Cyber Security Introduction (Cyber Security Part 1)

Cyber Security is a big concept and a lot of ideas have to be discussed.

Slide Notes:

Cyber Security Introduction

Point of Cyber Security

  • Prevent Loss of Data
  • Prevent Down Time
  • Prevent Systems from Being Used Nefariously
  • Stay Compliant with Laws/ Regulations

Don’t Do Harm

  • If users can’t use systems because of security you fail

Your Environment

  • No environment looks like a college exam.
  • “Best Practices” don’t last 30 seconds in the real world
  • Focus on what you can fix NOW
  • Plan for the future

Building Trust

  • STOP… just stop… you are not as important as you think
  • Executives are juggling numerous priorities. Acting like an ass will not help your cause 
  • You need to build peoples trust in you. They need to trust YOU not what you advise.
  • Office Politics IS PART OF YOUR JOB!!!!! !!!!! and a couple more !!

Cyber Security = Good Administration

  • Security should be built in to the infrastructure

Security is Layered

  • Any Single Layer Compromise Should Not Be a Killer

Zero Trust Environment

  • BYOD was the end of Trust
  • Remote workers
  • Convergence

Getting Decision Maker Buy In

  • Preventive Maintenance is a hard sell
  • Add Security to normal upgrades and purchases
  • CEO’s like “cool sh*t” – 100” LCD screens showing real time dashboards
    • Sell the “Sizzle” to get the “Steak”…
    • Visualizing the value of tech is hard, stupid gimmicks are not
  • Know who is actually in charge.  Is it the CIO or the CFO?

Getting Employee Buy In

  • Training
  • Listening to Employees
  • Befriend Employees

Successful Attacks Require

  • A Vulnerability
  • A Vector to the Vulnerability
  • An Attack/ Event

Vulnerability or Feature?

  • You can’t hack a server that’s powered off.
    • You also can’t use the server
  • Limit the feature set of each server/ device
    • Instead of a single FTP, Web, SMTP, VPN server break them into individual systems.
    • Use virtualization
    • Use cheap hardware. Does your FTP server need a Xeon Processor?

Security is More Than Chinese Hackers

  • Security is a mentality not a product
  • Strategy should change with time.
  • A solution for one threat will prevent numerous other threats

Threat: Employee

  • Employees trying to game the system
  • Dumb Mistakes
  • Nefarious Actors

Threat: Natural Disaster

  • What happens in Flood/ Fire/ Earthquake?

Threat: Normal Crime

  • Crackheads don’t know what an Active Directory Server is….

Threat: Rats Nest

  • Don’t pull the wrong cable!

Threat: Stupid Problems

  • Backhoe through your fiber line
  • Unplugging Active Directory Server
  • SaaS single IP issues

Threat: Vendor Issues

  • Supply Chain Attacks
  • Facility Destruction
  • Vendor Hacked

Threat: Hackers

  • Actual Hackers are probably the least of your problems
  • By focusing on “hackers” you may miss much more pressing issues
  • Having a full Disaster Recovery System solves both the Flood AND Ransomeware problem
  • If your security prevents and administrator from doing something stupid it also will block “hackers”

Security Products

  • Support
  • Cost
  • Scalability
  • Reliability
  • TCO – Total Cost of Ownership
  • Interoperability

Disaster Recovery and Resiliency

  • Backups are not enough
  • Disaster Recovery is about having FUNCTIONALITY back ASAP.
  • High Availability
  • Failover
  • Hybrid Cloud