A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


InfoSec Big Picture and Some Quick Wins - Schuyler Dorsey Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

InfoSec Big Picture and Some Quick Wins
Schuyler Dorsey
Derbycon 2015

Schuyler will talk a little bit about about the need for information security professionals to take a step big and observe the big picture within their organization. When choosing to implement product X or hire pro services to do job Y, consider what goal it is you are trying to accomplish ( get away from the checkbox approach ). Consider the overall security posture of your organization and strategically choose the items which will have small impact to the business / end users but large impact to the overall security posture. In addition, will cover some quick technical wins infosec professionals can consider. For example, consider a URL filtering solution which performs URL filtering on all outbound ports and services ( not just web browsing ). On this solution, consider blocking or controlling access to often overlooked categories like Questionable, Unknown, DynDNS. On egress filtering, ( well first.. do egress filtering ) then restriction outbound DNS/NTP traffic by destination. Use GP to block execution from TEMP dirs. EMET.. etc.

Schuyler Dorsey is a Systems and Security engineer who works in the I.T. consulting field. He has several years of experience, an M.S. in Information Security & Assurance, and several security certifications under his belt. He routinely performs vulnerability assessments, penetration tests, security auditing and also works on the defensive side and helps clients secure their endpoints & networks. Schuyler Dorsey is a young and ambitious / aspiring information security professional who got his start in the consulting arena ( jobs included vuln assessments, pentests, security architecture, NERC & PCI compliance, and incident response ). He now works for Activision Blizzard as their security operations manager in charge of IR, VM, Red Team exercises and anything else people deem to be in the realm of infosec. He has an M.S. in infosec and lots of certs.. blah blah blah. When not working, is chasing his two daughters around and forced to sing along with Frozen.

@schuydorsey

Back to Derbycon 2015 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast