Welcome to another edition of our Weekly Rewind – where we summarize all our posts from the last week. The top stories this week were 3) “HTTPS – Everywhere for Government”, 2) “The Look Ahead for Operational Infosec Jobs”, and 1) “Malware Analysis Slides from HackMiami 2015”. If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference. A la Schneier … you can also use this rewind post to talk about the security stories in the news that we haven’t covered remote-access.
Project KidHack Slides from BSidesOrlando 2015: Getting caught up on some presentations I’ve done the past few months… Here is an updated deck on Project KidHack from BSidesOrlando in April. Thanks to the BSidesOrlando crew for having me! Know of any games I should look at for future versions of this talk? Let us know in the comments below. (continued here)
Malware Analysis Slides from HackMiami 2015: In my continuing goal of catching up on posting the slides from presentations I’ve given the past few months, here is an updated deck of my “how-to” malware analysis talk. New are some models for visualizing the different types of phases, configurations, and platform alternatives as well as workflows for those that like that methodology better and several new tools (including a new online version of one of my favs!). (continued here)
HTTPS-Everywhere for Government: No, this isn’t a new Firefox plugin to enforce HTTPS on all federal websites but rather a directive to push agencies to use it. Such a move is unnecessary for many “brochure” government websites however having uniform guidance simplifies the decision process for those who are unsure. (continued here)
The Look Ahead for Operational Infosec Jobs: TechCrunch did a nice job of breaking down the types of “operational” infosec talent into tiers many organizations need and suggesting three alternatives to meet those needs. Tier 1 includes first line analysts that handle the day-to-day monitoring and basic response. Tier 2 analysts, the positions in high demand, include those that have more real world experience and provide advanced analysis of events that escalate from Tier 1. Until the supply of Tier 2 analysts catch up with demand, organizations must focus on 1) retaining existing analysts, 2) hiring new talent, or 3) outsourcing the analyst role — none of which are easy choices. Of course organizations can also train existing analysts but that appears to be included in option 1. The article does leave out a discussion of security “engineering” roles though. That is a whole other group of information security professionals needed, requiring even more top tier talent with real-world experience. (continued here)
Hope everyone had a wonderful week! Have a great weekend!