2020-011-Alyssa miller, deep fakes, threatmodeling for Devops environments, and virtual conferences

https://twitter.com/AlyssaM_InfoSec/status/1159877471161839617?s=19

Looking forward to sharing my vision for ending the 60 year cycle of bad defense strategies in #infosec and my challenge to think about security in a more effective way. https://sched.co/TAqU

@dianainitiative

#DianaInitiative2019 #cdwsocial

@CDWCorp

1961 - MIT - CTSS - https://en.wikipedia.org/wiki/Compatible_Time-Sharing_System

Egg, coconut, brick ( my example of security --brbr)

Start with critical assets

Layer outward, not perimeter in.

Medieval castles

Create the keep, build out from that

Active defenses

Dover Castle - https://en.wikipedia.org/wiki/Dover_Castle#/media/File:1_dover_castle_aerial_panorama_2017.jpg

Detection defenses - watchguards

Mitigation defenses - moats - give time/space to respond (network segmentation)

Active countermeasures - knights/archers/cannons

DeepFake technology

Election year

Spoke at RSA

Business threat?

"Outsider trading"

"Video of Elon talking about problems - fake…"

Stocks tank - short

https://www.vice.com/en_us/article/ywyxex/deepfake-of-mark-zuckerberg-facebook-fake-video-policy

Could it be done strategically to destabilize things

Extort business leaders

Fake videos used to extort

Still difficult to create

What's the hurdles stopping it from being mainstream?

Huge render farms?

https://www.youtube.com/watch?v=18LN7VQM1aw - deepfake Sharon Stone/ Steve Buscemi

Threat modeling in devSecOps

Agile env needs to be quick, fast, and

Build it into user stories

Shostack's method is a bit weighty

How do we implement that in such a way to make dev want to do them?

Organizing Virtual cons

https://Allthetalks.online - April 15

24 hour conference for charity

Talks, followed by interactive channels, community generation

Virtual Lobbycon

Comedian

CFP is open 01 April 2020

Sticker swap!

Bsides Atlanta

27-29 March

https://bsidesatl.org/ - All virtual this weekend!

Infosec Oasis

https://Infosecoasis.com - 18 April

https://mashable.com/article/zoom-conference-call-work-from-home-privacy-concerns/

https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-automatic-removal-silent-update-webcam-vulnerability

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected]

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: [email protected]

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec