Tuesday, May 23, 2017

New Cybersecurity Executive Order

So by now hopefully most are aware of the recent Executive Order signed by President Trump.  While not numbered, it came out May 11th, which was just before the planned NIST Cybersecurity Framework Workshop.  Full title is "Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure".

So let's take a look at it.

It has 5 sections.  Sections 4 and 5 we can basically overlook.  Sec4 is definitions, while Sec5 is General Provisions.

Monday, May 22, 2017

Recent events

Am a little behind on posting on some very recent events.

Last week I was at the NIST Cybersecurity Workshop.  Lot of interesting things there.  Further, the prior week Trump signed an Executive Order on Cybersecurity that has an impact on things.

This past weekend I was at the HackMiamiCon5, where I also spoke on cyber resilience.  More on that as well.

Hopefully soon I will be speaking at an upcoming HackMiami meeting on various updates (the NIST CSF Workshop, recent EO, and some other regulations that have come out).


Friday, May 12, 2017

News and upcoming events

One of the news items floating around is the recently signed executive order regarding cybersecurity.  I haven't had a chance to really look over it, but hope to soon and will post my thoughts here.

There are a couple of upcoming events I will be at next week.

First off is the NIST Cybersecurity Framework Workshop at NIST HQ.  I look forward to that.  Should be a great opportunity to gather information, give input, and meet others.  I hope that impact of this new EO will also be covered.

Then next weekend is the HackMiamiCon5 in Miami Beach.  I'll be there, and be speaking on the second day on Cyber Resilience.  Look forward to that.

I will be posting on both events here on the blog, so be sure to check back.

Tuesday, April 11, 2017

Resources for presentation on IT Risk

As mentioned previously, I gave a presentation on IT Risk at the 2017 Security BSides Orlando Conference.  The title was "Risk: It's more then just a game from Parker Brothers".  Was trying to be a little cute and have a catchy title.

The talk was about IT Risk, and I was aiming it at infosec professionals.  My idea is that risk is important to understand, as we do security to reduce risk to the organizations we work for.  But I think too many infosec folks just don't have a good understanding of this.

Now, the talk was posted.  Not sure how well it comes out.  I'll update with a link.

But what I wanted to give here was information on the sources and materials I used for the talk.

Monday, April 10, 2017

BSides Orlando 2017 Report

Saturday, April 8, 2017, the 5th Security BSides Orlando conference was held.  This year there were several changes over past ones.

The conference was but one day.  The venue this year was Valencia College rather then University of Central Florida from the last two years.  The new venue lead to a few minor changes in scheduling.  As there was really no venue for lunch, pizza and soda was provided for participants.



There were 3 tracks of talks.  A workshop track.  A CTF was held.  For the lockpick village this year, there were two additional challenges.  One was to unlock a room, another a box.  There were several vendors setup.  And the conference wrapped up with a keynote speaker: Tara Wheeler.

Wednesday, April 5, 2017

Upcoming Security Conferences for 2017

There are several conferences in the South Florida (and other areas) that I plan to be at in the coming months, and am speaking or hope to be.

BSides Orlando will be April 8th, but now moved to Valencia College-West Campus.  Also different this year is this will be a one day event, but will again be right before SANS Orlando.  I will be there speaking on the topic of Risk.  This talk is aimed at the entry level security professional to help them gain a better understanding of the importance of IT Risk in what we do in security.


The South Florida ISACA Chapter will be having their 10th WOW event on Friday, April 21st.  This will be an all day event at the FIU Biscayne Campus as usual.  Registration is already open and the focus is on "Emerging Threats in Cybersecurity".  Will be there.  Had hoped to speak, but didn't happen.

HackMiami will be back with their 5th conference on May 19-21, again at the Deauville Beach Resort in Miami Beach.  I will be speaking there on the topic of Cyber Resilience.


Further out, there is of course Black Hat, DefCon, BSides out in Las Vegas from July 22-30th.  I have never been out there, and plan to go out for BSides and DefCon.  Barring any financial issues.  I am also planning to submit for BSides.  Probably submit a few of my talks and see if any get picked.  Not sure if what I speak on would be accepted at DefCon.

Interestingly, ISC(2) has moved their Security Congress event out of being co-located with ASIS's conference.  This one will be September 25-27 in Austin, TX.  To be honest, I have no plans to attend this.  I felt their event was a bit pricey.

Now, ASIS, which is more for security folks who deal with physical security then information security, will have their conference September 25-28 in Dallas, TX.  ISSA is working with them to have infosec speakers at this event.  Kind of filling the void that ISC2 left.  And again, Infragard is co-hosting their annual conference there as well.  Sounds interesting, but again, probably will not be at this event.  Just can't afford it.

ISSA will be having their 2017 International Conference in San Diego from October 9-11.  I am on the conference committee for this one again, and again submitted some talk proposals.  Unless one of my talks gets picked I'm not certain I'll go this year. [UPDATE: my talk on Cyber Resilience was picked]. I do want to go next year when it'll be in Atlanta.

Now, the only other conferences this year I look forward to is a possible Security BSides happening in Southwest Florida, where I am from.  Heard about this at BSides Tampa and the group hopes to have this in Ft Myers.  I hope to hear more about it as I'd love to be involved.  Tentative time they are aiming for is June.

Another one I should mention is BSides Jacksonville.  This is usually held in October.  I've never been to one.

If any will be at the above ones I'll be at, stop by and say hi!

Wednesday, March 15, 2017

2017 SFISSA Security Conference Report

This past Friday, the South Florida ISSA Chapter held its 2017 Security Conference.  The chapter holds these every 2 years, and this year's event was our more successful one to date.

We had 4 tracks of talks, include a track of workshops (twice the length of a regular presentation), a breakfast and lunch keynote, and a CISO Panel of 4 local CISOs.