Subtitle: I should buy a boat
Leakware, leaked data bases and leaky applications. Leaks are all around us and here to stay it seems. Almost every day, a new story about a data breach from the comical to the scary. Worse, a new exploited vulnerability leaking or locking data. Many protocols are in widespread use, if they are vulnerable and can share data or information inadvertently. Larger numbers of systems, businesses, infrastructure and people are at risk. When a risk is identified, how can threat intelligence be shared? In the land of NDAs, different laws, jurisdictions and regulations. What is good intel or sharable information and to who?
If your organisation's security posture is reactive not proactive, chances are easy to pwn systems can be exposed without visibility. Avoid making it easy to perform mass exploitation. Utilizing the new OWASP Top Ten 2017 and the information gathering checklist. You’ll learn how to discover leaky and vulnerable assets, websites, protocols. The presentation uses sanitized real life data. All information gathered passively. Examples are an unnamed big bank, major IT vendors, multimedia platform, powerplant and other fun..for attackers. A brief update on the leak underground economy and how valuable data can be. How much is that leaky data worth? The good, bad and ugly of sharing. Protection strategies, sharing options and takeaways to justify testing time, budget and sharing options.
Subtitle: I should buy a boat
Leakware, leaked data bases and leaky applications. Leaks are all around us and here to stay it seems. Almost every day, a new story about a data breach from the comical to the scary. Worse, a new exploited vulnerability leaking or locking data. Many protocols are in widespread use, if they are vulnerable and can share data or information inadvertently. Larger numbers of systems, businesses, infrastructure and people are at risk. When a risk is identified, how can threat intelligence be shared? In the land of NDAs, different laws, jurisdictions and regulations. What is good intel or sharable information and to who?
If your organisation's security posture is reactive not proactive, chances are easy to pwn systems can be exposed without visibility. Avoid making it easy to perform mass exploitation. Utilizing the new OWASP Top Ten 2017 and the information gathering checklist. You’ll learn how to discover leaky and vulnerable assets, websites, protocols. The presentation uses sanitized real life data. All information gathered passively. Examples are an unnamed big bank, major IT vendors, multimedia platform, powerplant and other fun..for attackers. A brief update on the leak underground economy and how valuable data can be. How much is that leaky data worth? The good, bad and ugly of sharing. Protection strategies, sharing options and takeaways to justify testing time, budget and sharing options.
Getting the first Job in a new field can be hard, particularly if there is a "you need experience to get experience" trap. When you're new to a field or industry, it is also easy to not understand the core things an employer is looking for. However, you can massively increase your chances of an interview by studying your target and modifying your approach to fit them.
This talk will describe how to work out what an employer is looking for and how to make it easy for them to find that in your CV. It will also cover how to position yourself and stand out where there are increasing numbers of people wanting to enter cyber security. Case studies will be taken from infosec/cyber security but the methodology applies to all fields.