A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Protecting The Seams:Military Doctrine Applied To Application And Network Security - Paul Vencill (ShowMeCon 2014) (Hacking Illustrated Series InfoSec Tutorial Videos)

Protecting The Seams:Military Doctrine Applied To Application And Network Security
Paul Vencill

ShowMeCon 2014

“Never open the door to a lesser evil, for other and greater ones invariably slink in after it.” – Balthazar Gracian

Military doctrine often speaks of attacking the seams — the weak points where two organizations meet and have to coordinate.  Seams are notoriously difficult to protect because of the inherent risks and challenges associated with information sharing between two organizations.  The US Military has doctrine to train its soldiers how to properly coordinate with their sister organizations to keep the bad guys from slipping through the seams; can the same be said of your IT organization? This talk will focus on the risks and risk mitigation strategies for three common ‘seams’ in integrating new technology into your stack:

  • coordination between the app developers and the sysadmins who will have to maintain it in production,
  • configuration management of all of the dependencies for the application(s) being fielded, and
  • the management of defects/errors in the system and its dependencies.


Paul Vencill provides full-stack software engineering, architecture and policy support to US Government agencies at MITRE, a non-profit company which runs Federally Funded Research and Development Centers.  He also serves as the Chief Builder of Things at CyberStride, LLC, and the CIO of the Atlantic Division in the US Army Reserves.

Working in both the public and private sectors, he has a strong interest in the security environment of the development process. This includes addressing issues such as, establishing encrypted channels between developers and clients who may already be under online surveillance, and educating clients in good security practices during the development and deployment phases. In other words, making sure the client doesn’t compromise the application or architecture before it’s even coded.

An armor (tank) officer and graduate of West Point’s class of 1995, Paul is married, and the proud father of two budding geeks.

Back to ShowMeCon 2014 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast