Support Silicon Dojo at:
https://www.donorbox.org/etcg
http://www.silicondojo.com/

Operational and Physical Security
What are Operational and Physical Security
Operational Security is security around HOW your organization operates
Physical Security is use to prevent theft/ damage
Surveillance is used to gain visibility into an event
Deterrence is used to keep people fro deciding to attack your organization 
Surveillance is NOT SECURITY
Surveillance will show how you got screwed…
Make cameras as obvious as possible
Add creepy events to triggers
Turn on lights when there is motion
Play .wav file when there is motion
Notify employee and use 2 way communication to say “hi”
Culture
Process for Security Issues
Who does someone call if there is an issue?
How does a security problem escalate?
Are employees comfortable confronting others?
Are employees comfortable calling the police?
How will your systems be tested?
Force Continuum…
Response Plan
After an event what happens?
Operational Security
Buy Ugly
Crackheads don’t do spec checks…
Employee Background Checks
Employees are the #1 threat to a company.
What is the SECURITY vetting process?
Approval Process
How are changes approved?
How are employees given greater system rights?
How are current rights audited?
Need to Know
Knowing the target is half the battle…
Do help desk employees need to know the back end is on Azure?
Social Media
Linked in is an amazeballs intelligence resource.
“CTO of Dumb Company”
What are your IT people posting to Github?
Marking Doors / Weird Office Layouts
Along with Need to Know.  Does the secretary need to know where the server room is?
Is your office so intuitive “even a hacker” won’t get lost?
“You seem to be lost?”
Selecting Office Space
Crime Rate
Layers of Security
Got Server Room?
Ability to Modify Space
ISP Connectivity
Property Management Quality (Forward Thinking?)
Physical Security
Access Control
Locks keep good people from being stupid.
What would happen in a workplace violence scenario?
Record Access Events
Trigger cameras based off of Access Events
Have a centrally controllable system. Difficult systems to use breed complacency.
Fail Safe vs Fail Secure
Physically Locking Systems
BIOS/ UEFI Security
Lock what media the PC will boot off of
Disable insecurities
USB Locks
USB port Blocker (Kind of Expensive)
Rubber Cement
Unplug Front USB port Cable
BIOS/ UEFI USB Control
Network Port Blockers
Server Boxes
Server Cabinets
Lockable Doors
Cages
Anti Theft Cables
Lighting
WE SEE YOU!!!
Security Systems
Environmental Sensor
Burglary Sensors
Notifications and Response

the end