Transparency from a CISO's Perspective
Key Takeaways
The video discusses transparency from a CISO's perspective, covering topics such as the importance of transparency in cybersecurity, approaches to enhance transparency, and the role of a CISO in protecting an organization. The discussion highlights the need for shared context, shared understanding, and radical transparency in the cybersecurity industry, as well as the challenges of implementing transparency, particularly when it negatively impacts someone. The video also explores the intersectio
Full Transcript
[Music] [Music] thank you [Music] hey baby welcome to sit at the table we believe technical skills will get you in the room but your soft skills and business Acumen will earn your seat at the table my name is Eric Beason and I am the host every time we have one of these conversations we speak with leaders across different verticals different Industries driving into topics that will prepare and equip cyber security leaders by extracting the hard-earned lessons from the years of experience each of our guests bring to the show today we're going to talk about transparency specifically from a cso's perspective as cyber attacks become increasingly sophisticated and frequent organizations are having to prioritize their cyber security efforts and building a culture that Fosters transparency is a big part of that and well that's driven by the CSO and we have the perfect one to have this conversation with Robert Wood is not only a CSO but he's one half of the duo behind a new movement called the soft side of cyber Rob welcome to the show so happy to be here thanks so much for having me thank you please share a little bit about yourself with your audience and even give a little bit of a plug for the soft side of cyber yeah so this is my so I'm currently working at the centers for Medicare and Medicaid services it's a fairly large Federal agency and prior to that I was I did three different startups or I was in that kind of weird head of security slash security engineer slash security manager slash you kind of do everything relating to security and try to build a team around you roll and looking even further back than that I was in I was I left digital which was a more Boutique focused application security consultancy as a principal and so I got I got exposed to a whole lot of things and so throughout that journey I have worked with a lot of different kinds of people and they were both brilliant people who couldn't get their ideas across you know I've struggled at different points in my own career like when I when I first took a sort of CSO or like had a security role nobody taught you how to run a budget nobody taught you how to hire people how to write a job description how to do a strategic plan how to do any of that stuff and or or even you know doing penetration tests like there's a you know you can have a mediocre test but deliver the results in a really impactful way that people actually fix the issues and you can actually make a difference or or you could do a rockstar job in the technical stuff communicate the issues very poorly and somebody won't fix them and so so this this uh burn to do something around soft skills has been with me for a long time and and I just got partnered up with a colleague of mine Frank missio to like actually get the whole thing off the ground we're like getting it all spun up as a five like an official 51c3ated like basically try to bring some awareness and resources training and all of that stuff to help people develop the various non-technical skills that they need to complement the technical ones in their roles to just make bigger impacts so so that's me in a nutshell I love it you heard my intro to the show and what you just what you just said I mean it's pretty much the same thing we're on the same Mission and we're doing things a few different ways but today we're converging to uh specific subject I love it thanks man um so transparency I've seen the word used in different contexts especially in cyber so to ground everyone on what we mean by transparency maybe you can share a little bit about what it means to you yeah so transparency to me is really it's it's a cultural attribute and culture of the organization that you're in I recently reread uh Stan mcchrystal's team of teams and that like shared context shared understanding principle is one of the one of the things that he really champions in that where you have all of these different teams and they're they have this kind of common operating system and you can't really do that without this radical transparency and so when I first came to this particular role this was something that was also really important to me and transparency kind of Blended itself or intersected really interestingly with accessibility because people didn't know how to get in touch with security and they didn't know what in the world to kind of expect you know they didn't know what our intentions were what we wanted what was happening how decisions were being made and so so we've been trying to really err on the side of just making everything available that we can both internally as well as to our stakeholders to our shareholders to our customers if you will we do monthly like ask me anything events that are totally open to the public we you know do a lot of like human-centered design stuff we're trying to put more documentation out there like and it's and it's everything that we can be open about we would prefer to be open about so it's not just it's not just like being open with your code or your docs it's your process it's your your Communications like you know do you default to like private slack channels or public slack channels and even if you don't have much people listening in it's I think it's it's like I mentioned it's a cultural attribute it's it's this kind of mindset that your team will adopt and that you as the senior person in charge or a senior person in charge can really help set the tone and reinforce it going forward if you know if you kind of opt for everything being Secret people are going to kind of follow your lead and and vice versa yeah and I completely agree with you and I love that you use Stanley Crystal he has a quote I might butcher this but he says transparency breeds credibility and I think that that really kind of encompasses everything that you're really trying to accomplish with with transparency because as a Cecil you're playing a critical role and not just ensuring the CIA of your organization but you got to communicate those risks and threats to the board and they have to know that you will communicate them um to them but at the same time you got a balanced discretion and that's where it gets a little bit challenging because not every stakeholder needs all the same information so I'm curious how you approach transparency with your different stakeholders so I think this is really where if we if you just have a so there's transparency where things are just open and then there's communication where you're delivering a specific message on on some of that open information and maybe information that's not open to a particular stakeholder and in the latter example where you're actually communicating something I think you know it really comes down to you got to know your audience if you're talking to finance you're gonna relate things to the stuff that they care about if you're talking to Legal you're going to relate things to the stuff they care about or engineering or product or sales or you know like every organization is different and therefore every organization's structure is different in some ways but but like just knowing your knowing your audience and relating and sort of using that as a almost like a filter where you're going to take some message you know like I was just talking with somebody earlier today about this and like let's say you're you're giving an update on a security incident you might be providing an update on a security incident to a lot of different stakeholders and your technical folks are gonna have to have like you're gonna filter it in one you know you're going to filter it in a particular way for them they're going to potentially want more details they're going to want references to log files or specific attacks or cpes or whatever if you're giving an update to your senior executive your board your administrator you know those sort of folks you're going to give more organization impact like how does this relate to our strategic plan if you're talking you know giving that same update around an incident to legal or to finance like they're going to get a particular sort of context included in that but it's all rooted in the same event in the same basic information hahaha so you talked about a bunch of different stakeholders let's double tap on a few different ones because transparency is easy when you're just following information it's a lot harder when you know it's going to potentially negatively impact someone that you have to communicate to or someone adjacent to that communication so yeah so let's throw it under the bus for a little bit here right security doesn't necessarily protect many of our assets it has to do their protecting in a lot of ways there are some controls that we actually do but a lot of stuff it has to do and so let's just use the infamous a patch wasn't done right and you have to now communicate that to somebody how do you go about communicating something in a very transparent manner without potentially impacting your relationship with the owner of whatever has not been done that should be done yeah so in those sort of circumstances I think you know you should be having conversations with the person who does own that risk in advance of you communicating it somewhere else you know if there's sort of political fraughtness to be had and and you know where you're not gonna be throwing somebody or you don't want to be perceived to be throwing somebody under a bus you know having a conversation with the CIO or the the director or whoever owns that particular you know whether it's a product or a tool or something along those lines and making sure that they understand what's happening and why like you know like they can they can share context back with you as to maybe why something wasn't done and and there might be a really good reason uh in in healthcare for example there's there's a lot of Legacy technology floating around specifically in like hospitals and in some cases you can't patch because patching would actually be more disastrous to the outcomes that matter in a hospital setting which is things relating to patient safety and like what are you gonna do are you gonna update the Windows operating system or are you going to save the patient's life or like make sure that they have the you know the device that they need to kind of keep them keep them uh healthier keep you know keep the care going and so so I think you know before you have that conversation maybe with uh you know another senior executive where you're referring to a third party like you should you should be having active dialogue with them and where you're both open about the the circumstance you know you're you're sharing information about like we see this and we believe the impact is this etc etc and then they can share context in return hopefully you've built trust for that individual so they feel comfortable doing so and then as you're presenting something to somebody else if if the need still exists for that you can explain this context and and and assure that you all are on the same are on the same page because even if we don't like it you know let's say a patch was not patch was not applied or something along those lines dependency wasn't updated you know it like we I think it's important that we the security folks understand and embrace that security is not always going to be at the top of the stack in terms of priorities and so you know if there's other things that are really there uh that are that are taking priority then you know we it's I think we have to work to put ourselves in their shoes and empathize and and try to understand or see things from their perspective and like try to find the middle ground