![Page 1: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/1.jpg)
Innovating in Spite of Oneself
Using progressive thinking and technology to transform conventional cyber security paradigms in the financial sector
![Page 2: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/2.jpg)
Red Blue Teaming for fun and Profit!
Spending large amounts of time and money in an endless arms race against an invisible adversary to protect data that has already been
leaked by at least 7 other companies
This slide is not endorsed by MSUFCU or its affiliates
My original working title and tagline …
![Page 3: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/3.jpg)
Introduction
• MSUFCUoChief Information Security Officero [email protected]
• Alaska USA FCUo Enterprise Security OfficeroManager Electronic and Card Applications
• SprintoNetwork Security EngineeroWeb Engineer Sprint.com and Sprintpcs.com
Wile E. CoyoteCost Center
![Page 4: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/4.jpg)
My point of view …Financial Sector4 Billion in assetsWho provides regulatory governance?
• National Credit Union Administration (NCUA)• Federal Financial Institutions Examination
Council (FFIEC)
What constitutes sensitive data?• Card (PAN, PIN, CVV)• Personally Identifiable Financial Information
(PIFI)
![Page 5: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/5.jpg)
My point of view too …How is money made, where is it, how does it move?
• Loans• Card Interchange Fees• Deposits• Wire / ACH
What are some general characteristics of IT?• Main HQ and Datacenter facilities• Many satellite branches• Very little remote workforce• Many 3rd party network interfaces of various types
![Page 6: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/6.jpg)
Objectives of a CU Cyber Security Program
• Part 748 Appendix A of NCUA Regulations• “These Guidelines provide guidance standards for developing and
implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of member information.”
• Predict, Prevent, Detect, Respond• Achieve Continuous Improvement and Maturity• Don’t Interfere with or Interrupt the Business!
![Page 7: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/7.jpg)
Controls (I.e. All the stuff we must have.)
• Intrusion Detection and Prevention Systems (IDS / IPS)
• Endpoint Anti-Virus
• Data Loss Prevention
• Firewall
• Security Information and Event Management (SIEM)
• Internal Network Segmentation
• Network Flow Analysis and Classification
• Risk Assessment (Enterprise and System)
• Disaster Recovery / Business Continuity
• Threat Intelligence Monitoring
• Annual and Quarterly Board Reports on Risk
• Penetration Testing
• Web Proxy and Content Filtering
• Privileged Account Management (PAM)
• Helpdesk Ticket Escalation
• Vulnerability Management (Scanning)
• Configuration Management and Hardening Baselines
• DNS Reputation Filtering
• Email Anti-Virus
• Sandbox Detonation
• Email SPAM Filtering
• Behavioral Endpoint Protection
• Endpoint and Network Forensics
• Cyber Incident Response
• Security Policy & Procedure
• Security Education and Awareness Training
• Security Architecture Review (Communication Topology, Encryption)
• Change Management
• Security Exception Processing
• Regulatory and Internal Audit Responses
• Investigation and Security Data Analysis
• Vendor Management Security Reviews (SSAE 16 / SOC I, II)
• User and Active Directory Audits
• Password Cracking
![Page 8: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/8.jpg)
With Limited Resources a Credit Union Security Organization Must:
• Achieve a Holistic Security Posture (Breadth of Coverage)• Achieve Defense in Depth
• Interlocking controls• Variety of controls
• Provide Incident Response• Provide Business Continuity• Provide Risk Analysis• Evolve with an extremely fluid Threat-Scape
![Page 9: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/9.jpg)
Challenges
Why do we innovate?We innovate in response to challenges that cannot be countered with existing
measures.
![Page 10: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/10.jpg)
Threat Intelligence Reports
IBM X-Force Report 2018Verizon Data Breach Incident Report 2018
![Page 11: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/11.jpg)
Traditional Security Management Challenges• Money
• Enterprise Class Controls and People
• Time• Improve and Mature at pace with Threat Landscape• Provide Value at pace with IT and Business Initiatives
• People• Human Bandwidth
• Breadth of function• Operations• Governance• Projects
• Skill Sets• Raw Ability
• Curiosity• Intelligence
• Core Competencies
• Cooperation and Support• Board of Directors• Executives and Staff
![Page 12: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/12.jpg)
SophisticationSecure Works Incident Response Insights Report 2018
When do you patch your
servers?
![Page 13: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/13.jpg)
Sophistication Lifecycle
![Page 14: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/14.jpg)
When does my control set (including patching) become effective?When does my attacker get the exploit?
My attacker acquires exploitMy Controls mitigate threat
![Page 15: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/15.jpg)
What can my company afford?
Cost
![Page 16: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/16.jpg)
Sophistication and Risk
Why does this matter?• You have to choose the level of
sophistication you intend to defend against
• Each decision is specific to a particular aspect of a particular point in the kill chain
• If you choose not to decide, you still have made a choice!
![Page 17: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/17.jpg)
Balancing Controls and Business
• Most preventive controls willinterrupt the business at one time or another
• Buy-in is necessary but tough to get• Difficult to focus on the “Why?”
when the business may not have common ground
• Convenience-Cost can be an unforeseen expense by security, the business, and the board of directors
![Page 18: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/18.jpg)
Innovation
How do we innovate?We think then we do.
![Page 19: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/19.jpg)
Transform VM into VRM …
Vulnerability Risk ManagementoRe-factoring Risk with TimeoGrouping vulnerabilities into
families of riskoAddressing vulnerability for
maximum reduction in exposure
oFocus on addressing systemic cause of vulnerabilities and risk
Vulnerability ManagementoRisk is linearoVulnerabilities are assigned to
remediation teams by ownership
oPrioritized based on vulnerability criticality
oCan miss systemic cause of vulnerabilities and risk
![Page 20: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/20.jpg)
Practical VRM …
Vulnerability Risk ManagementoMy enterprise doesn’t need
adobe reader – remove it.oLet’s focus on upgrading to
Windows 10 which makes Flash updates part of the OS.
oWhy do we have a systemic inability to patch to 100%?
oOur patching window will never be shorter than 30 days – How do we mitigate?
Vulnerability ManagementoAdobe Reader is vulnerable –
patch it.oFlash is vulnerable, let’s focus
on patching it.o5% of my servers aren’t
getting patched – hunt them down and patch them.
oOur patching window is >30 days which is too long
![Page 21: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/21.jpg)
Dial for Motive …
Persistent Remote Access is not a motive in this context –Lifting the stand-in limits on ATMs is a motive.
“Motive” should be a key deliverable in any incident analysis.Clues to motive can be found by analyzing tools, techniques, and procedures (TTPs)
Motive, TTPs, and persistence (tenacity) give us an idea about our adversary's true sophistication.
![Page 22: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/22.jpg)
Application Whitelisting
A Default Deny on execute and write operations provides mitigation for advanced exploits which are early in their lifecycle.Whitelisting controls work from a model of known-good instead of known-bad.
VS.
![Page 23: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/23.jpg)
The Whitelisted Attack Surface
Unknown (Banned)
Known Bad (Anti-Virus)
Known Good(Authorized)
Reduces attack surface to a smaller set of authorized files
Forces attackers to work within a narrow band … Which they do!
![Page 24: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/24.jpg)
Behavioral Controls
Whitelisting and Anti-Virus controls still leave an exposure that must be countered by preventive behavioral rules
![Page 25: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/25.jpg)
Example APR04102018_TD_INV.doc
Microsoft Equation Editor
Writes and executes tasks.bat
Which executes PowerShell
C2 Call – HTTPS download of payload
![Page 26: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/26.jpg)
Black Hole DNS
Perhaps the best ROI in security – Low cost, High efficacy.Only effective against malware that uses domain names.Supplements Web Filtering.
![Page 27: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/27.jpg)
Endpoint Detection and Response (EDR)
Threat Data Feed AggregationIOC Based DetectionThreat HuntingProcess RelationshipsRemote Forensics
Secure Works Incident Response Insights Report 2018
Host IsolationBreakout Containment
![Page 28: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/28.jpg)
Red teaming for fun and profit …o Typically have a more flexible
timelineo Can accumulate in-depth
intelligence on their targetso Are a key stakeholder in the
continuity of the target systems
o Can participate in the ongoing surgical testing of controls
o Can perform proof of concept testing on controls before buying them
![Page 29: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/29.jpg)
Daily Stand-Up
Gives everyone a voice every day.Can prevent poor execution due to negligent or accidental group-think.Provides high-resolution correction as strategies are implemented.
![Page 30: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/30.jpg)
Monthly Table TopsRehearse Incident Responseto uncommon situations.Review and correctresponse to common situations.Produce artifacts for regulators to consume.Builds collaboration with Risk Management and Business Continuity teams.
