Day-Con XVII: Summit Notes
21/01/24 13:50
Once again, neighbors came together to discuss wicked problems and how the community could & should address them. The 17th annual event's tag line is "Chlorine for your soul!". Check out the summit notes HERE to learn more.
Future Shock: The Future of Fraud Today
11/11/23 09:40
Below is the abstract and link to the referenced material, including the presentation, from the Taste of IT on Nov 8, 2023. This is the first release in the Future Shock series. [FYI: Mo was unable to attend so I presented his slides]. Enjoy!
"The presenters will discuss the evolution of Organizational Identity Fraud and the abuse of organizational identity assets from the beginning of the World Wide Web to its current incarnation. They will assess the state of organizational identity asset protection programs and answer the question “Are organizations prepared for the world of software defined everything, nation state threat actors and coexisting with the Internet of Dangerous Things?”
The presentation will update the definition of Corporate Identity Assets and introduce relevant, novel, and forward-thinking threat catalog items associated with Organizational Identity Fraud. The presenters will articulate control affinities and practical life-cycle management practices for consideration, positing how transformational trends in mobility, computing and social media conspire to make organizations more vulnerable, while demonstrating how marketing, security and operations can join forces to turn the tables on their adversaries by becoming “hard targets”.
Building on prior work published in 2006 (https://www.sans.org/reading-room/whitepapers/engineering/corporate-identity-fraud-life-cycle-management-corporate-identity-assets-1650 ) and 2021 https://www.sans.org/white-papers/corporate-identity-fraud-ii-future-fraud-today/ ) the presenters will share new research & insight that demonstrate multi-domain mayhem caused by abusing organizational identity assets and exploiting (hidden) dependencies! Further, they will share their methodology, findings, and novel & emerging threat catalog items (aka relevant use cases).
Presentation Link HERE
Innovation Matters: Invisibility Cloak
05/10/23 13:10
“Wicked” Business Problem:
The simple act of connecting a device to a network (wired or wireless) exposes (high-value) it to more risk.
Innovative Approach:
Provide dynamic connectivity protection and resource sharing, in hostile environments, with no externally visible attack surface.
Vetted Solution:
BYOS’ human friendly approach uses a physical dongle to effectively “Cloak” personal computing devices, rendering them invisible and allowing them to connect with confidence.
Call To Action:
If you are interested in learning more dm me on LinkedIn or check them out @ BYOS [ Tell them Bryan sent you ;) ]
Innovation Matters: Ransomware "Kill Switch"
15/09/23 13:13
“Wicked” Business Problem:
Organizations running flat networks are especially vulnerable to high-impact attacks that rely on lateral movement like ransomware.
Innovative Approach:
The ability to move from a flat network to a layer-3 isolated (micro-segmentation) network (IT/OT) in a matter of hours with NO downtime or 3rd party agent software.
Vetted Solution:
Airgap’s elegant approach is truly innovative and worthy of consideration. Using DHCP to build a layer-3 overlay network, they can transform a legacy network into a virtual Purdue compliant environment. Prebuilt logic provides the ability to prevent ransomware propagation and introduces a “kill switch”, which can be activated in the case of a ransomware outbreak.
Call To Action:
Educate yourself on Airgap's innovative approach to layer-3 isolation and segmentation.
Facilitated Innovation & Structured Choice
15/09/23 12:44
What is it?
· A field-proven methodology that identifies self-funding business cases and drives transformational change. I have used this method successfully in my practice for many years now.
How does it work?
· Facilitates a dialog with key stakeholders who can affect organizational change.
· Aligns the organization’s mission with stakeholder capabilities (known & latent).
· Determines what MUST be true in order for the organization to achieve its mission objectives.
· Optimizes value across diverse stakeholder communities.
· Leverages rapid prototyping to Fail/Succeed Fast as measured against key proof points.
· Delivers in 30-90 Day Proof of Value (PoV) sprints.
· Produces a pipeline of Innovation Candidates to support a transformation plan of record.
· Populates an organization specific Curated Service Catalog that is fit for purpose and provides choice
· Institutionalizes a bespoke service selection methodology that ensures the Optimal Choice is made to capture Maximum Value as defined by the relevant stakeholders.
Here is an example of a Curated Service Catalog for the manufacturing sector:
So what?
By distilling the world of possibilities down to business-friendly options, organizations can realize more value faster and at scale. I plan on sharing some of the most interesting, timely and relevant candidates via a new blog series called Innovation Matters.
· A field-proven methodology that identifies self-funding business cases and drives transformational change. I have used this method successfully in my practice for many years now.
How does it work?
· Facilitates a dialog with key stakeholders who can affect organizational change.
· Aligns the organization’s mission with stakeholder capabilities (known & latent).
· Determines what MUST be true in order for the organization to achieve its mission objectives.
· Optimizes value across diverse stakeholder communities.
· Leverages rapid prototyping to Fail/Succeed Fast as measured against key proof points.
· Delivers in 30-90 Day Proof of Value (PoV) sprints.
· Produces a pipeline of Innovation Candidates to support a transformation plan of record.
· Populates an organization specific Curated Service Catalog that is fit for purpose and provides choice
· Institutionalizes a bespoke service selection methodology that ensures the Optimal Choice is made to capture Maximum Value as defined by the relevant stakeholders.
Here is an example of a Curated Service Catalog for the manufacturing sector:
So what?
By distilling the world of possibilities down to business-friendly options, organizations can realize more value faster and at scale. I plan on sharing some of the most interesting, timely and relevant candidates via a new blog series called Innovation Matters.