that both maximizes outcomes like Mission outcomes for the organization while minimizing as much risk as we can I'm in agreement with that I try to give practical examples because people are listening and they're in these situations you gave a scenario where there is a good justification why something wasn't done yeah sometimes people just are underperforming sometimes people just I mostly aren't good at their job but they prioritize other things instead of what's necessary for from a cyber security perspective and this is when the tough decision is made okay I'm friendly with this person or I'm gonna need this person for this other initiative and I'm not trying to burn a bridge whatever it may be when it comes to transparency in those cases I just ask you point blank do you ever take it on the chin and say you know what we're going to work on this so next month the report is better or next quarter report is better but I'm not about to make it very clear that you were the root cause of this and we'll just move forward and if you do do that maybe some some just some rationale for why you made those decisions from a transparency perspective would be really helpful yeah no I I that that absolutely happens um and I mean I've I've personally made that call and and I think the the reason that I think it's it's important sometimes to do that like sometimes you want to really throw your weight around or you know Leverage The Authority that you have as a ciso or security leader and but you know you can think about like the immediate tactical risk that you might be mitigating through whatever the situation is the circumstances are the the unpatched thing the non-updated library the the password that wasn't rotated or or whatever whatever the thing is and that might be important it might be like real risk but I think like we can perhaps do a better job of like really thinking through all the the the ramifications of risk like there's a there's a tendency yeah like there's there's so much steam picking up around like epss and kavs and and you know these these sort of like smarter indicators of potential exploit likelihood for vulnerabilities because you know we have a we have a history in security of you know lobbing things over the wall whether it's you know nessa's scanned reports or static analysis scan reports or what have you and you know just expecting that because the tool found something it's going to get fixed and so like sometimes I'd take it on the chin with like that sort of context in mind and other times it's like what's really more important is it like the long-term relationship that I have with this with this team and am I am I going to be able to get more stuff done in the long term you know whether you know maybe you're going to do like I don't know like dedicate a couple of Sprints to security and in like the next quarter and like really take a chunk out you know like trying to trying to play the long game because ultimately I mean if you're going to be in a ciso role for 18 months and you just want to like get as much stuff done and be safe in your 18 months like you might not care about the long-term relationship but I think I think we owe it to ourselves to like really be thinking about the long-term Dynamic like relational Dynamics between our team and the culture we're creating and curating and fostering and that which intersects with other Executives whether it's I.T legal Finance product you know whoever first and foremost this is why I want to have this conversation right someone that's looking 100 black and white by the book says transparency means I must make this very one thing known to all these different people thou must make it very clear that it was this person that was the real cause and this person is the one that's finger point it and there's a level of risk management that we do that is risk to success of other things we're trying to accomplish as well and you can completely sever the success in the big picture by focusing on something small that's exactly I want to have this conversation so I'm glad you put it the way you put it let's talk about timing and transparency a lot of the time people think you're going to tell them everything all the time at this you know at the same time but there needs to be this intersection where it makes sense how do you balance timing and transparency so it depends on what I'm trying to communicate of course if it like I I try to tell stories when I am like I have this kind of narrative going on like maybe it's maybe it's communicating our intentions through and about a strategic plan or about our you know something much more tactical like a project update or something like that and so I I try not to just like turn on the fire hose and aim it at people and just kind of word vomit all of my updates in their in their general direction because that's not really helpful so I I try to think about like so one of the things that I really got out of the startups that I was in that I really appreciated was they they had this like product LED growth kind of mindset where things like everything that they did like mapped back to this like marketing Communications strategy and and I love that and I learned a lot from that so and if I'm trying to get something done it's a big initiative around like updated vulnerability management or you know new capability that we're bringing in terms of services uh like for example we we started uh like we brought in and established an internal like threat modeling team and we started going around to the you know different stakeholder like systems and stakeholders in the agency and engaging them and doing threat modeling assessments which is something that they just historically had never had never done before and and so to do that instead of just like telling people this is here done period and then you know and then kind of let things go um you know like really think about this from a like what is my communications plan gonna be for this thing and so it sort of like drips out over a sequence of weeks months quarters um you know so I've got like little Snippets