Thursday 5 October 14:30 - 15:00, Red roomClaus Cramon Houmann (Peerlyst)
Through my time as CISO for a small bank - where security was non-existent when I first started there as a consultant - I discovered how regulatory and compliance requirements drive budgets in the financial industry. I also learned along the way that more was needed to give SMBs a real chance, and I learned that all the expensive toys you hear people talk about on Twitter or at conferences are often simply not possible on a SMB budget. So my team and I focused on the basics and getting good at them, and over a period of 3+ years we built a defensive posture that I am proud of. I have built a framework around this defensive posture called "Minimum Viable Security" - controls, mitigations and procedures that anyone can realistically put in place with even a small team. This framework represents the level of defence you can expect any SMB to be able to put up, but still falls horribly short of what you would want a real defensible infrastructure be able to put up. I will discuss why SMBs can probably never be expected to go much above this and the reality in which SMBs live.
Claus Cramon Houmann
Claus is a former bank CIO and CISO, who is now working as a community manager for Peerlyst Inc., a website dedicated to building a repository of knowledge for all information security professionals to help defenders everywhere do their jobs better, faster.
Claus is a volunteer for I am the Cavalry and spends most of his time trying to make connected things and companies safer and more secure.
Juan Andres Guerrero-Saade (Kaspersky Lab)
Costin Raiu (Kaspersky Lab)
Attribution is complicated under the best of circumstances. Sparse attributory indicators and the possibility of overt…
Tiberius Axinte (Bitdefender)
This paper provides an in-depth analysis of the macOS version of the APT28 component known as XAgent. We will dissect the…
John Graham-Cumming (Cloudflare)
In February 2017, Cloudflare was revealed to have been leaking private information including HTTP headers, cookies and POST data…