Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shad Malloy CAaNES, LLC.

Published byAdam Copeland Modified over 9 years ago

Similar presentations

Presentation on theme: "Shad Malloy CAaNES, LLC."— Presentation transcript:

1 Shad Malloy CAaNES, LLC

2 Wow, I’ve passed a lot of tests!
SecurityTube iOS Security Expert (SISE) Web Application Security 360, eLearn Security Certified Security Analyst (ECSA) Certified Information System Security Professional (CISSP) Certified Windows Security Analyst (CWSA), IACRB Certified Ethical Hacker (CEH), EC-Council Certified Intrusion Prevention Specialist (CIPS), IACRB Core Impact Certified Professional (CICP), Core Security Security+, CompTIA DON’T TRUST PEOPLES CERTIFICATIONS! EXCEPT MINE!

3 What are we going to be talking about?
Assumptions Threat Modeling Fundamentals FUD Rant Emerging Threats and Trends

4

5 Fear Uncertainty Doubt
FUD is rampant in the security industry Don’t tolerate it

6 Assumptions Target of Opportunity or Convenience Captive Attackers
Illogical Attackers

7 Nation States Are Apex Predators

8 Traditional Defense Structure

9 Modern Defense Structure

10 Actors Malicious or ‘Curious’ Students Malicious or Disgruntled Staff
Hacktivists Malicious Actors Criminal Organizations

11 Threat Model Asset Actor Loss

12 Fundamentals Asset Inventory Patching Network Segmentation
OS Peripherals Network Devices Applications Out of Band Management Network Segmentation Vulnerability Analysis Incident Response Disaster Recovery

13 Current Trends Cryptographic attacks Client Side Application
POODLE Heartbleed Client Side Application Sandworm (I promise these TOTALLY won’t have a nasty surprise) Internet Explorer MS14-064 Operating System Shellshock IoT

14 This is JAMY. JAMY is a terrible idea. MS14-036? Sun Alert ?

15 New Hotness Dirty secret of every security consultant is … We don’t need the new hotness Unless your doing the fundamentals well I’m going to use something tried and true.

16

17 What is on the horizon Encryption Attacks IPv6 and the circle of life
Operation Onymous IPv6 and the circle of life Client Attacks

18 Ask Me Anything Shad.Malloy@CAaNES.COM
Questions Ask Me Anything

Download ppt "Shad Malloy CAaNES, LLC."

Similar presentations

10,000 Issues Testing In a Tough Economy Jonathan Miller Director, Global Channel Sales & Development Pearson VUE Ryan Ulwelling Manager, Global PVTC Selects.

10,000 Issues Testing In a Tough Economy Jonathan Miller Director, Global Channel Sales & Development Pearson VUE Ryan Ulwelling Manager, Global PVTC Selects.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Making Your Own Luck – “Planned Happenstance” June Kay Career Development Consultant.

Making Your Own Luck – “Planned Happenstance” June Kay Career Development Consultant.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
StanSource Inc. is Information Technology services and solutions providing organization engaged in providing a full range of solutions and services to.

StanSource Inc. is Information Technology services and solutions providing organization engaged in providing a full range of solutions and services to.
Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.

Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.
UMBC TRAINING CENTERS © 2010, Paladin Group, LLC Certified Information System Security Professional (CISSP)

UMBC TRAINING CENTERS © 2010, Paladin Group, LLC Certified Information System Security Professional (CISSP)
IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.

IS 380 OME 1 Fall 2010 Class 1. Administrative Roster Syllabus Review Class overview 10 domains overview.
Eastern Illinois University School of Technology Advisory Board Greg DeYoung April 12, 2003.

Eastern Illinois University School of Technology Advisory Board Greg DeYoung April 12, 2003.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
E-Safety Quiz Keeping safe online! A guide for parents & children.

E-Safety Quiz Keeping safe online! A guide for parents & children.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.

Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Certified Information System Security Professional (CISSP)

Certified Information System Security Professional (CISSP)
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.

Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.
Brett Miller, Medical School Chief IT Security Officer IRBMED Seminar Series April 28, 2015 Data Security.

Brett Miller, Medical School Chief IT Security Officer IRBMED Seminar Series April 28, 2015 Data Security.
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

How STERIS is using Cloud Technology to Protect Web Access Presented By: Ed Pollock, CISSP-ISSMP, CISM CISO STERIS Corporation “Enabling Business”

Similar presentations

Ads by Google