Tuesday, June 14, 2016

FIRST 2016 - Innovation

Today's keynote at the FIRST conference discussed the importance of innovation in security products and services. Not everyone is a fan of such things.


Innovation, you say?
It's easy to say.
Harder to do when you're spending your day
Fighting the fires and calling out liars
And answering calls from your C-level criers.
We barely have time to kick all the tires
On products we buy
Whenever we try
To solve all our problems
When the budget is high.
(Sometime we barely can even ask why.)
Often we're choosin'
Tools that are proven
By peers who have shown
That they're really worth usin'
And are ones that risk management ain't refusing.
We'd like something new,
Innovation that's true,
But it's rare that it's something we'd purposely do.
Radical changes we often eschew.
Innovation is something, I guess, that we fear.
It's something, I'd say, you'll never find here.

Monday, June 13, 2016

FIRST 2016 - Tabletop Exercises

Performing tabletop exercises to practice and learn more about incident response processes of an organization and to improve those processes is an excellent thing to do. Kenneth van Wyk gave an excellent presentation on how to run tabletop exercises.


Fledgling stretches wings
Learning how to make them work.
SOC testing new tools.

A confident hawk
Dives to catch its fleeing prey.
The IDS fires.

Unseen in the trees,
Trappers wait with heavy nets.
A tabletop drill.

How will the hawk eat
When it's wings and beak are bound?
Prepare for the worst.

Hawk learning to hunt
While tied to the rocky ground.
SOC will be ready.

No matter the wind,
The rain, or the predators.
Business must go on.

FIRST 2016 - The Vulnerability Lifecycle

CERT/CC presented a workshop on coordinating vulnerability disclosure. Understanding the vulnerability life cycle helps when developing a corporate vulnerability management process.

Vulnerabilities live, those wee nasty things.
And all through their lives, oh, the mess that they bring!
First they're discovered through various methods,
Researchers probing and using their big heads
Or accidents happening by users at play
That leave them amazed or completely dismayed.
Once it's discovered, it's time for disclosure,
Which may cause a vendor to lose their composure.
This process requires so much c'ordination
Which reduces the impact and bad situations.
Before things are published, we look for a fix:
Remediation through patches or similar tricks.
Deploy out the changes and work toward removal
Of bugs or the process that earned disapproval.
Not much of a life! Vulns are no fun.
Though they seem to be smiling as they yell and they run.

Sunday, June 12, 2016

FIRST Conference 2016

Many of my InfoSec peers have come to Seoul to attend the 28th Annual FIRST Conference. It should be a fun, busy, and illuminating time! It is my first big conference since leaving my higher ed crew. I hope these folks will party as hard.


Welcome to FIRST!
It's time to get funky.
We've all got some problems
On our backs like a monkey.

Criminals trying to get all our goods.
(Some of them organized, some are just hoods.)
How do we share the intelligence gathered?
What are the details we found really mattered?
What are the tools that we all kinda need?
Who can we turn to when we start to bleed.
Red teams and training and policy work,
Pressos that aim to eat through the murk.

Let us get started. Just dive in and go.
Listen and share, help community grow!