| |||||
| |||||
Search Irongeek.com: ![]() ![]()
Help Irongeek.com pay for bandwidth and research equipment: |
Overzealous Admin: "I bet you can't break in to my network! I got my stuff
together…" Pentester: "I'm just here to help out and find the weaknesses the bad
guys might or have used." Overzealous Admin: "Well I have a corporate network with a level 8 Paladin
firewall taking +2 hit points, a level 3 Rouge IDS to disarm your Smurf Attack,
a level 5 Wizard SEIM solution with +3 powers of divination, and a level 2
Devoted Cleric antivirus to heal your malware infections!" Pentester: "Um…your CEO shared all his docs on Dropbox. Didn't your
Wizard tell you'" Lets play a game of fantasy tower defense with your infrastructure' Instead
of measuring the price of your implementation, lets concentrate on if it can
really protect you! If your defense isn't mobile, agile, or technically
relevant to where your users and data are then you're still waging medieval
siege warfare! Who cares about networks, servers, mobile computing, and BYOD!
How about we review some modern security practices to protect what's really
important…YOUR DATA…without attending a single vendor song and dance routine.
In the end, we'll collaboratively outline a new approach to securing your assets
that doesn't focus on patching or hardening a single device or buying
something. Are we doing this all wrong' You may even be convinced to throw
away your firewall altogether! BIOS: With hardly any experience in anything worth
discussing, Evan is a frustrated and jaded security professional tired of
responding to incidents and data owners in a broken mantra…"I told you so! Oh,
you agree' Then WTF!" After a certification binge (he's embarrassed to say how
many) and stint at corporate ladder climbing, he abandoned all hope of making
businesses and government any more secure from the inside. Now he breaks stuff… An IT industry veteran, with 20+ years of experience, Dr. Noah Schiffman is a
former black-hat hacker turned security consultant. He spent almost a decade as
a career computer hacker, performing penetration testing, social engineering,
corporate espionage, digital surveillance, and other ethically questionable
projects. Subsequently, he worked as a security consultant, teaching network
defense, giving talks, and writing about information security. His past clients
have consisted of Fortune 500 companies and various government agencies. For the
past several years, his R&D efforts in the commercial and defense sectors have
covered areas of data analysis and pattern recognition for security
applications.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast