Presentation at CMSS Conference 2016 - I was recently honored with the opportunity of speaking at the CMSS 2016 Conference. My goal for this engagement was to educate about the importance of innovating and applying exponential technologies in IT Security within the organization. My audience included many professionals in the medical industry, so it was important for me to be able to convey the importance of cybersecurity in that industry.
28. Books to Help + Resources
• SU DC Chapter-
singularityudc.com
• Singularity University – su.org
• Singularity HUB – singularityhub.com
• Daniel Burrus - www.burrus.com
• Exponential Organizations –
exponentialorgs.com
29. With all the opportunities that Exponentials
bring there are Risks. Big Risks
1. Governance
2. Ethics
3. Privacy
4. Complexity
TRANSITION TO DEFENSE
31. Health
Dr Ordered - reluctantly
Food Panel – Allergy
Hematology
Metabolic Chemistry
Lipid profile
Hormones
Urinalysis
Vitamins etc
Symptoms
Mental Fog
Mood Variability
Joint Pain
32. Frontiers of Optimal Performance &
Human Potential
• Firewalking 7x
• Active Spartan race training
• Cold water immersion via
Wim Hof
• Blackbelt
• Survival School
• Kiting and windsurfing
• Coaching Travel Soccer
• IronMan x2
• 2 x ½ IronMans
• Meditation/Mindfulness
(MBSR, Thich Nhat Han)
• Personal and Team Flow
States Experiments (Steven
Kotler)
• Innovation at the edge –
Design Thinking (SU)
39. The Plan
• Primary Target, Time Frame, Re-test
• Diet to deal with inflammation
• Exercise – Mobility, Strength
• Vitamins
• Meds
• Testing
• Execution
• Follow-up and Follow-Thru
40. Am I Done?
• You only saw a 2015 Food Allergy Panel.
Where is the 2016 Comparison?
• What about the stool sample?
• Year after Year. Massively Proactive.
• Rinse and Repeat
52. COMPREHENSIVE IT SECURITY HEALTH PANEL
(1)External Facing Systems
(2)Firewall Internal Systems (systems used by
employees, mail services, activesync, vpn, etc.)
(3) Do your company PCs have an anti-virus program?
55. Year Over Year Comparison
When you spend a $
What boats are
effected?
56. External Facing Systems (systems used by external public/customers)
– Do you have an up to date list of all systems presented to the public or customers including
services in use?
• How many are there? (answer the next set by # based on yes count)
– Are the front end user interfaces behind an application filter security device with active
blocking capability beyond layer ¾ firewall?
– Does the application filter block all high risk issue?
– Does the application filter block all medium risk issues?
– Do you have any exceptions for sites or subsites on the application filter?
– Does this system terminate ssl or encryption?
– Is the application or db tier in a different zone/subnet/across a security boundary?
– Is the communication between the front end and the next tier unencrypted so the security
systems can review cross tier traffic?
– Do you formally audit to ensure that these settings are active and working:
• Monthly
• Quarterly
• Yearly
57. • Firewall Internal Systems (systems used by employees,
mail services, activesync, vpn, etc.)
– Are all non-security devices behind a firewall?
– Is the firewall a full UTM with services active and in automated
blocking mode for high risk items?
– Is the firewall a full UTM with services active and in automated
blocking mode for medium risk items?
– Are all inbound rules configured explicit in at least two of the
following: source, destination and protocol.
– Do you formally audit to ensure that these settings are active
and working:
• Monthly
• Quarterly
• Yearly
58. Anti-Virus PC
– Do your company PCs have an anti-virus program?
– How often are definitions updated?
• Multiple times a day
• Daily
• Weekly or more
– Do you run centrally managed antivirus?
– Are alerts for viruses, service failures, and update problem sent to staff?
– Do you exclude any pc from AV?
– What percent of systems are covered (I.e. do you skip Macs, Linux etc)
– How often do you check for gaps in coverage
• Weekly
• Monthly
• Quarterly
– How often do you audit scanning exclusions for files and processes?
• Quarterly
• Twice a year
• Yearly
– Is there an approval process prior to allowing exclusions?
59. • Email Encryption and DLP
– Do you have a system that automatically audits mail messages for
context driven content (PII, PCI, Confidential, etc)
– Do you formally audit to ensure that the system is are active and
working:
• Monthly
• Quarterly
• Yearly
– Can anyone opt out of the system?
– Does the system encrypt, reject, or redact ALL emails that fail the
automatic audit?