that I might give in like group to group updates um even like sometimes talking to other Federal scissors and in these like ciso Council um uh which is exactly what it sounds like it's a bunch of uh ciso's uh sitting sitting in a room like pontificating about about things um it's like the Jedi Council but less cool um but the uh like or or talking with a you know talking about the development Community uh Forum things like that so so it's like you kind of outline all of these different channels and places that you can talk about something who's going to be on the other side and sort of like find this sort of have a rough plan for how you're going to kind of drip things out drip updates out about this thing and and I mentioned this earlier but you have that sort of Baseline set of just open information you know whether it's everything's open in A Accessible Confluence page or a Wiki or or something like that a web a web page whatever the the sort of anchor of information is it all sort of like points back there if I could like relate it to something like content marketing it'd be like that's like your content magnet so to speak and then you're sort of like spinning off all these like peripheral updates and threads and talking points and references to it over some set of time two different people and just pointing people back to the source to engage them yeah you make a you make a really good point I mean people can only handle so much information at a time they can only handle so much change at a time and if you give them too much information it's going to be information overload uh I subscribe to there's something called the two rivet rule I don't know if you've heard about it but when they're um fixing Bridges um they're specifically started with the Golden Gate Bridge they would only remove two rivets at a time because any more than that and the whole thing would collapse and I take that same approach to change like don't change too many things at one time but also don't communicate too much at one time and slide decks you know if you have a slide with a bunch of information they're going to read none of it but if you just have like a few points they'll at least meet those three points right um so your your approach makes a whole lot of sense to me there um when I think about timing and transparency timing is so important because as Leaders sometimes we have to make the decision to take action and sometimes that does not always align with everything else that's happening within the organization and it's also important not to overburden your team with information that they just don't need at that specific point in time and this really takes form when it comes to like risks or events and when do you bubble them up when do you not bubble them up you do it too soon and you everyone freaks out and you don't have all the context you don't have all the information and you could be you know perceived as a chicken little caeso um and you seem like someone that hasn't done their due diligence you do it too late and you're toting an ethical line that you don't want to be on the wrong side of yeah so speaking of that how do you determine when and when not to Bubble things up and how do you just manage transparency in general when the bad things happens because it's going to happen but they happen at varying degrees yeah so a couple of ways that I've found useful to in like approaching that specifically so first is having some kind of decision process whether it's a decision tree or something and making that available to the people who you're ultimately going to be communicating or bubbling stuff up to and if they agree on the process by which you're making decisions that helps you know they've got a they've got a you know you're both kind of bought into all right this is this is your flow you know you've got all the stuff coming in you're gonna have some sort of triage process let's say once you've confirmed it's you know we've something has actually impacted pii Phi business sensitive information it's at a certain level whatever whatever the the particular Trigger or threshold is then we will you know this is what we're gonna do next we're gonna pull together a quick summary we're going to update you assign an Incident Commander you know whatever the whatever so the flow is kind of mapping that out for them and I think that's like that's a pre-planning thing that you can do well in advance of actually having anything hit the fan and go wrong and you're just gonna you're gonna Serve Yourself well if you establish something like that and then stick to it and the other thing is for for other stakeholders that might need to be involved in the triage profit like maybe it's legal counsel or maybe it's um your your procurement folks maybe it's I don't know like there might be other sort of uh individuals around the organization that would ultimately be part of this like bubbling up process but also be uh useful in establishing whether or not something is really a serious issue like having some sort of regular Cadence to like escalate something like you kind of go through almost like a ticket review or something with them and like walk through the things get their take on it you're sort of you're sort of creating the the elements of a like a matrixed team without actually creating a matrix team with them and so you know they have a voice in the process you're able to react and respond to their inputs it's not just all on the security team and then if something comes out of that and like you're both in in concurrence then all right go ahead and like bubble it up further take them next step and that you know that can be something more asynchronous like um you know slack notifications or emails or like shared ticketing system or it can be a standing meeting where every week you just review the like the top alerts or you know of clusters of alerts or something along those lines I mean you can you can set it up however it works for your team and the Dynamics thereof but um you know not just doing it all in a silo I think is is like one of the best things that