Friday, June 15, 2018

NIST releases v1.1 of the Cybersecurity Framework

Hopefully by this point most are aware that NIST released after much work the updated version of the Cybersecurity Framework (CSF), now version 1.1.  This had been worked on over the last 2 years, was the topic of 2 workshops at NIST headquarters and produced 2 drafts.

It added one categories and 5-6 subcategories, and updated other items, like the information references.  They have also done a revamp of the website for the CSF, adding more resources there.  I do look forward to more informational references to be added, such as crosswalks to PCI-DSS, Standard of Good Practice, and others.

They have now announced that for 2018, instead of a workshop at NIST HQ, there will be a 3 day conference held in Baltimore in November.  Its now the "NIST Cybersecurity Risk Management Conference" and they have registration open along with a call for presentations.

I hope to attend the event, and based on what they are looking for from speakers, I think this will be a valuable conference.  As NIST is also working this year to update several documents related to FISMA, will be interesting how this affects this.  SP800-37 is scheduled to be released in October, and the final draft of SP800-53R5 is planned for October as well.

Wednesday, June 13, 2018

Report on HackMiamiCon6

HackMiami held its 6th Conference in 2018.  And this year we had another new location, tho it wasn't the organizers fault.  :)  The previous location suffered a fire, so this year they moved to Seacoast Suites.  This limited them a bit, as the rooms were not as spacious as with the Deauville.  And there were few food options within walking distance as with the Deauville. 

That aside, I thought overall they had another great conference.  This year they did an electronic badge, but this was a limited-run add-on, due to cost.

Two days, both kicked off with keynote addresses.  Both were good, and the second day we had Jack Daniel, who is kind of the father of BSides.  There were a good mix of talks and presentations, even a few longer workshops in the evening.  I spoke on the second day on cyber resilience/disaster recovery.  With the recent hit by Irma in Florida (and Maria in PR), I felt this was a good topic. I think it overall went well.

Congrats as always to the HM folks for putting on this conference.  Am surprised that they have already set the date and location for the 2019 conference, and will be back at the Deauville!  Registration is even open on their website!

Monday, June 11, 2018

Report on BSides Orlando 2018

Security BSides Orlando was back in 2018, the 6th year.  There were some issues this year.  They have been tied, scheduling-wise, to SANS in Orlando, but this year they had a weird schedule of April 3-10, which is Tuesday thru Tuesday, rather Sunday-Saturday like schedule.  So they went with April 7, right in the middle.

The other issue was location.  After several years at University of Central Florida, last year they were at Valencia College.  This year they were at Full Sail University's Live Venue location in Winter Park.  And, yes, another one day event.

The Full Sail location was interesting.  They added a lot of other activities to the schedule, which was nice, but I was sadden that this limited the number of actual talks, as this decreased the number of rooms available, so instead of having 4-5 talk tracks, there were only 2.  I had submitted several proposals, and none were picked.  So this was a personal disappointment for myself.

This year they did an electronic badge, which required participants to solder the items on the board.  They had a station setup to solder them, with people helping, which was great.  Probably needed to have a few more soldering irons, but still nice.  The blue badge was for participants, red was staff/volunteers.  Then they added a plastic hanger below to indicate speakers, sponsors, etc.

Here is a shot of the t-shirt and program book.

Overall a great event this year.  I look forward to next year's event.  SANS has set the date for SANS Orlando, so hopefully the BSides Orlando folks can set their date for next year's event.