Transcript Sac HDI Big Event

Jeff Williams
2015
Intro
Awesome Times
Security Briefing
Service with Security
 Deloitte & Touché consultant during Y2K
 Santa Clara County Office of Education
 Supported Payroll, financial and human resource systems in 44 district, in two counties
 California State University
 9 year in Information Security and resent appoint to Director of Customer Service
 Security experience from briefings (e.g. state, Infragard, Verizon), trainings
(e.g. CISA, CISSP and Incident Handler), books (e.g. ) and most important
from experience
 Philosophy & MBA
 All views, misquotes and materials out of context are the solely my fault;
I’m here to paint you a picture and encourage you to grow
Meet the business goal
with Changing Technology
that is Fragile
 Three stories
 Big Data
 Ted Talks on Machine Learning
 Geekonomics
 Even Data Changes
 3rd Millennium BC
 12th-16th century
 14th century
We solve our problems with the tools available
Rigid exactitude
Correlation
What, not why
“The wonderful and terrifying implication of computers that
can learn”
Jeremy Howard
Portland Cement
No Virtual Crash Test Dummies
Meet the business goal
WITH
Changing Technology
THAT
Is Fragile
 Infragard Briefings
 Verizon Report and Briefings
 Dell SecureWorks Briefings
 Microsoft Briefings
 SANS.org training and Briefings
 Pre-2008 – The lone wolfs…wolves are pack animals
 2008 - roll up high profile Hackers
 2009 - China hires Russian Hackers
 steals cyber attack IP
 2010 - Move to single high value target - multi-verification
 2011 – Russian Hackers become patriots
 2012 - Iran (mother of all cyber attacks, DDoS US banks)
 Iran provided $$$ to hackers to DDoS; ineffective but lots of $$$
 2014 – Disruption: data theft; Anonymous, protest to disrupted and embarrass;
- Recon in network that to them are USA - relations between RU, China, Iran,
N.K.; same code
 Malicious actors go after those who have access to the data
 Poor key implementation and management
 Spear phishing
 Social Engineering
 Changing direct deposits
 Downloading your emails
 Humans can pivot and explore
What is the business goal?
What are the risks?
What are the threats?
What are the right security controls?
What they protect
How they protect
 Confidentiality
 Deter
 Integrity
 Prevent
 Availability
 Detect
 Recover
 Reduce
We Live in Awesome Times
Thank You