Tuesday, April 11, 2017

Resources for presentation on IT Risk

As mentioned previously, I gave a presentation on IT Risk at the 2017 Security BSides Orlando Conference.  The title was "Risk: It's more then just a game from Parker Brothers".  Was trying to be a little cute and have a catchy title.

The talk was about IT Risk, and I was aiming it at infosec professionals.  My idea is that risk is important to understand, as we do security to reduce risk to the organizations we work for.  But I think too many infosec folks just don't have a good understanding of this.

Now, the talk was posted.  Not sure how well it comes out.  I'll update with a link.

But what I wanted to give here was information on the sources and materials I used for the talk.

Monday, April 10, 2017

BSides Orlando 2017 Report

Saturday, April 8, 2017, the 5th Security BSides Orlando conference was held.  This year there were several changes over past ones.

The conference was but one day.  The venue this year was Valencia College rather then University of Central Florida from the last two years.  The new venue lead to a few minor changes in scheduling.  As there was really no venue for lunch, pizza and soda was provided for participants.

There were 3 tracks of talks.  A workshop track.  A CTF was held.  For the lockpick village this year, there were two additional challenges.  One was to unlock a room, another a box.  There were several vendors setup.  And the conference wrapped up with a keynote speaker: Tara Wheeler.

Wednesday, April 5, 2017

Upcoming Security Conferences for 2017

There are several conferences in the South Florida (and other areas) that I plan to be at in the coming months, and am speaking or hope to be.

BSides Orlando will be April 8th, but now moved to Valencia College-West Campus.  Also different this year is this will be a one day event, but will again be right before SANS Orlando.  I will be there speaking on the topic of Risk.  This talk is aimed at the entry level security professional to help them gain a better understanding of the importance of IT Risk in what we do in security.

The South Florida ISACA Chapter will be having their 10th WOW event on Friday, April 21st.  This will be an all day event at the FIU Biscayne Campus as usual.  Registration is already open and the focus is on "Emerging Threats in Cybersecurity".  Will be there.  Had hoped to speak, but didn't happen.

HackMiami will be back with their 5th conference on May 19-21, again at the Deauville Beach Resort in Miami Beach.  I will be speaking there on the topic of Cyber Resilience.

Further out, there is of course Black Hat, DefCon, BSides out in Las Vegas from July 22-30th.  I have never been out there, and plan to go out for BSides and DefCon.  Barring any financial issues.  I am also planning to submit for BSides.  Probably submit a few of my talks and see if any get picked.  Not sure if what I speak on would be accepted at DefCon.

Interestingly, ISC(2) has moved their Security Congress event out of being co-located with ASIS's conference.  This one will be September 25-27 in Austin, TX.  To be honest, I have no plans to attend this.  I felt their event was a bit pricey.

Now, ASIS, which is more for security folks who deal with physical security then information security, will have their conference September 25-28 in Dallas, TX.  ISSA is working with them to have infosec speakers at this event.  Kind of filling the void that ISC2 left.  And again, Infragard is co-hosting their annual conference there as well.  Sounds interesting, but again, probably will not be at this event.  Just can't afford it.

ISSA will be having their 2017 International Conference in San Diego from October 9-11.  I am on the conference committee for this one again, and again submitted some talk proposals.  Unless one of my talks gets picked I'm not certain I'll go this year. [UPDATE: my talk on Cyber Resilience was picked]. I do want to go next year when it'll be in Atlanta.

Now, the only other conferences this year I look forward to is a possible Security BSides happening in Southwest Florida, where I am from.  Heard about this at BSides Tampa and the group hopes to have this in Ft Myers.  I hope to hear more about it as I'd love to be involved.  Tentative time they are aiming for is June.

Another one I should mention is BSides Jacksonville.  This is usually held in October.  I've never been to one.

If any will be at the above ones I'll be at, stop by and say hi!

Wednesday, March 15, 2017

2017 SFISSA Security Conference Report

This past Friday, the South Florida ISSA Chapter held its 2017 Security Conference.  The chapter holds these every 2 years, and this year's event was our more successful one to date.

We had 4 tracks of talks, include a track of workshops (twice the length of a regular presentation), a breakfast and lunch keynote, and a CISO Panel of 4 local CISOs.

Wednesday, March 8, 2017

News on NIST's update to Cybersecurity Framework

As I have previously posted, and hopefully most are aware, NIST (National Institute of Standards and Technology) has released a draft for an update of the Cybersecurity Framework (CSF), to be v1.1.

Recently NIST held 2 webinars on the CSF, each an hour long.  One was an overview, and the other on the proposed updates.  The webinars had a limited number that could watch them live, but they have now put up the videos on their website.  Both are good to watch.

Wednesday, February 22, 2017

Memorial Healthcare pays $5.5 million HIPAA settlement

Well, at this point hopefully those in the infosec field, especially in the healthcare arena, are aware of the recent settlement by Memorial Healthcare (Hollywood, Florida) for $5.5 million.  This was for violations of HIPAA that resulted in the protected health information (PHI) of over 100,000 individuals being potentially exposed.  While not the highest penalty, certainly up there.

You can read the whole press release HERE.  As well as the settlement agreement HERE which includes the corrective measures they must take.

For me, this is notable as Memorial Healthcare is one of the local hospital groups in my area.  Now, I have no connection with Memorial, I do NOT have any inside information on them.  All I know is what I have read in the above articles.

Friday, February 17, 2017

BSides Tampa 2017 report

This past weekend, February 11th, I was in Tampa for the 4th BSides Tampa Conference.  This is my second time attending, and second time presenting.

Overall it was a good conference.  There were some differences from last year, most positive.  They clearly need to move to a larger venue.  This year and last was at the Stetson Law Center in Tampa.  This location has a nice facility, but is limited in parking, and there is no place to get lunch.  Last year they brought in KFC for everyone, this year was food trucks.  But there was only 2 and I didn't have the time to get lunch before I had to do my session.