Archive for the ‘Black Hat’ Category

h1

Black Hat USA opens early registration for annual infosecurity event in Las Vegas

March 12, 2013

By Rosalind Carr, @Rosalind_at_O

BlackHatLogo2Black Hat returns to Las Vegas for its annual infosecurity event. Offering a number of opportunities for the infosec community, the event boasts more than 70 training workshops such as Advanced Malware Analysis, Attacking, Defending and Building SCADA systems and Android Application Hacking to name a few. Don’t hang about though- these informative sessions fill up quick. Click here to register under the earlybird offer before May 31st.

Copyright ©Launchpad Europe 2013. All rights reserved. You may copy and distribute this material as long as  you credit the author where possible; the copies are distributed only for non-commercial purposes and at no charge; and you include this copyright notice and link to Countdown2InfosecurityExpo.com, the original source of the work.

If you have any questions, please contact Launchpad Europe, info@launchpad-europe.com.

Advertisements
h1

Up close and personal Q and A with infosecurity Security Watch blogger @BrianHonan, a diamond from the Emerald Isle

January 18, 2012

By Rose Ross (@Rose_at_0)

As 2012 dawns, we have had the pleasure of getting an audience with renowned infosecurity blogger, Brian Honan. Keep an eye out for his blog SecurityWatch www.bhconsulting.ie/securitywatch if you aren’t already a fan.

Q.  Tell us a bit about yourself:

I am an independent information security consultant based out of Dublin Ireland.  When not providing services to my clients I enjoy writing articles for various magazines, blogging to my own site and now to Infosecurity Magazine Blogs, editing the SANS NewsBites and writing the occasional books are one way that I can articulate some of my ideas and reach a wider audience.  I believe that a key element in our battle against criminals is sharing knowledge and information.  I don’t pretend to know all the answers but if some of what I write makes people think differently, discuss an issue in more detail or look at an issue in a different way, then it is worth the time and effort put into the piece.  I have also published and contributed to numerous whitepapers on information security and also speak regularly at various conferences and seminars.  I also founded and run Ireland’s Computer Emergency Response Team, IRISSCERT www.iriss.ie.

Q. Tell us a little bit about the blogs you write for and their interest in data security.

My own blog, SecurityWatch www.bhconsulting.ie/securitywatch, is where I do a lot of my posting.  Although, of late my rate of posting has dropped off.  Likewise I used to regularly blog to the Infosecurity Magazine blog http://www.infosecurity-magazine.com/blog/ but have not done so in a while.  One of my resolutions this year is to address this deficit and update both blogs more regularly.   SecurityWatch is my own company’s blog so I use it to make people aware of some of the work we do, new industry initiatives, upcoming security events and also post some of my musings on information security.  Infosecurity Magazine is one of the industry’s leading publications on information security and I tend to post more strategic or information security management issues.

Q. What’s hot in IT security this year?

I always worry when people focus on what is hot in IT security.  My concern is that if we look at what is hot we tend to overlook the basics which in turn can lead to system compromises.  However, providing organisations continue to take a risk based approach and address the basic disciplines in information security then the areas I see being hot this year are the consumerisation of IT, cloud computing, hacktivism and security awareness.  Consumerisation of IT covers not just allowing employees to use their smartphones, tablets or personal PCs to work on but also personal services such as personal email accounts, file sharing solutions, online collaboration tools and social networks.  Given the ease of use with these devices and services and also how tech savvy many people are today, those responsible for security can no longer simply ignore this issue and need to see how best to integrate into their work place and manage the associated risks.  Cloud computing will continue apace this year and as more and more business people see the benefits that the cloud can bring, IT security needs to grasp this nettle and ensure cloud is embraced into their organisations in a secure manner or they will be simply bypassed by the business.  Remember you do not need to be technical anymore to deploy and use many cloud services.  You simply need a credit card and a mouse.  Anonymous and other groups such as Lulzsec have focused the spotlight in 2011 onto hactivism with many major organisations hitting the headlines as a result, for all the wrong reasons.  However, while hacktivism is nothing new the increasing media exposure to the likes of Anonymous is encouraging many others to come forward and use the Internet as a means to demonstrate their displeasure at the way companies, individuals or governments are behaving.  So I see an increase in these type of attacks this year and already we are seeing an example of this with the tit for tat exchanges that are currently happening between activists in Israel and Saudi Arabia.  In order to help minimise the risk of the above topics and to address the traditional and on-going threats we face I see many organisations looking at how to better educate their users to be more aware of information security risks and how to deal with them.

Q. How many security events do you attend each year?

I try and attend as many as I can, work permitting.  Being based in Ireland means that for many major events I have to travel so I have to be rather choosy on which ones I go to.  I always make sure that each year I get to attend both Infosec Europe and RSA Europe.  I find these are great events to get to meet others in the industry and to keep up to date with what is going on.  Last year I attended and spoke at BsidesLondon and found it to be an excellent event and hope to attend again this year.  I also run the Irish CERT’s Annual Cybercrime conference in November and it is fast becoming one of the top security events in Ireland.  I also look to attend local chapter events for organisations such as ISSA, ISACA and OWASP.  These events are excellent in allowing people to network with their peers in the local area and to discuss issues of common interest.  If you cannot get to attend any of the major events I would strongly recommend people look towards their local ISSA, ISACA and OWASP chapters for their events.

Q. Which one are you most looking forward to?

I look forward to Infosec Europe and RSA Europe a lot as I get to meet friends and peers that I may not see as regularly as I wish.  It is often a chance to meet with new people or to come across a new product idea or interesting speaker.  While it requires a lot of work, the Irish CERT Cybercrime conference is also a favourite as it is an opportunity for us to invite great speakers to address an Irish audience and for those attending to network with each other.

Q. What types of stories or companies are likely to attract your attention this year?

Those that look at addressing the basic issues in IT security and look to engage with the community on dealing with those issues.  This approach though is not attractive to many in marketing as it requires investing time and resources in building up relationships and  can be a long slow burn to achieve any direct results.  But from the organisations I have seen take this approach the dividends gained can be quite large.

Q. What’s the best way to pitch a story to you? Email? Phone? Twitter? By mail?

Email is the best contact, brian.honan(at)bhconsulting(dot)ie or via Twitter @brianhonan.

Q. Who is worth listening to (about IT security) and what’s your favourite blog?

Those that are engaged in the trenches in dealing with IT security issues and tend not to put a marketing or sales spin onto the topic.  A good list of people on Twitter to follow is Tripwire’s Top 25 Influential People to Follow on Twitter http://www.tripwire.com/state-of-security/it-security-data-protection/top-25-influencers-in-security-you-should-be-following/

Q. What is your favourite piece of technology?

The Internet, I know it is composed of many different technologies but when you think about how it has changed our lives, both personal and business, it is amazing.

Q. What do you think is the most important development in IT security to date?

I think one of the most important developments in IT security to date is the information sharing forums or groups that have been set up to help organisations, both private and public, to share information and intelligence on criminal activities and devise strategies on how to address them.  While technology will help us tackle some of these threats, it is humans at the end of the day who are actually posing the threats and it will be humans working for the common good that ultimately can best address those threats.   So the setting up and running of the first CERT, CERT/CC www.cert.org, was a major forwarding initiative and one that is still paying dividends today.

Q. What is the best piece of advice for companies pitching stories?

Avoid the FUD (Fear Uncertainty and Doubt) approach, the sky is not going to fall if someone does not use your product/service.  Yes do highlight the issue but address it in a pragmatic way.  Also don’t brand your solution to solve the latest security buzzword or that your product could have prevented the latest headline security breach.

Q. Are you a social media lover? Which ones are you on? FB? LinkedIn? Twitter?

I love social media as it provides me with the opportunity to keep in touch with friends and peers and access the thoughts of some of the best minds in the industry. While I have a profile on Facebook I am not as active there as I very wary about the way Facebook deals with the privacy of its users.  I am very active on Twitter (@brianhonan) and LinkedIn (http://www.linkedin.com/in/brianhonan).

Copyright ©Launchpad Europe 2012. All rights reserved. You may copy and distribute this material as long as  you credit the author where possible; the copies are distributed only for non-commercial purposes and at no charge; and you include this copyright notice and link to Countdown2Infosecurity.com, the original source of the work.

If you have any questions, please contact Launchpad Europe, info@launchpad-europe.com.

h1

New Infosec show in town: Security B-Sides arrives in London – Call for speakers!

February 3, 2011

By Steve Gold, @stevewgold

It’s taken almost two decades, but Infosecurity Europe – held each spring in central London – has a rival. In the same week, no less!

Well, not exactly a rival – more a parallel universe called Security B-Sides, which is billed as an `unconference’ which takes place on day two of Infosecurity Europe’s three-day run across town.

Unlike Infosecurity, Security B-Sides – organised by a team of experienced volunteers – is a collaborative effort, with this, the first UK event, scheduled to have just a few hundred attendees.

There have been 13 events in the Security B-Sides calendar in the US, where the first ever conference, sorry, unconference, was held in parallel with Black Hat USA back in 2009.

The event looks interesting. It’s actually a shame that the conference is taking place in parallel with Infosecurity Europe, as the speaker list looks attractive, but given the fact that there will be around 12,000 warm bodies in London with an interest in IT security that week, it’s entirely understandable.

Like the low-key Chaos Computer Club conferences held each Christmas/New Year in Berlin, there will be presenters at Security B-Sides that will reveal riveting security geek stuff. And that’s just for starters.

The event stands a good chance of taking off and, if it does, it will probably move to just after Infosecurity Europe next year or the year after, making it an add-on event, in much the same way that Black Hat comes after DefCon in Las Vegas each summer.

Matt Summers, Security B-Sides’ London founder and a Symantec consultant, describes the event as a movement by the information security community.

“It is not your typical conference, as the events expand the spectrum of infosecurity discussions by encouraging participants to give voice, creation and refinement to the ‘next big thing’,” he added.

“The London conference has already seen an enthusiastic welcome from the Infosec community in the UK and Europe by having the quickest sell-out in Security B-Sides history,” he added.

Mike Dahn, founder of Security B-Sides worldwide, also added his voice, noting that B-Sides is about collaboration, not merely exposition.

“The events provide an open platform that gives security experts and industry professionals the opportunity to share ideas and insights, and develop relationships with others in the community. B-Sides London will provide a rare opportunity for attendees and speakers to directly connect and create trusted relationships with key members of the security community,” he said.

Verdict? Definitely worth checking out – if you’re quick, you might even be able to present at the event. Deadline for submissions is February 15th.

http://bit.ly/BSidesLondon