A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


The 4 Eyes of Information Security - Fernando Montenegro Converge 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

The 4 Eyes of Information Security
Fernando Montenegro

Too often our approach to addressing a security initiative makes assumptions about the underlying problem to be solved. In many cases, those assumptions may not be correct. In those cases, we end up wasting resources with little to show for it. This talk presents a simple framework for evaluating what fundamental issues may exist preventing progress in a specific scenario. Armed with this knowledge, the security practitioner can then deploy the right kind of effort to make progress. The main idea behind the framework is considering whether the issue at hand is being driven by incentives, information, investment, or irrationality (the 4 Is). Once we understand what they mean, we can then choose the appropriate path for adressing them in the context of security issues. We'll review the framework, then apply it to security-specific scenarios such as user behaviour, software quality, and others.

Fernando Montenegro is a security professional with a strong background in network and cloud security. He is currently an independent consultant working on multi-cloud security. His experience includes pre- and post-sales technical roles with vendors in areas such as microsegmentation, fraud detection, high performance network architecture, and enterprise computing. His work across enterprise customers in Canada, Latin America, and the US has provided insights into the underlying economic dynamics of common security scenarios. His areas of interest include security economics - particularly behaviour economics - data science, and cybercrime. He holds a bachelor's degree in Computer Science and industry certifications.

Back to Converge 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast