Tactical Edge, Colombia

I always get excited when I get to travel to new places and meet interesting people as part of my job.

To sdsc_0849ay I was extremely excited and humbled to have been invited to attend Tactical Edge in Bogota, Colombia would be an understatement.

However, as the days drew closer, I found that fewer of my friends and family shared my enthusiasm. The constant asking of “have you got kidnapping and ransom insurance” had given me second thoughts. Not the kind that would make me cancel the trip. But the kind that you get when you get on a roller coaster after a long wait and get the butterfly’s in your stomach that question whether it was such a great idea.

Edgar Rojas was putting on the conference and couldn’t have been a better host. He sent us all relevant information up front, a detailed itinerary of events and generally had everything under control. Upon arriving in Bogota, I found whatever concerns I had disappeared almost instantaneously. Not only had Ed arranged a pickup from the airport and our rooms, but had included site-seeing tours of the city as well as dinners in some of the best restaurants. It turned a work trip into a more enjoyable experience than some holidays I’ve been on! dsc_0814

When it comes to conferences though, having an exotic location, good food, and a few shenanigans are all fine. But ultimately, a lot of it boils down to the actual content and knowledge-sharing that takes place – and the event didn’t disappoint.

 

There were many foreign speakers that flew in for the conference, including Wendy, Dave, Paul, Jayson, Paul, David, Greg, Erin, Zack, Valerie, Wolf, Andrew, Frank, and Tracy amongst others (apologies in advance I’ve definitely forgotten some people)

dsc_0815
But perhaps more interesting was interacting with some of the local security professionals. Communication was somewhat challenging as I don’t know any Spanish beyond what I’ve picked up from watching Dora the Explorer and Handy Manny. But it was good to hear and understand the security challenges faced by security peers based in Colombia, and indeed the wider South America. The economy is surprisingly strong and big businesses are expanding rapidly. So many of the challenges are similar to the ones we see in elsewhere. However, there are some cultural and technology maturity differences which means there are variations in how security is sold and implemented.

A few of the attendees I spoke to were interested in three broad areas:

  • The first was to understand models by which security can be best implemented and measured within enterprises.
  • The second was around how to sell security to the executives by way of media real-life examples. This seemed to be a common thought, as several of the local speakers spoke at length about breaches, their impact, how their occurred, and what companies could do to protect themselves.
  • The final area which I had some interesting discussions around was around security technologies. Like most other places, compliance drives some purchases. But many were interested in open source tools and looking for alternatives to the vendors they saw in the Gartner Magic Quadrant. One person stated that they felt the Magic Quadrant was a limited list and wanted an easy way to understand the variety of providers out there, but didn’t have anyone locally that could offer that expertise.dsc_0868

Overall, it was a real eye-opener. An educational and highly enjoyable event. In between the conference, the site-seeing, and the networking, I think tactical edge set the bar for security conferences.

 

 

Alien Eye in the Sky: Ep 5

After a hiatus of a week while I was attending Tactical Edge in Colombia – I’m back with a roundup.

Stories in the video

http://www.theregister.co.uk/2016/10/24/chinese_firm_recalls_webcams_over_mirai_botnet_infection_ddo…

http://www.bbc.co.uk/news/technology-37761868

https://www.veracode.com/blog/managing-appsec/do-you-use-open-source-components-find-out-what-our-la…

https://www.ft.com/content/ed9ff168-9b03-11e6-8f9b-70e3cabccfae (may require subscription to read)

https://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/

Other interesting links

Independent researchers have confirmed MedSec’s findings, including hack to zap someone’s heart (PDF)

Surveillance Evasion

15 hacker kids under 15

Is Ireland ready to police the data world?

Silicon Valley Decides it’s just too hard to build a car

Guide to automatic security updates for PHP developers

Dyn Analysis summary of October 21st attack

Mozilla no longer accepts audits carried out by Earnst & Young

The difference between SecDevOps and Rugged DevOps

Crack WPA/WPA2 Wifi Password Without Dictionary/Brute Fore Attack using Fluxion

Microsoft: Google has put our customers at potential risk

IoT botnets – an open letter to manufacturers

I blogged something about Mirai over on the AlienVault blog. But that didn’t ease my pain, so I went and made a video as a kind of open letter to manufacturers.

Behavioral Monitoring

I wrote a whole blog to accompany this video – you can read it here

TL;DR? Behavioral monitoring is more about finding out what’s normal than not.

 

Alien Eye In the Sky – Weekly roundup – Ep 2

It’s been a busy week in the land of information security. But don’t worry, we’ve got it all covered in our roundup.

Links to stories in video:

Ransomware operator shut down

Stealing an AI

Nobody is bidding on shadowbrokers files

US government IP address contract ends

Don’t be Yahoo

Verizon wants $1bn discount

You don’t have to be stupid to work here

Links to other interesting stories from the week

MMD-0056-2016 – Linux/Mirai, how an old ELF malcode is recycled

Hacker releases code that powered Botnet attack against Krebs

Microsoft has announced it is to harden the edge browser for enterprise users

A really sweet presentation format and great information for incident response and security operations teams by Frode Hommedal

Thrillseekers stuck on rides at Universal Studios after massive power outage — redundancy fail? Or all part of the show?

Halvar flake was asked why he works in security – and gives a nice response. What he didn’t give was my 3 favourite answers. Good pay, Sponsorship money, and VC money

What makes call-out culture so toxic?

The three infrastructure mistakes your company must not make

Hootsuite’s CEO on what he learned from getting hacked on social media

AlienVault OTX Maltego Transforms