TakeDownCon 2015 Keynote Address

TakeDownCon 2015 Keynote Address

The New Social Security: When Social Media Meets Social Engineering.

TakedownCon 2015

The convergence is upon us all; this influx of technology intermingled with information infused now in every possible facet of our business and personal lives. We live in the presence of infinite possibilities through technology. Business is being propelled into new trajectories never before possible. Out social spheres and human interpersonal interactions have all been augmented by the ever accelerating technological reality. While our brave new media world is evolving and pushing forward, there is a common denominator that is struggling to keep up. The singular chink in our armor; the weak link in our proverbial chain is much to our collective chagrin is the Human Element.

This reality is not slowing down. On the contrary, it’s moving exponentially faster. Our challenge as business leaders and individuals; as humans in general, is to intelligently manage this paradigm shift as our technological singularity enters its event horizon.

Here at TakedownCon, together we will explore a particular facet of our technological present, specifically our social sphere, and how as technology leaders we can work toward intelligent management. Our business success and our personal preservation depend on it.

We are honored that our CEO Michael Peters was invited to EC Counsel’s TakeDownCon as keynote speaker for the 2015 event. This year’s theme is “Building the Cyber Briefcase: From Binary to the Boardroom”. Discussions will cover the various tools, skills, and experience a CISO needs to build and run a successful information security program.

TakeDownCon brings together information security researchers and technical experts from corporate to underground industries, to a unique “Ethical Hacking” conference. In two days, they will present and debate the latest security threats, disclose current vulnerabilities, and share information crucial to the technical profession.

Say hello to Michael Peters, William Ochs and Jessica Parra-Johnson from Lazarus Alliance if you are attending!

The Security Trifecta™: an introduction.

I was reading a news article this morning about another security debacle at NASA involving the theft of a laptop containing the command and control codes for some high-tech toys like the International Space Station. The thing that amazed me the most was not that NASA would be a high value target, but that this laptop apparently was not encrypted. Seriously? Something that is considered entry level to security professionals is apparently only deployed to about 1% of all NASA computing devices, including mobile devices.

The Security Trifecta only from Lazarus AllianceFirst off, I do have sympathy for NASA and it’s dwindling congressional budget, however, two things are painfully evident and not excusable. First, there is great open source disk encryption available so budgetary excuses do not hold water. Second, this is not cutting edge technology and a few years ago, when the economy was good and the budgets were fat, this was never accomplished. The current, and at a minimum, the preceding NASA CISO’s should be dismissed in shame and given Darwin awards for incompetence. I don’t need to name you two boobs (no offense to actual breasts meant) because everyone can just Google NASA CISO to find out who you are, where you came from and where you went. This would not have happened on my watch.

In my second book, Governance Documentation and Information Technology Security Policies Demystified, I introduce you to a concept I call The Security Trifecta™. Security does not have to be complicated. I have spent my career within information security demystifying what for some is a like understanding a foreign language. The fact of the matter is that by taking three well defined pragmatic steps, we raise the bar and achieve success; governance documentation, technological enforcement and vigilant teamwork working together to promote security.

The Security Trifecta in brief:

  • Governance Documentation: The foundation for what we do is based upon the written word. We collectively, collaboratively, cooperatively establish standards that are based upon philosophy, legal requirements, best practices, and regulatory demands.
  • Technological Enforcement: When governance documentation has been established, we set about implementing and enforcing those standards as much as possible through the usage of technology. Some technology implementations allow for the end user to exercise greater choice and control, whereas others strictly enforce our standards taking the human choice element out of the mixture.
  • Vigilant Teamwork: The reality is that nothing works very well without teamwork. Controls and standards break down without careful tending just like weeds take over our gardens without vigilance. We must regularly review our security standards validating their relevancy and we will remain agile to adapt to the changing business landscape putting into practice carefully considered revisions to our ongoing security program.

The Security Trifecta is an effective and logical approach to information security I developed over the course of my career. The interesting thing is that the conceptual approach may also be applied to any other business process making it formidable to say the least.

Lazarus Alliance is Proactive Cyber Security™