This presentation introduces Micro-Segmentation and includes industry adoption statistics, strategies, and implementation examples. This presentation came from my personal experience implementing Micro-Segmentation in a fully virtualized hosted infrastructure environment for many large hospital systems. This talk will cover why we need segmentation, what the benefits are, how it evolved, and what it enables before explaining a flaw of Micro- Segmentation and how it is addressed using the recently defined term Nano-Segmentation. I also briefly touch on the famous Zero Trust Model and how Micro-Segmentation makes security more effective by following the principles of the Zero Trust Framework. Last, I will briefly cover how any organization can implement Micro and Nano-Segmentation using Tanium in a physical and/or virtual environment that scales up to millions of endpoints.
Presentations for Cloud
Scripting and automation are absolutely critical to many aspects of an attacker’s effectiveness, penetration tester or otherwise. Modern WAFs and “bot detections” often add a small layer of intelligence to their monitoring, attempting to determine whether or not an attack is being automated, and shut the bot/botnet down. This presentation will be a mini-tutorial on how the various forms of “bot detection” out there work, and how to modify/spoof the necessary client environments to bypass nearly all of them using anything from Python Requests to Selenium, Puppet and beyond.
The shift to the cloud, Agile and DevOps is making it more difficult than ever for security teams to control what happens in their organizations and secure systems.
The obvious solution is more security tools, more security people, and ever-inventive ways to reign in your environment.
You. Will. Fail.
The only way to get better is by giving up the illusion of control and the delusion that you can achieve control.
Instead, we’ll talk about how engineering automation to create a culture of empowerment, self-reliance and trust can result in better security outcomes. Along the way, we’ll learn about how the adoption of Agile and DevOps is creating value in some unexpected ways…
DNA sequencing has gotten exponentially cheaper since its invention, and is rapidly becoming a popular consumer good, given as Christmas presents and advertised on Facebook. However, the companies that perform this sequencing are effectively unregulated, and what they do with the mountains of data accumulated in this process is hardly transparent. This talk will begin with an overview of gene sequencing technology, then discuss the data actually collected by many popular companies. The talk will conclude with a discussion of how this data could be weaponized by bad actors after a data breach, both now and going forwards.
Subtitle: The Ultimate Insider in the Cloud