Why Aren't More Defenders Winning? Defender’s Advantage and How to Gain it!
Guest: Dan Nutting, Manager - Cyber Defense, Google Cloud
Topics:
What is the Defender’s Advantage and why did Mandiant decide to put this out there?
This is the second edition. What is different about DA-II?
Why do so few defenders actually realize their Defender’s Advantage?
The book talks about the importance of being "intelligence-led" in cyber defense. Can you elaborate on what this means and how organizations can practically implement this approach?
Detection engineering is presented as a continuous cycle of adaptation. How can organizations ensure their detection capabilities remain effective and avoid fatigue in their SOC?
Many organizations don’t seem to want to make detections at all, what do we tell them?
What is this thing called “Mission Control”- it sounds really cool, can you explain it?
Resources:
The Defender's Advantage: Using Artificial Intelligence in Cyber Defense supplemental paper
Join G. Mark Hardy in Torremolinos, Spain, for a deep dive into the security of Generative AI. This episode of CISO Tradecraft explores the basics of generative AI, including large language models like ChatGPT, and discusses the key risks and mitigation strategies for securing AI tools in the workplace. G. Mark provides real-world examples, insights into the industry's major players, and practical steps for CISOs to balance innovation with security. Discover how to protect sensitive data, manage AI-driven hallucinations, and ensure compliance through effective governance and ethical guidelines. Plus, get a glimpse into the future of AI vulnerabilities and solutions in the ever-evolving tech landsc
Sending out IEDs that will probably explode in a supermarket and kill civilians is generally considered a war crime. So far 2 kids killed in Beirut by the Israeli bombs in devices.
No, that is what the Americans want you to think. It is actually just simple recursion.
If this really was that useful, they wouldn't be telling us
That is what they want you to think
Tell us about the reporting restrictions placed on this story
Reminder that the main Houthi demand is for an end to the genocide in Palestine
Well the BBC headlines are getting better. Previously it would have been ‘IDF says suspected terrorists dead’.
My first computer was the zx spectrum with 256k RAM
You guys still have checks?
Free and Open Source Software Conference.
Free Software and Open Source - these are the topics of FrOSCon (Free and Open Source Software Conference). Every year in August the computer science department of the University of Applied Sciences Bonn-Rhein-Sieg, supported by FrOSCon e.V., will organize an exciting program with talks and workshops for visitors of all ages
30 licenses suspended. 320 more to go.
Which is why the headlined talk lasted 25 seconds. The rest of the time was taken up with training effectiveness and historical context.
Will Machine Learning Replace The WAF? - John Graham-Cumming
Based on 20 years of experience using machine learning and keyword/pattern based systems this talk will look at the impact of machine learning on WAFs and how it can be used to effectively block malicious HTTP traffic.
John Graham-Cumming is CTO of Cloudflare and is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer, he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004
The only news media I saw today to name Israel as the perpetrators of the shooting.
“Displacement”? Can we just be clear and call it ‘ethnic cleansing’
All points on that curve, at the same time just now, for undefined values of now.
Strangely enough the people who make up largest market for drugs are never stopped and searched because they are rich middle class people.
“Sudan and other places”.
Dude !
SLEUTHCON is a forum for identifying and exploring cybercrime and financially-motivated threats. This conference will highlight the work done by cybersecurity researchers, defenders, academics, law enforcement, and others.
Security+ SY0-701 Exam Cram Playlist - 2024 Edition
14 hours of training content from Pete Zerger
The killings were on purpose. They knew full well what they were doing.
Hacking a Satellite for Fun and Profit
Mario Polino @ mhackeroni
A light-hearted and entertaining dive into our victorious adventure at Hack-A-Sat! Our presentation takes you on a ride through the challenges and triumphs of hacking into an orbiting satellite, the Moonlighter. What is a Capture The Flag What is Hack-A-Sat How Qualification works How to Organize a CTF Team The competition The preparation of the team for the competition Same challenge example and solution.
Mario Polino has been a hacker and CTF player since 2008. He has a PhD in Computer Security from Politecnico di Milano. Mario worked as a researcher at Politecnico, publishing scientific papers on binary and malware analysis and ML for cybersecurity.
Mario has been the captain of Politecnico's team, Tower of Hanoi (https://toh.necst.it/about/, winner of ruCTF 2019), and is the captain of the Italian team mhackeroni (https://mhackeroni.it/ 5 times DEF CON CTF Finalist). Mario coaches Team Italy (https://teamitaly.eu/), the national Italian hacking team, and Team Europe (https://teameurope.site/), the hacking team selected among all European nations.
Born in 2009, BSides Security Conferences are community-driven events for cybersecurity professionals. They offer a welcoming space for individuals to present research, ideas, and experiences, fostering dialogue and collaboration beyond the limitations of larger conferences.
The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott
Podcast Redefining CyberSecurity with Sean Martin
In this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.
Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.
In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.
Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.
The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.
For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.
In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.
Learn from leading hardware security researchers & professionals and discuss the latest & most innovative research on attacking and defending hardware. Connect with industry peers. Join us for a bigger, bolder, and better hardwear.io
A totally free, english spoken conference dedicated to free software & security. Talks & workshops delivered by experts. High quality talks
2024 edition hosts 21 talks covering 10 Security topics (WebPKI, DFIR & TI, Reverse, Network Detectection etc). Talks are all delivered by experts.
The Israeli army also does this with Palestinian prisoners. Israel has the worlds largest skin bank for some reason.
Labour have kept changing policies all over the place so have been difficult to predict.
