As you may or may not remember, late last year I presented via telepresence at the Nigeria ICT Fest, where I gave a talk about security threats to emerging financial entities. Following the conference I was invited to turn my presentation into an academic paper for an open-access, peer-reviewed journal called Postmodern Openings which is published on a biannual basis. Postmodern Openings seems to publish a little bit about everything, from the ethics of advertising to children to lessons learned from studying the economic systems of entire countries to the anthropological ins and outs of caring for children with chronic …
Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.
One Man Shop: Building an Effective Security Program All By Yourself - Medic
- Integrate with environment
- Continuous monitoring
- People and Process -> Secure Network Architecture -> Secure Systems Design -> Continuous Monitoring -> External Validation -> Compliance
- Compliance, per usual, means dick in the final analysis
- Roughly five year plan w/ deliverables
- Needs organizational supprt. Still answers to the Business.
- Supports, !replaces Business
- Security will not mature past …