[SecurityRatty] tag: conference

Cost-cutting, greater efficiencies to be topics at SNW

Mon, 13 Oct 2008 00:00:00 +0000

As the Storage Networking World conference opens in Dallas this week, it's likely that the recent stock market and financial sector upheavals will have attendees more interested than ever in cost savings.

The Importance of Advance Planning in Executive Protection

Sun, 12 Oct 2008 16:10:00 +0000

I was delighted to see the Herald Standard quoting an executive/close protection agent regarding the importance of Advance work.

Sy Alli is an E.P./C.P. team leader for "Limited Brands Inc.," and was speaking at the California University of Pennsylvania's 2nd annual conference on Corporate and Homeland Security.

Mr. Alli was describing a previous trip to Indonesia where he was in charge of the advance to make sure everything was in place before the Principal arrived out with the other protective agents. Very accurately, he described the need to cover every minute detail from the routes of travel to the alternative routes and to include such important features as local hospitals should medical treatment be needed.

Another important point highlighted was the need for agents to have access to contacts in different countries who could assist with logistics, general and specialized support on the ground, current political situations, etc.

Far too often I am approached by security persons (and not even all are qualified/trained in executive or close protection)who find out that we may have overseas work and want to be included. On some occassions, those requesting to be included on the detail did not even have a current passport!

If you are serious about making a career out of this line of work, you owe it to yourself to do your homework. Over the years I have developed hundreds of contacts all over the world who will respond immediately and who can be trusted to support us in any number of situations and scenarios.

This took a lot of preparing and involved constant contact. It is not something that you throw together a day before your client is scheduled to arrive in a country. If you have people in different parts of the country, or world if you wish to work globally, who can assist when you are in need, you will be able to facilitate your client in a way that will not only gain his/her admiration, but will undoubtedly cement your position in that client's security detail.

In these unsure times, there is a lot to be said for knowing your job is safe for the foreseeable future.

John Strand - "Advanced Hacking Techniques and Defenses" (and demos of evilgrade/passing the hash/msfpayload) from Louisville Infosec 2008

Sat, 11 Oct 2008 12:08:29 +0000

John Strand - "Advanced Hacking Techniques and Defenses" (and demos of evilgrade/passing the hash/msfpayload) from Louisville Infosec 2008
John Strand gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. He gives a fascinating talk about why "security in depth" is dead, and lives again. John then goes on to demo Evilgrade, using msfpayload and obscuring it against signature based malware detection, dumping SAM hashes with the Metasploit Meterpreter and using a patched Samba client to pass the hash and compromise a system. I'd like to thank John for letting me record his talk.

Rohyt Belani - "State of the Hack" from Louisville Infosec 2008

Sat, 11 Oct 2008 12:07:53 +0000

Rohyt Belani - "State of the Hack" from Louisville Infosec 2008
Rohyt Belani gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. Rohyt shows new ways to think about hacking, going into how and why simple things work on the people element. Why hack a system when a quick Google search can reveal so much? Rohyt's talk was humorous and informative, and I'd like to thank him for letting me record his it.

Adrian Crenshaw - "Intro to Sniffers" from Louisville Infosec 2008

Sat, 11 Oct 2008 12:07:20 +0000

Adrian Crenshaw - "Intro to Sniffers" from Louisville Infosec 2008
I gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. I cover the basics of how network sniffers work, and specifically talk about Wireshark, Cain, Ettercap and NetworkMiner. I came up with the presentation on short order, so please be forgiving of the stumbles. :) You can download the slides from here.

Kevin Beaver - "Staying Ahead of the Security Curve" from Louisville Infosec 2008

Sat, 11 Oct 2008 12:06:33 +0000

Kevin Beaver - "Staying Ahead of the Security Curve" from Louisville Infosec 2008
Kevin Beaver gave this presentation for the Kentuckiana ISSA at the Louisville Infosec 2008 conference. There's a lot of great advice in this video on how to approach an infosec career in the right way. Kevin endorses being a security "renaissance man", expanding your knowledge outside of the tech side to understand the business, people and legal sides as well. At the same time he also points out that sometimes specialization is good, so focus on your strengths. I'd like to thank Kevin for letting me record his talk.

John Strand's videos on Evilegrade, Samurai, Hacker Defender and other topics (Blackhills Security)

Wed, 08 Oct 2008 18:28:38 +0000

I had the pleasure to meet John Strand tonight at the pre-LouisvilleInfosec dinner. Great guy, and fun to talk to. Made me realize there's a lot of stuff I need to learn about. Check out his videos at the link above. I hope to have his keynote from the conference up at my site shortly.

Links for 2008-09-30 [del.icio.us]

Tue, 30 Sep 2008 20:00:00 +0000

Companies own up to virtual security blind spot

Tue, 30 Sep 2008 20:00:00 +0000

The vast majority of companies have little or no security in place for their virtual systems. That is a scary statistic revealed in a survey of attendees at the recent VMWorld 2008 conference in Las Vegas.

Fun Presentation from Recent ISSA e-Conference

Mon, 29 Sep 2008 14:13:00 +0000

Again, while I am not blogging like mad, here is another presentation on logging. This baby is a big philosophical and mildly inspired by Dan Geer and it looks into connections between logging and broader concept of "accountability," as it is defined in IT and even beyond. I also explore the ideas that "controls don't scale, while monitoring/logging does."

The presentation is also embedded below:

Logs = Accountability

View SlideShare presentation or Upload your own. (tags: logs chuvakin)

Enjoy!

Possibly related posts:

Logs = Accountability!