– Does the system allow external parties to initiate and reply in an
encrypted fashion?
– Do you formally audit to ensure that the policies used and look for
gaps?
• Monthly
• Quarterly
• Yearly
60. My Vision for You is to Reign in
Complexity
But this is only a Blood Panel……
What do you do about it?
61. Overall Gaps
• Based on the review a lot of good mature security
technologies exist however the following is
required:
– Additional implementation work is required to realize
the full impact of the solution
– Review system X to ensure intended use is in line with
current state of the system. Currently this is not the
case
– A proactive process of managing security systems A, B
and C need to be developed in order to ensure
security
62. Action Plan Step 1
• Concentrate on validating and hardening what
is in place
– Perform an user account audit
– Perform an edge security audit
– Enable Varonis to provide proactive security
– Enable Secret Server to harden the environment
63. Action Plan Step 2
• Two technologies that can be added to bolster
security, especially if HIPAA compliance is
desired
– Endpoint security for USB device security
– ZixGateway for Email Encrytion and DLP
64. Sample Deliverables
• Varonis Data Governance
(steps needed to complete
the install)
• Thycotic Gap Comparison
• Edge Assessment +
• AD /Account Audit
• Road Map – with Priority
79. DAR Scan – Data at Rest Scan
Being Governed
VS
The Governor
80. How Data is lost?
Employee post to share drive
Employee shares with vendor
Employee theft
Employee accident
Malware/Virus
Social Media
Hacking attack (Spear Fishing)
Social Engineering
USB
81. Incidents by File Type
Policy File Type Hits Number of Files
Customer List Adobe PDF 1846 90
Customer List Email Message File (MIME, EML) 1071 43
Customer List HTML 311 16
Customer List Microsoft Excel 73842 360
Customer List Microsoft PowerPoint 125 6
Customer List Microsoft Word 1258 34
Customer List Plain Text 7539 55
D_CCN (pattern) Adobe PDF 479 3
D_CCN (pattern) Microsoft Excel 146 144
D_CCN (pattern) Plain Text 1442 5
D_SSN (pattern) Adobe PDF 2264 7
D_SSN (pattern) Microsoft Excel 180 93
D_SSN (pattern) Microsoft PowerPoint 2 1
D_SSN (pattern) Microsoft Word 1 2
D_SSN (pattern) Other Word Processors 1 1
D_SSN (pattern) Plain Text 63 3
Example of Incidents
82. Example of Incidents
Incidents Made in the last 90 Days
File Creation Time File_Share Policy Hits
Number of
Files
7/28/2012 1:12:00
AM
BadFileServercustomersBIGEFCUAudit CustomerList 14 1
8/3/2012 2:43:00 PMBadFileServercustomersNurseFirst Cor Customer List 87 1
8/29/2012 11:35:00
PM
BadFileServercustomersUniversityFCU Customer List 92 3
9/11/2012 11:44:00
PM
BadFileServermarketingPartnersBlue Customer List 35 1
9/6/2012 11:49:00
PM
BadFileServermarketingPartnersGTB D_SSN
(pattern)
1 1
9/6/2012 11:50:00
PM
BadFileServerBLD_BLD_ReportsXYZC D_CCN
(pattern)
239 1
9/6/2012 11:50:00
PM
BadFileServerBLD_BLD_ReportsXYZC D_SSN
(pattern)
381 1
10/4/2012 5:55:00
PM
BadFileServerBLD_BLD_ReportsXYZC D_SSN
(pattern)
500 1
10/4/2012 11:41:00
PM
BadFileServerBLD_BLD_ReportsXYZC D_SSN
(pattern)
500 1
9/6/2012 11:50:00
PM
BadFileServerMKT_MKT_ReportsXYZS Customer List 16 1
10/2/2012 11:48:00
PM
BadFileServerMKT_MKT_ReportsXYZS Customer List 17 1
8/9/2012 11:45:00
PM
BadFileServerMKTMKT Customers123 F Customer List 38 1
9/6/2012 11:51:00
PM
BadFileServerMKTMKT Customers123 F Customer List 74 1
83. Example of Incidents
Full Incident Report
File_Share Policy
Inciden
ts
Files File Path
BadFileServer operations
Docs
D_SSN
(patter
n)
AprilMainZix.xlsx BadFileServer operations
Docs Documents.bak ZixMain
2010
BadFileServer marketing CI
OES
D_SSN
(patter
n)
Sales_OldStuff.zip/Gol
f Outing_June27.doc
BadFileServer marketing CIO
ES
BadFileServer marketing CI
OES
Custom
er List
Sales_OldStuff.zip/VM
ware Attendance List
CIOES.xls
BadFileServer marketing CIO
