Fostering Maturity Through a Security Lifecycle: An OSS Case Study
-
Upload
tim-fowler -
Category
Internet
-
view
139 -
download
0
Transcript of Fostering Maturity Through a Security Lifecycle: An OSS Case Study
@roobixx#POSSCON
Info:
● Tim Fowler - OSWP
● Security Consultant, mountainsec, LLC
● Asheville, NC
● Open Source Developer & Practitioner
● @roobixx
@roobixx#POSSCON
Many of us are failing epically
Doesn't matter because it is Doesn't matter because it is already opened...already opened...
@roobixx#POSSCON
Time to ask some questions
● How are “they” doing security?
● What do “they” have that we don't?
● What do “they” know that we really should?
● How can we reduce the gap?
@roobixx#POSSCON
The #1 difference we found between enterprise security
operations and everyone else was INSIGHT
@roobixx#POSSCON
Insight starts with knowing what you have.Do an inventory of everything. Machines,
software ...and people.
@roobixx#POSSCON
Security starts at Layer 0. Not the physical layer but it starts with your people.
People > Things
@roobixx#POSSCON
Insight
● Inventory (Everything)
● Know how it all fits together
● Know your business
● Know your risk
● Know the impact
● Determine your baseline
@roobixx#POSSCON
Security is never done. Once you start, you never will stop. You just
need to get started
@roobixx#POSSCON
These Open Source tools and platforms allows organizations to
go from ZERO to INSIGHT without breaking the bank or
disrupting business