Showing 10 of 21621 Posts
Peerlyst

BSidesLV and Peerlyst partner to extend the conversation beyond time and space

We are happy to announce a strategic partnership with BSides Las Vegas‍ , to extend the conversation beyond the location and time of the conference: http://www.prnewswire.com/news-releases/infosec-social-network-peerlyst-named-official-community-platform-for-bsides-las-vegas-300296391.html Come meet at at Bsides! here is what you can expect: 1. We will have a table where we'll b… Read more
Brent Hutfless

By: Gina Robertson

Thoughts on the optimal CISO reporting structure

15
4
I wonder how indicative the reporting structure is for determining organizational priorities, risk tolerance, and management style? I bet that there is a correlation between CISO to CIO reporting and organizations where technology and the business are poorly aligned. Those CIOs may not a full seat at the table to begin with, leading to CISOs who are positioned farther from the business exe… Read more
Brent Hutfless

By: Amar Singh

Loose Tweets and thoughtless RT's may now cost you Jail Time

5
4
I know this is an older post, but laws like these are only going to proliferate and unfortunately they also encourage abuse by framing individuals through spoofed accounts. Someone established a Twitter account, tied it to me with all of the details of my own account, and posted a fair number of very inflammatory tweets. While this was years ago, it was up to me to prove my identity to Twitter be… Read more
Brent Hutfless

What are you doing to promote this community?

I get roughly 100 vendor-related emails a day, far more than I have an opportunity to read throughout the day. Like many people, not only do I lack the time to open each one, but many of the products hitting my inbox are competitive solutions to something the company already employs. Lately, I have started steering technology and security vendors that I respond to toward Peerlyst. I'm also m… Read more
4
Terry Gold

BSidesLV PasswordCon2016 Talk: "The Deal with Password Alternatives"

I am presenting at PasswordCon and wanted to post here to provide visibility into what I will be talking about. Despite the potential complexity of the topic and low level discussions that can (and will) be ha, boils down to this.... Hackers are great at breaking things, typically not at specific organizational remediation at scale. Just not where they specialize. Doing authenticatio… Read more

By: Terry Gold

BSidesLV PasswordCon2016 Talk: "The Deal with Password Alternatives"

32
9
Hi Glenn- some of the exact details are being worked out (as mentioned to not overlap too much with other presentations). But I can give you more detail on many aspects, hope this helps (if it doesn't just ask). Difference between Identity, identification and credentialing Fundamentals of credential management: Lifecycle (this applies to ALL types and thus needs to be considered), key and … Read more

By: Terry Gold

BSidesLV PasswordCon2016 Talk: "The Deal with Password Alternatives"

31
8
Ok, so a couple of people asked “can you be more specific about what we will be talking about? So short answer is that I planned to pack a lot of information in this presentation and am going to shave some of it down to go at two speeds. Considering what others are presenting and trying to compliment rather than overlap. Unfortunately, this assumes that attendees of my talk are going to th… Read more

By: Terry Gold

BSidesLV PasswordCon2016 Talk: "The Deal with Password Alternatives"

32
9
Hi Jim - You have hit is right on the head and these differences are reviewed as a fundamental differenciation in the first couple of slides! There is no way to really focus on authentication and credentialing if people are confused about identity management (too often they are, unfortunately and stifles progress of discussions due to context).

By: Terry Gold

BSidesLV PasswordCon2016 Talk: "The Deal with Password Alternatives"

32
9
And to answer - apparently BSides LV will be recording, I will make slides available. And while I am trying to stay high level in some areas (as requested) I am not a high level guy so will be switching gears to get into the weeds where it is critical disclosure and will be around post talk to answer any questions.