This is one of those really difficult posts to write. Not just because I've got a lot of stuff going on (when do I ever not, you're probably asking yourself) but because of the sheer volume of data at hand. Like a lot of folks, I caught wind of the House Oversight Committee hearing on UAPs (anonymized) (archive.is) (Internet Archive) (Unidentified Anomalous Phenomena) and my curiosity was piqued. Unfortunately because I had to work early that day I didn't get to watch or listen to much of it, but because House Oversight hearings are a matter of public record …
squirrel clever - noun complex - The state of being extremely smart when it comes to figuring out how to do something. Notably, this does not include figuring out whether or not one should do something.
Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.
One Man Shop: Building an Effective Security Program All By Yourself - Medic
- Integrate with environment
- Continuous monitoring
- People and Process -> Secure Network Architecture -> Secure Systems Design -> Continuous Monitoring -> External Validation -> Compliance
- Compliance, per usual, means dick in the final analysis
- Roughly five year plan w/ deliverables
- Needs organizational supprt. Still answers to the Business.
- Supports, !replaces Business
- Security will not mature past …