Support Silicon Dojo at: https://www.donorbox.org/etcg http://www.silicondojo.com/ Cyber Security Introduction Point of Cyber Security Prevent Loss of Data Prevent Down Time Prevent Systems from Being Used Nefariously Stay Compliant with Laws/ Regulations Don’t Do Harm If users can’t use systems because of security you fail Your Environment No environment looks like a college exam. “Best Practices” don’t last 30 seconds in the real world Focus on what you can fix NOW Plan for the future Building Trust STOP… just stop… you are not as important as you think Executives are juggling numerous priorities. Acting like an ass will not help your cause You need to build peoples trust in you. They need to trust YOU not what you advise. Office Politics IS PART OF YOUR JOB!!!!! !!!!! and a couple more !! Cyber Security = Good Administration Security should be built in to the infrastructure Security is Layered Any Single Layer Compromise Should Not Be a Killer Zero Trust Environment BYOD was the end of Trust Remote workers Convergence Getting Decision Maker Buy In Preventive Maintenance is a hard sell Add Security to normal upgrades and purchases CEO’s like “cool sh*t” - 100” LCD screens showing real time dashboards Sell the “Sizzle” to get the “Steak”… Visualizing the value of tech is hard, stupid gimmicks are not Know who is actually in charge. Is it the CIO or the CFO? Getting Employee Buy In Training Listening to Employees Befriend Employees Successful Attacks Require A Vulnerability A Vector to the Vulnerability An Attack/ Event Vulnerability or Feature? You can’t hack a server that’s powered off. You also can’t use the server Limit the feature set of each server/ device Instead of a single FTP, Web, SMTP, VPN server break them into individual systems. Use virtualization Use cheap hardware. Does your FTP server need a Xeon Processor? Security is More Than Chinese Hackers Security is a mentality not a product Strategy should change with time. A solution for one threat will prevent numerous other threats Threat: Employee Employees trying to game the system Dumb Mistakes Nefarious Actors Threat: Natural Disaster What happens in Flood/ Fire/ Earthquake? Threat: Normal Crime Crackheads don’t know what an Active Directory Server is…. Threat: Rats Nest Don’t pull the wrong cable! Threat: Stupid Problems Backhoe through your fiber line Unplugging Active Directory Server SaaS single IP issues Threat: Vendor Issues Supply Chain Attacks Facility Destruction Vendor Hacked Threat: Hackers Actual Hackers are probably the least of your problems By focusing on “hackers” you may miss much more pressing issues Having a full Disaster Recovery System solves both the Flood AND Ransomeware problem If your security prevents and administrator from doing something stupid it also will block “hackers” Security Products Support Cost Scalability Reliability TCO - Total Cost of Ownership Interoperability Disaster Recovery and Resiliency Backups are not enough Disaster Recovery is about having FUNCTIONALITY back ASAP. High Availability Failover Hybrid Cloud