Help Irongeek.com pay for bandwidth and research equipment:
It’s Not Your Perimeter, It’s You That Sucks! Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)
It’s Not Your Perimeter, It’s You That Sucks!
Derbycon 2012
At the Inaugural Derbycon, Boris Sverdlik struck a nerve with participants by
claiming that ‘users’ need to ‘stop clicking shit’. That is well and dandy for
catchphrases and pillow talk, but the ‘user’ continues to be a scapegoat for our
own inabilities to educate and execute. The information security programs we are
so heavily invested in are failing when it comes to security awareness training
and addressing the needs of the people chartered with protecting your company’s
assets. In response to the challenge issued during the presentation, a handful
of brave, attractive, and sometimes intelligent people launched the Security
Awareness Training Framework (SATF) with the explicit goal of establishing a
free and open source living, industry-wide framework to provide practitioners
the crucial components necessary to address security awareness at the proper
context for the ‘user’, whomever the ‘user’ is. In this presentation, we will
provide an update as to how the project has progressed after one year, where it
is going, and provide information on how to get involved with this project.
KC Yerrid, Boris Sverdlik, Matt Jezorek
K.C. Yerrid is an independent consultant with a wide range of experience in
information security, organizational behavior, and psychology. With his
undergraduate degree in Computer Science, he can bang out a mean Turbo Pascal or
COBOL program. With his Master’s Degree in Information Security Management (MISM)
he can tell you what is wrong with an organization’s security department. With
his Master’s Degree in Business Administration (MBA), he can forecast and
explain how you don’t have enough money allocated to your security departments
initiatives. Finally, upon his completion of his Doctorate in Organizational
Management within Information Technology, he will be able to tell you why your
staff is leaving for greener pastures or how to make them work smarter. K.C. has
deferred his student loans nearly as far as he can by remaining an active
student in studying the hands-off aspects of information security, yet is just
curious and resourceful enough to remain semi-relevant amongst techies that are
much smarter than he is.
Matt Jezorek is a security student who does not actually do anything. He thought
about getting paper certified but decided that money was better spent on
alcohol.
Boris Sverdlik is a Senior Partner at Jaded Security Consulting. He is a
Solutions-oriented Information security consultant with a proven record of
directing a range of security initiatives; adhering to best practices and
regulatory requirements. He have been at the forefront of information security
spanning more than a decade. Boris has been on both sides of the fence,
protecting assets as head of security within the financials as well as
performing penetration tests as an external entity. The value I believe I bring
to the table is that breadth of experience.He does defense during the day and
offense at night. And he says he loves absolutely every minute of it. Boris is
also a co-host of the ISDPodcast.