![Page 31: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/31.jpg)
Some Unconventional Strategies …
Sometime all it takes is a change in mindset to break out of a rut.
![Page 32: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/32.jpg)
Let computers do the things that computers are good at.• Automate everything that doesn’t require a subjective or qualitative
judgment• Employ DevOps when possible (SecOps?)
![Page 33: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/33.jpg)
Let humans do the things humans are good at.• Develop strengths in your staff rather than fixing deficiencies• Let people gravitate toward their core competency• Talk about “why” not just “how”
![Page 34: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/34.jpg)
Assert that an Innovative Maturity requiresopen source, zero cost security controls.
• Spend financial resources only on those technologies that require it:• Next Gen Firewall• Email Spam Filters• Web Application Firewall (WAF)• Data Loss Prevention (DLP)• Anti-Virus • Security Information and Event Management (SIEM)
• Develop open source technologies that compliment core enterprise controls:• IDS / IPS (Snort / Suricata)• Data Flow Analysis (Bro)• File Integrity Monitoring (FIM) (OSSEC HIDS)• Black Hole DNS (Implement in Bind, Unbound, Mara, etc.)• Honeypots (Honeywall, HoneyC, Honeyd)• Community Threat Intelligence (ISCSANS, Independent Researchers, Spamhaus, Mitre.org,
etc.)
![Page 35: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/35.jpg)
Implement alternative mitigations to overly-complex or cost-prohibitive controls first.• Build your own monitoring systems• Use built in host based firewall technologies• Harden systems with configuration management rather than host
based controls• Patch everything, all the time• Segment internal networks using access controls that are readily
available• Use commonly available ad-blockers
![Page 36: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/36.jpg)
Prioritize internal Red Team exercises overexternal 3rd party pen tests.• 3rd Party Pen Testers:
• Are on a limited timeline • Have limited reconnaissance• Operate in a commoditized environment• Run their canned scripts and move on if they fail
• Internal Pen Testers:• Typically have a more flexible timeline• Can accumulate in-depth intelligence on their targets• Are a key stakeholder in the continuity of the target systems• Can participate in the ongoing surgical testing of controls
![Page 37: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/37.jpg)
Actively reduce the expense of functional operations for those things that have become commoditized.
• Managed Security Services Providers (MSSP) can partner with an in-house security team:
• 24x7 Log Monitoring• IDS/IPS Monitoring• WAF Administration
• A robust Internship Program can provide skilled individuals in cases where an MSSP solution is not possible.
• Repetitive data analytics• Daily reputation data pulls• Educational content development
![Page 38: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/38.jpg)
Deliberately staff a % of your organization with Application, System, and Network engineers.
• Once someone has the right foundation they will naturally develop into security professionals
• Without this, how will an information security staff develop a well rounded technical understanding of:
• Enterprise Scale Virtualization• How packets route / TCP States• How sessions persist in an application container• How load balancers work• How DNS works• Routing broadcast protocols• Storage• Multithreaded object synchronization• *nix operating systems
• The key to staffing is balance … Your aggregate staff must cover a broad base of disciplines
![Page 39: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/39.jpg)
Discourage outside hires from assimilating.
![Page 40: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/40.jpg)
Adopt the 10th man rule.
“if nine men agree, it is the duty of the tenth man to disagree.“- Carl Cullotta, Frank Lynn & Associates
• Adapt this to your staff size• Assign a Devil’s Advocate
in critical situations
![Page 41: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/41.jpg)
Work on too many projects at the same time.
• Efforts get blocked – have many irons in the fire
• Be careful of rapid context shifting• The key to this strategy is to adapt
deadlines when the completion of a project is within sight
• Allow people to naturally shift between projects
• Warning! Does not lend itself to accurate annual planning
![Page 42: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/42.jpg)
Avoid burning talent on paperwork.
• Security = Paperwork• Paperwork != Fun• DO NOT arbitrarily spread
paperwork across the team to be “fair”.
![Page 43: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/43.jpg)
Rehearse your cyber incident response program on routine security events.
![Page 45: Innovating in Spite of Oneself - cj.msu.educj.msu.edu/assets/ICC-2018-PPT-Mielak.pdf · APR04102018_TD_INV.doc Microsoft Equation Editor. Writes and executes . tasks.bat. Which executes](https://reader031.vdocument.in/reader031/viewer/2022031417/5c688ce009d3f206678ba96e/html5/thumbnails/45.jpg)
Questions?