Tuesday, June 28, 2016

20 Books: The CERT Guide to Insider Threats

This is part of a sub-series of postings based on the "20 Books Cybersecurity Professionals Should Read Now".

 The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud).  By Dawn Cappelli, Andrew Moore, Randall Trzeciak.  Addison-Wesley, 2012.

For those not aware, CERT is the Computer Emergency Response Team, a division with the Software Engineering Institute at Carnegie-Mellon University.  Its a research group looking into various aspects of cybersecurity threats.  Often times it reports on new threats, alert organizations about them so they can take action.  It was formed by a directive from DARPA in the wake of the Morris worm, which formed the CERT Coordination Center.

Saturday, June 25, 2016

C.H.I.P. unboxing

Hopefully most are aware of C.H.I.P., the interesting $9 micro computer from the Next Thing Company.  They launched this with a Kickstarter campaign and have been shipping them out this month.

I finally got mine and took some pictures.

Thursday, June 23, 2016

The so-called InfoSec/Cybersecurity Skills Gap

Several groups are pushing the idea that there is a InfoSec/Cybersecurity "Skills Gap".  Basically the idea is that there are WAY more info sec positions then available people to fill them.

Sorry, but as an experienced infosec professional who has been looking and seen the market out there, and know of others who had have similar experiences, I'm not buying it.  MAYBE in some areas there are not enough people (DC area?).  MAYBE in certain skill areas (say pentesters or SOC folk) there are not enough people.  But I don't think that is a general issue across the board.

Sadly, these groups pushing this idea think that pumping out newbie infosec folks is the solution.  Really?  Companies are looking for EXPERIENCED people, not those with 'book learning'.

Monday, June 20, 2016

South Florida ISSA's 2016 Hack the Flag/Chili Cookoff event

For as long as I can remember, the South Florida ISSA Chapter has been hosting an annual Hack the Flag/Chili Cookoff.  We have a 'capture the flag' event, where teams work against each other to hack a system and collect 'flags'.  We've accompanied this with a chili cookoff (along with food and drinks), as not everyone does the CTF.  Most years we've had some kind of theme (russian, brazilian, asian, etc), and the last few we've had t-shirts.  Over the years we've been in a few different places (I can recall 5 different ones).  A couple of years ago we added a lockpick village as well.

Our event was bigger last year as we were celebrating our 15th Anniversary.  We had a bounce house and some other things.

Friday, June 10, 2016

Updates on the NIST Cybersecurity Framework

I've previously posted on the NIST Cybersecurity Framework, and was very surprised that in the last week there has been some new development in that area.

I especially found this interesting because on June 11th I am presenting my "NIST CSF at 2" presentation to the HackMiami meeting at the Broward Main Library.  This is the presentation I gave at BSides Tampa 2016, and had made a few tweaks.  And so I am doing some updates in light of these developments.