Download - CyberCamp 2015: Low Hanging Fruit
PowerPoint Presentation
Low-Hanging FruitChema Alonso(@chemaalonso)
Low-Hanging Fruit means easy-to-find bugs
Google Project Zero
Clear
Yet another App!!
Security Boundaries
Bypassing Security
Buzz-Words-TechPost-Quantum CryptographyAnti-APTMachine LearningCyber-resilience
How to be Rich in 10 StepsRun a CompanyPoint out the limits of security techCall previous tech uselessDo some tech to solve one single problemCreate a Buzz-Word Viral itInfluence to Create a Magic QuadrantGo IPOSell the tech to some big corporatesSell the Company
11
DLP (Data Loss Prevention)
DLP (Data Loss Prevention)
OWASP Top Ten 10
Department of Homeland Security
Be Secure or Feel Secure
Pretending to be Secure
Complexity of SecurityManagePeopleTechProcessTo getIntegrityConfidentialityAvailabilityReachingAcceptable RiskResilienceCompliance
Doing What/When/Where? How?Hardening SystemsDefense in depthMinimum Attack SurfaceMinimum PrivilegeHardening PeopleInfluenceAwarenessPersistence PentestingHardening processProvidersSoftware development
Do the BasicsSecurity 101Patch known-bugsChange Default PasswordsHarden Default ConfigurationsDont code with easy bugsTech security to your peoplePentestingApply Secure CryptographyACLsDesign a secure Network
Do the BasicsSecurity 102Continuous monitoringAdaptive Authentication / 2FAPersistent PentestingCode ReviewsHarden your networkData Loss Prevention....Security 103Predictive Data LeaksPrivileged Accounts ControlDigital Surveillance...
Security 201CSIRTAnti-APTsMachine Learnig...Security 202Hidden LinksMalware investigationShadow IT....
NetWork Hidden Links
Malware Investigation
Persistent Pentesting
Maturity
PreventDetectManaged incidents responseRespond
Do the BasicsBalance between Physical & Digital SecurityDo the BasicsDo the Basics (Clear?)Do more than the basicsBuy super-fashion Tech
Questions?Chema Alonso@chemaalonsohttp://www.elladodelmal.com