A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Patching: Show me where it hurts - Cheryl Biswas Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Patching: Show me where it hurts
Cheryl Biswas
Derbycon 2018

Patching - it’s complicated. Organizations at every level struggle with patching. It feels more like a necessary evil rather than a best practice. We're damned if we do, damned if we don't. As much as we like to point fingers of blame and malign the processes in place, the fact is that one size does not fit all when security updates get issued. We’ve lived through the joy of Patch Tuesdays gone bad, watched systems meltdown from patches for Spectre and Meltdown. Given all we should have learned, why does it seem like things are getting worse? Securing our stuff should not be an endless succession of dumpster fires. We need to go beyond just finding the sweet spot between mitigating business risk with vulnerability exposure. Join me in a candid and interactive discussion on this fundamental process that seems inherently broken, especially as it now affects IoT, OT and medical devices. In an off the record, behind closed doors session, let's share what we’ve seen and say what we really think about management, internal and external customers, vendors. Because the cure isn't supposed to be worse than the disease.

Cheryl Biswas, aka @3ncr1pt3d, is a Strategic Threat Intel Analyst with TD Bank in Toronto, Canada. Previously, she was a Cyber Security Consultant with KPMG and worked on security audits and assessment, privacy, breaches, and DRP. Her experience includes project management, vendor management and change management. Cheryl holds an ITIL certification and a degree in Political Science. Her areas of interest include APTs, mainframes, ransomware, ICS SCADA, and building threat intel. She actively shares her passion for security online, as a speaker and a volunteer at conferences, and by encouraging women and diversity in Infosec as a founder and member of the "The Diana Initiative".


Back to Derbycon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast