Posted in Blog, Cons

HouSecCon 2021 – D1

Day 1 in the books. It was a little odd to be at an in-person function, but it was a good time. I’ll theoretically add links to the videos when they come out.

Quick summary of my day…

Session notes

Opening keynote by Lesley Carhart on IR was jam packed full of tips for making IR hurt less. I’m going to have to watch this one when it’s posted. My biggest takeaway was an ounce of prevention is better than a pound of cure. I think any org looking to get a functional IR plan in place would benefit from watching.

Next for me was Nathan Wenzler on shifting to the cloud. Key points for me were don’t let tools become shelfware and make sure your APIs don’t suck. Also make sure that you are reading the fine print in your agreements. Know your SLAs and who is responsible/accountable for what.

Then Andy Bennett on ransomware. BEC costs more, but ransomware hurts more. One point I really liked was that your communication plan needs to be different for the IR team than for the upper level people. Good reminder. And MFA all the things. ALL THE THINGS.

After lunch was Deborah Watson on MITRE ATT&CkK to reduce risk. I liked the emphasis on risk based controls and the reminder that if it’s someone’s job to open emails and attachments, we really can’t fault them for that. But we need to make it safer. And do you really have controls in place if the majority of the company is excepted form them?

Ricky Allen talked about cyber resilience. I liked the focus on recovery – I do think that part often gets neglected. He highlighted checklists as well. There’s a reason high pressure situations tend to have checklists. We forget things under stress. I’m a big believer in checklists (and documentation).

Then came my talk (Everything’s on fire and I’m not okay – managing priorities and workloads as an army of 1 [or more]), which I think went well, but I’ll also always think could have gone better. It was fun for me at least. Slides and links below. I think we can do better in focusing our priorities and stress levels. I hope people took away that priorities will look different at different places, that finding a way to match your needs for infosec with the needs of the org is a good thing to do, and that work boundaries are good.

My talk stuff

The references


Lifelong paradox - cyber sec enthusiast - loves to learn

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.