Description: Schuyler will talk a little bit about about the need for information security professionals to take a step big and observe the big picture within their organization. When choosing to implement product X or hire pro services to do job Y, consider what goal it is you are trying to accomplish ( get away from the checkbox approach ). Consider the overall security posture of your organization and strategically choose the items which will have small impact to the business / end users but large impact to the overall security posture. In addition, will cover some quick technical wins infosec professionals can consider. For example, consider a URL filtering solution which performs URL filtering on all outbound ports and services ( not just web browsing ). On this solution, consider blocking or controlling access to often overlooked categories like Questionable, Unknown, DynDNS. On egress filtering, ( well first.. do egress filtering ) then restriction outbound DNS/NTP traffic by destination. Use GP to block execution from TEMP dirs. EMET.. etc.
Schuyler Dorsey is a Systems and Security engineer who works in the I.T. consulting field. He has several years of experience, an M.S. in Information Security & Assurance, and several security certifications under his belt. He routinely performs vulnerability assessments, penetration tests, security auditing and also works on the defensive side and helps clients secure their endpoints & networks. Schuyler Dorsey is a young and ambitious / aspiring information security professional who got his start in the consulting arena ( jobs included vuln assessments, pentests, security architecture, NERC & PCI compliance, and incident response ). He now works for Activision Blizzard as their security operations manager in charge of IR, VM, Red Team exercises and anything else people deem to be in the realm of infosec. He has an M.S. in infosec and lots of certs.. blah blah blah. When not working, is chasing his two daughters around and forced to sing along with Frozen.
For More Information Please Visit: -
http://www.derbycon.com/
http://www.irongeek.com/i.php?page=videos/derbycon5/mainlist
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.