentralohioissa
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...centralohioissa
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systemscentralohioissa
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...centralohioissa
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospitalcentralohioissa
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...centralohioissa
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chaincentralohioissa
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNcentralohioissa
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...centralohioissa
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
 

More from centralohioissa (20)

Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
Jake Williams - Navigating the FDA Recommendations on Medical Device Security...
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
 
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
Steven Keil - BYODAWSCYW (Bring Your Own Device And Whatever Security Control...
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
Sean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a HospitalSean Whalen - How to Hack a Hospital
Sean Whalen - How to Hack a Hospital
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
Harry Regan - Disaster Recovery and Business Continuity - "It's never so bad ...
 
Rafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack ChainRafeeq Rehman - Breaking the Phishing Attack Chain
Rafeeq Rehman - Breaking the Phishing Attack Chain
 
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDNOliver Schuermann - Integrated Software in Networking - the Mystery of SDN
Oliver Schuermann - Integrated Software in Networking - the Mystery of SDN
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
 
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
Michael Woolard - Gamify Awareness Training: Failure to engage is failure to ...
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiatives
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
 

Recently uploaded

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)

  • 1. Don’t Try This at Home!!! RECURRING THEMES FROM TRYING TO SECURING AN ORGANIZATION
  • 2. Jessica Hebenstreit CISSP | CRISC | GCIH | GNFA @secitup |Jessica@Dehnert.us | www.linkedin.com/in/jessicahebenstreit
  • 3. A Little About Me  16 years in security  Multiple verticals  Lover of memes What more do you need to know? I Love Memes More Than Kanye Loves Kanye
  • 4. Topics  But First! WHY?  Recurring Themes  TIL: Today I Learned  And now….a fun video!  Q & A
  • 5. But First! Why?  Those who don’t learn from history are doomed to repeat it  Common themes in shared war stories  Common themes across verticals
  • 6. Recurring Themes  The Right / Wrong game  Secure at All Costs  Tools “Save us Tool-wan Kenobi”  Policy Won’t Save You Either  Eating Our Young  Skipping The Basics
  • 7. The Right / Wrong game  The “wrong” game to play  It’s like arguing on the Internet  Not about winning or being right  Know when to back down  Remember it’s about informing about risk and options  You don’t have to like it (It’s not a Facebook post)
  • 8. Secure at All Costs  Old School Security Mentality  Relates to Right/Wrong game  It goes back to Risk and business tolerance
  • 9. Save Us Tool-wan Kenobi  You must PAY ATTENTION to the tools  It’s called logging AND MONITORING  You must invest in your people  Continuously  You must have proper procedures in place  You must have policies to back you up
  • 10. Policy Won’t Save You Either  Must be enforceable  Must be enforced  Must have teeth  Must be supported by and from Leadership  A “policy” that does not meet the above is not a policy
  • 11. Eating Our Young  It’s getting better, buuuuuuut…  We should be encouraging and welcoming  Critical shortage of info sec professionals  Women…
  • 12. Skipping the Basics  Innovation and pushing the envelope is great but…  It doesn’t matter if you don’t have basics* in place  Software and Hardware Inventory  Secure Configurations (Hardening standards and guidelines)  Vulnerability Management process  Controlled use of Administrative Access * The first 5 SANS Critical Controls
  • 13. This and That  Assuming compliance is enough  Losing sight of the big picture  Proper Risk Classification  Not everything is highest risk or most critical  Properly remediating systems  Just reimage it already  More on this in a moment
  • 14. TIL: Today I Learned  It’s not about being right or wrong  Do the right thing for the business  Balance Risk and Security  Tools won’t save you but neither will policy  Start with the basics and go from there  Support and grow fledgling security professionals
  • 15. And now… TIME FOR A FUN VIDEO
  • 16. REMOVED DUE TO SIZE – CONTACT JESSICA IF YOU ARE INTERESTED IN SEEING IT
  • 17. One Last Thing…  Equal Respect Initiative  Executive Women’s Forum

Editor's Notes

  1. It’s about informing the appropriate business leaders to the risks and the options. Rely on the DREAMR framework letters E and A to reinforce. Our jobs are to explain risk, offer options and opinions and ultimately execute the business decision (even if we don’t agree or like it)
  2. It doesn’t work Negatively impacts the business Controls will be circumvented
  3. 1st – apologize for crossing the meme theme streams