A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Information Sharing, or "I've got 99 problems and they're probably pretty similar to yours" - Chris Mills (BSides Las Vegas 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

Information Sharing, or "I've got 99 problems and they're probably pretty similar to yours" - Chris Mills

As infosec practitioners, we often operate in a vacuum or within silos. Reaching out to others in the community to share ideas, indicators, and problems helps to build a more relevant, diverse security program. Find out about a specific threat or incident as it unfolds: learn what others are doing tactically to combat this threat along with mitigation strategies. Get out of that vacuum. Once we can accept that security does not provide a competitive advantage, doors to information sharing will open, and everyone will see the benefit. As the saying goes, a rising tide lifts all the ships. In this talk, I will show ways that security peeps at all career levels can effectively share information. Analyst-to-analyst communication is just as important as management-to-management communication. Certain avenues already exist like ISACs, but they constrain the sharing to a sector vertical. There are opportunities I will present that go beyond ISACs. I will discuss the legal challenges as well as solutions we've found for overcoming them. An end goal is to facilitate the development of professional and trusted relationships among peers and subject matter experts to protect our organizations. Additionally, I would like to introduce an idea for getting feedback on documentation. Infosec Peer Review is a concept to facilitate sharing of documents such as policies, procedures, and reports and getting constructive feedback on them in a secure way.

Back to BSides Las Vegas 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast