Explore the challenges faced by modern CISOs and learn effective strategies for building defendable systems in this insightful conference talk from the Hack In The Box Security Conference. Delve into the complexities of enterprise defense, including the evolving threat landscape, shortage of infosec expertise, short lifespan of security products, and increasing compliance requirements. Gain valuable insights from 18 years of experience working with global organizations as an offensive testing vendor. Discover the four pillars of cybersecurity and understand the importance of user maturity in creating a robust security posture. Examine the concept of "Nakatomi space" and learn how to balance technical solutions with user behavior. Uncover the benefits of transparency, maturity, and changing mindsets in cybersecurity management. Analyze real-world examples from banking, messaging apps, and email services to understand practical applications of security principles. Leave with a fresh perspective on taking ownership of cybersecurity and implementing simple yet effective measures to enhance your organization's defense capabilities.
Overview
Syllabus
Intro
Welcome
Who am I
Attacks are a technical problem
Existing defence measures do not match attacker tactics
Nakatomi space
Who owns cybersecurity
Four pillars of cybersecurity
Most ignored component
Bank statements
App activity statement
Two harmonious mindsets
Transparency
Maturity
Users
Zero Days
Dancing Pigs
Stupid People
User Behaviour
User Maturity
User Maturity Curve
Uninformed Users
Reward Users
Password Composition Guidelines
How many of you use WhatsApp
How do you log into WhatsApp
The big message
Banking customer suggestion
Telegram
Gmail
Take ownership of cybersecurity
Change the mindset
Questions
Political problem
Change the thought process
Look for simple things
Taught by
Hack In The Box Security Conference