ES
BadFileServer marketing CI
OES
Custom
er List
Sales_OldStuff.zip/Sep
t Sales email blast.doc
BadFileServer marketing CIO
ES
BadFileServer marketing CI
OES
Custom
er List
Sales_OldStuff.zip/Roc
kville List from Vania
March 02.xls
BadFileServer marketing CIO
ES
84. Example of Incidents
Incidents by File Share
File_Share Policy Incidents Files
BadFileServeraccounting Customer List 144 1
BadFileServeraccountingArchive D_CCN (pattern) 139 139
BadFileServeraccountingArchive D_SSN (pattern) 170 85
BadFileServeraccountingArchive2005 D_SSN (pattern) 5 1
BadFileServeraccountingConst_Assoc Customer List 288 18
BadFileServeraccountingSherrie Customer List 1000 1
BadFileServeraccountingSherrie D_SSN (pattern) 1 1
BadFileServercustomers_InActive_Clie Customer List 276 13
BadFileServercustomers_InActive_Clie D_CCN (pattern) 1 1
BadFileServercustomers123FCUcontra Customer List 70 4
BadFileServercustomersABC_Network_ Customer List 12 1
BadFileServercustomersABCAssessmen Customer List 60 2
BadFileServercustomersAlpha Systems Customer List 15 1
BadFileServercustomersXYZSSL_VPN Customer List 12 1
BadFileServercustomersStateDep Statu Customer List 237 1
89. Exponential Technologies
• IT Security and Networks
• Robotics
• Artificial Intelligence
• Virtual Reality/ Augmented
Reality
• Deep Learning & Machine
Learning
• Neuroscience
• Biomedicine & Digital
Biology
• Energy and
Environmental Systems
• Blockchain
• 3D Manufacturing
Printing
• IT Security and
Networks
• Nanotechnology
• IoT and Big Data
• Algorithms & APIs
104. Micro- Experiments
• NIH data sets – Gut Health example
• Fail fast and forward
• Push projects to the edge. Starve the edge.
105. • Start small with innovation pockets/ Labs
• Apply Design Thinking & Lean Startup
Mentality
• Align with people who have entrepreneurial
tendencies within the company
• Principle of Innovation at the edge of the
company
110. • Identify and avoid corporate anti-bodies
• Pay attention to when you disbelieve to avoid
being disrupted during the curve when the
technology seems odd or weird
What to Avoid
111.
112.
113. Summary – Offense Take-aways
• Learn to play offense - Join an innovation group like
mine or someone else's
• Be surrounded by ideas and people who think similar
• You are the average of the 5 people you hang around
• Build systems at the edge
• Avoid corp anti-bodies
• Pay attention to Lean and Design Thinking as it applies
to innovation (Joy, Inc, Exponential Org)
• Forget Big Data – Think Little Data
• Understand who your disruptors are? Technologies in
Health? Disruptive business practices, Communities,
blockchain, algorithms, & APIs
114. Offense Take-aways
• You don’t need permission to add revenue….
• Are you retiring in the next 5 years?
• It is a mindset first (for you) then a culture thing
• Neuroscience The Brain of a Leader thinking
Exponentially
• IoT & Dashboards
• Remember - role of offense and defense
• Financial Statements of the business – Point in
Time versus Progress over Time.
115. Defense Take-aways
• Play defense hard. Don’t play ping pong. Settle
into strategy and risk. Which will drive all tactical
execution.
• Embrace IT Security complexity with strategy.
Eliminate overlapping technology confusion. Data
Governance, privacy, risk – understand context.
• Flush out unnecessary costs
• Create Defensible Arguments/Plans
• Forget Big Data – Think Little Data
• Take a multi-year approach
118. World Class IT Security, Strategic and Tactical Thought Leadership for Enterprise
IT Business Leaders, Intra-preneurs, Entrepreneurs, Innovation, Design
Thinking, Creativity, Frontiers of Human Performance,
Breakthroughs in Neuroscience, & Exponential Technologies
121. Singularity University
Washington DC Chapter
Ambassador
Examines Disruptive and
Exponential Technologies
By looking at how they can be used to Improve the lives
of a billion of People”