PowerPoint Presentation

Low-Hanging FruitChema Alonso(@chemaalonso)

Low-Hanging Fruit means easy-to-find bugs

Google Project Zero

Clear

Yet another App!!

Security Boundaries

Bypassing Security

Buzz-Words-TechPost-Quantum CryptographyAnti-APTMachine LearningCyber-resilience

How to be Rich in 10 StepsRun a CompanyPoint out the limits of security techCall previous tech uselessDo some tech to solve one single problemCreate a Buzz-Word Viral itInfluence to Create a Magic QuadrantGo IPOSell the tech to some big corporatesSell the Company

11

DLP (Data Loss Prevention)

DLP (Data Loss Prevention)

OWASP Top Ten 10

Department of Homeland Security

Be Secure or Feel Secure

Pretending to be Secure

Complexity of SecurityManagePeopleTechProcessTo getIntegrityConfidentialityAvailabilityReachingAcceptable RiskResilienceCompliance

Doing What/When/Where? How?Hardening SystemsDefense in depthMinimum Attack SurfaceMinimum PrivilegeHardening PeopleInfluenceAwarenessPersistence PentestingHardening processProvidersSoftware development

Do the BasicsSecurity 101Patch known-bugsChange Default PasswordsHarden Default ConfigurationsDont code with easy bugsTech security to your peoplePentestingApply Secure CryptographyACLsDesign a secure Network

Do the BasicsSecurity 102Continuous monitoringAdaptive Authentication / 2FAPersistent PentestingCode ReviewsHarden your networkData Loss Prevention....Security 103Predictive Data LeaksPrivileged Accounts ControlDigital Surveillance...

Security 201CSIRTAnti-APTsMachine Learnig...Security 202Hidden LinksMalware investigationShadow IT....

NetWork Hidden Links

Malware Investigation

Persistent Pentesting

Maturity

PreventDetectManaged incidents responseRespond

Do the BasicsBalance between Physical & Digital SecurityDo the BasicsDo the Basics (Clear?)Do more than the basicsBuy super-fashion Tech

Questions?Chema Alonso@chemaalonsohttp://www.elladodelmal.com