I just revisited a show we did recapping the year in InfoSec, looking forward to 2020, and which focused largely around building community and gaining insight from other industries. Instead of a special guest, Bryan, Amanda, and Brian invited the leaders of their online community, including myself, to come join the show this time around. If you haven't heard this already it is worth checking out if the topic sounds interesting to you. If you're not a regular BrakeSec listener, but follow me, you may remember a show from over 2 years ago which I recorded for BrakeSec at Sans Berlin.
Below are the complete "show notes" from the Brakeing Down Security Podcast's [sic] website, which you can find here with all complete contact information, and as well here is the show link on iTunes:
https://brakeingsecurity.com/2019-046-end-of-the-year-end-of-the-decade-predictions-and-how-weve-all-changed
---
End of year, end of decade Good, Bad, Ugly The Future Other topics Recent news News Stories from 2010 (see if they still make sense, or outdated)
x
Are things better than 10 years ago? 5 years ago?
If there was one thing to change things for the better, what would that be?
Did naming vulns make things better?
Which industries are doing a good job of securing themselves? Finance?
What do you wished never happened (security/compliance wise)?
Ransomware infections with no bounties
Still have people believing “Nessus” is a pentest
https://nrf.com/
https://www.retailitinsights.com/eventscalendar/eventdetail/1c77d5c6-8625-4f2b-bb98-89cca6590c49
https://monitorama.com/
https://www.apics.org/credentials-education/events
PREDICTIONS!!!
Bryan: The rise of the vetting programs (Companies will want to vet content creators in their eco-systems)
Cybuck: An uptick in surveillance tech; both disguised as cool home smart gadgets and straight up public safety. Triggering a US GDPR type response.
Injection remains as the undisputed heavyweight champion of app sec vulnerability (OWASP top 10). And wishful thinking...broken authentication moves lower, denial of service goes down. https://twitter.com/WeldPond/status/1207383327491137536/photo/1
JB: a major change in social media/generational shift in how we use it, legal or focus on new types of mobile tech for example… Human networking in real-life in the age of ‘social’ ….“When you hire someone… you also hire their rolodex” --- what do you think about this statement? ..it’s role in InfoSec? Talent?
JB- shouted out https://github.com/redcanaryco/atomic-red-team (Invoke-Atomic framework with powershell now on Linux, OSX, and Windows)
JB - Link to hunting/stopping-human-trafficing org i mentioned :
Shoutout
Sherrie Caltagirone, Executive Director, Global Emancipation Network @GblEmancipation
https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1569941622.pdf
Mentioned https://monitorama.com/ https://github.com/viq/air-monitoring-scripts (viq form brake sec )
Talk about where you were 10 years ago, and what you did to get where you are?
Best Hacking tool?
Best Enterprise Tool?
https://www.zdnet.com/article/more-than-38000-people-will-stand-in-line-this-week-to-get-a-new-password/
https://www.phoronix.com/scan.php?page=news_item&px=CERN-MALT-Microsoft-Alternative
https://www.iotworldtoday.com/2019/12/21/2020-predictions-apis-become-a-focus-of-iot-security/
https://www.jonesday.com/en/insights/2018/10/california-to-regulate-security-of-iot-devices
https://www.infosecurity-magazine.com/magazine-features/what-makes-a-ciso-employable/
https://www.csoonline.com/article/2231454/verizon-s-2010-dbir--rise-in-misuse--malware-and-social-engineering.html
https://www.owasp.org/index.php/OWASPTop10-2010-PressRelease
