Security breaches pervade the headlines. What was seen as a rare instance just 5 years ago now seems to occupy the daily news cycle. A lot of these data breaches are made possible due to missteps and misconfigurations. There are many security issues that are introduced into website authentication mechanisms that further compound the security issues in addition to enforcing bad behavior by the end users. Security debt is a real problem for the vast majority of organizations in the world today and the attackers will utilize this to their advantage. In addition to keeping system hygiene at front of mind defenders need to focus on proper network zone segmentation or, as it more popular term these days, zero trust networks. The old conceptual style of a castle wall and moat to defend a network was deprecated several years ago. As a result of the dissolution of the traditional perimeter a stronger focus has to be placed on the strength of authentication, authorization and trust models for the users. The antiquated notion of an information security practitioner running through the office brandishing their flaming sword of justice above their heads screaming “thou shall not pass” has at long last reached the denouement. Whether you are responsible for the security in a financial organization or one that makes teddy bears it is necessary to adapt and learn to trust but, verify.
Presented at Security Fest 2019.Speaker: Dave Lewis
Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is a Global Advisory CISO for Cisco. He is the founder of the security site Liquidmatrix Security Digest & podcast as well as the host of DuoTV and the Plaintext podcast. He is currently a member of the board of directors for BSides Las Vegas. Previously he served on the board of directors for (ISC)2 as well as being a founder of BSides Toronto conference. Dave has been a DEF CON speaker operations goon for over 10 years. Lewis also serves on the advisory board for the Black Hat Sector Security Conference and the CFP review board for 44CON. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig, and others. For fun, he is a curator of small mammals (his kids) plays bass guitar, grills, and is part owner of a whisky distillery as well as a soccer team.