A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Does DoD Level Security Work in the Real World? - Jeff Man Cyphercon 2.0 (Hacking Illustrated Series InfoSec Tutorial Videos)

Does DoD Level Security Work in the Real World?
Jeff Man
MrJeffMan
Cyphercon 2.0

After spending nearly 13 years working for the Department of Defense, I ventured out into the private sector to consult and advise on matters of information security. On many occasions, after explaining some basic security concept to a customer and outlining what they need to do to be secure,I often heard the retort, ?yeah, but we don?t need DoD level security.? Well, after twenty years in the private sector, and especially over the past 2-3 years with the proliferation of data breaches against major companies, I find myself wanting to reply, ?yeah, you really DO need DoD level security!? What does this mean? Probably not what you are thinking. This talk will start with an overview of the foundation nature of data security, highlight the major tenets or goals of data security, introduce the risk equation, discuss how and why so many companies so often fail at implementing the basics of data security, and explore some ways that a DoD-centric approach to data security might be implemented in the private sector. Brainstorming, discussion, dissension all welcome.

Jeff Man is a respected Information Security expert, advisor, speaker, teacher, advocate, and curmudgeon. He has over 33 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. He has held security research, management and product development roles with NSA, the DoD and private-sector enterprises and was part of the first penetration testing ?red team? at NSA. For the past twenty years, he has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation?s best known companies.

Back to Cyphercon 2.0 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast