With the success of my bsides slides/talk I have been really expanding my speaking engagements. Having worked in the information technology field now for over 16 yrs. specializing in information security that spans private/public sectors, technical and managerial, interfacing with all levels of end users from executives to interns. Throughout my career, I have fielded many questions form end users – How do I do this, What happens when… etc. So I figured no better time than now to develop my “There are no dumb questions” – a budget friendly, hands-on, practical guide to information security to help drive the answers to these common questions. Presented in a Q&A format, in addition to the canned presentation this talk dives deeply into “live” audience questions. Often typical infosec talks do just that talk to the audience; not mine there will be discussions so get ready for it :).
Some highlights include:
Budget Friendly – Freeware, open source, and “cheaper” solutions aren’t always bad.
Practical – All the red taped removed, dive right into real world solutions
Some Topics Discussed:
- Application Security (Appsec) and the Software Development Life Cycle (SDLC) – How do I perform a code review if I never coded?
- Business/Home Continuity – Our company has plans to protect our data at work but how do I protect my own data?
- Out and About – Public WiFi, should I be scared? What should I do when I am out and about? Travel security tips.
- Executive buy-in – How do I speak information security to “the suits”? Designing a security program that both you and “the suits” understand.
- Access Control Lists (ACLs) & Firewalls – How to audit them? How do I make sense of all the mess? How do I build an ongoing compliance program to control ACLs?