I've I've found to sort of get ahead of those those challenges I love that you've taken the subjectivity out of the process um I've also you know not doing it in in a silo I don't think I've ever heard the word Silo used positively in in our organizations always like don't do this don't do this in The Silo so for anyone that's watching if you're into Silo if anyone says you're in a silo which really typically not for positive reasons um I take what you said and it kind of sounds like a uh like a risk appetite of sorts right so but it's a Communications risk appetite there's a set of if then scenarios if this then tell us if this and not this then don't tell us if this and this and this then tell us whatever it may be I like that approach my my first thought is the average person probably doesn't have that written down they have it in their head right how do you go about and when do you go about getting something like that started and is it is it a formal type of document or is it just a known agreement between your different stakeholders I don't I I think it eventually could turn into a more formal document but just sitting down and writing down your thoughts for 30 minutes and then having more of a like an informal team to team agreement that you know it like that's that's even a great start and you know this is how it's going to work this is you know like back in the napkin sketch this is this is how the decisions are going to get made and then you know you can take that if you want to polish it up a little bit and share it with maybe senior Executives or board members and let them know like this is how these sort of decision escalation process is going to work you know we've got Incident Management processes we've got these different teams or these various technical expertise uh sort of focuses and and when these things are happening these these events are happening we're following the process we're engaging in this cross-functional way accordingly is this does this work for you do you see any issues with this would you like to see us do anything different in addition to engage some like are we not engaging a particular part of the org that you would like to see us engage and if you know if they're on board of the process then you know you've got a good foundation now like that doesn't mean everything's going to go perfectly something that you might want to include in there is like all right if we find issues with this we're going to bake in a regular retrospective and we're going to keep on improving it and we'll share updates with you um and you know maybe share the results of the retrospect what's going well what hasn't and maybe those maybe the the improvements are process oriented or they're people-oriented maybe their technology oriented and for funding or you know what have you and you know you can you can engage in like specific like if specific failure based post-mortems things along those lines but I think like having some kind of feedback loop like you you ideally would with anything I think a retrospective is a good a good one for any kind of like process flow as is a way that you can kind of keep improving that I love that I love that well we're coming towards the end of the show and uh every episode except for one for a very specific reason uh we try to call out an analogy or a metaphor that we've used or like to use to help explain a technical topic to a non-technical audience I believe that Bridges the Gap from a communication perspective and I'm curious if there's one that you have used or like to use or anything along those lines so I don't have a specific like go-to analogy or metaphor but I do have a very curious and rambunctious five-year-old and an even more rambunctious two-year-old and I typically find myself explaining you know it's like the five-year-old gets his new Lego creation smashed to pieces or you know steals a toy or you know something along those lines happens and I find myself explaining security Concepts through the lens of that um just the other week there was a we have these shelves in his room where he puts his creations and if he doesn't put him up on a high enough shelf his little brother can reach them and so we were talking about the like defense in depth and and like you know reachability and stuff of like if if you put it on the lowest shelf your little brother's gonna be able to reach it he's persistent he's going to smash it like that's his that's his his sole objective um and so you know let's let's make sure that we get it up on the side if it's really important we're going to put it up on the second shelf or the third shelf even if it's you know depending on how valuable that is to you like you know the car that you built and all of that that goes on the third shelf that you know the random creation that you made maybe that's maybe that's a bottom shelf thing because that's okay if he smashes that so that's you know that's typically my go-to is is uh working it through the kids I love that it's like trusted Zone sorry okay this is this is all everybody can get to this is a zone that you gotta have a little bit more height so there's a limited number of people they can get to uh I really should have taken that advice myself I built my daughter well my me and my wife she sees this she got some credit we built together a dollhouse for my daughter that she got from Christmas and it was I think like 1500 pieces of Legos and my two-year-old found a way to go Godzilla on it and I I know the trauma my creation ain't getting destroyed so if you would have said that to me it wouldn't be right over here give me a hug yeah it's uh arguably as traumatic as a Cyber attack to an executive to a kid it's like your whole world has come down um thank you for that analogy I I'm surely going to be using that one uh pretty soon here uh Robert Wood everybody soft side of cyber ciso uh and just all around good dude thanks for taking the time in thank you so much for having me take care [Music] [Music]
Original Description
Join us for an enlightening discussion on the topic of "Transparency from a CISO's Perspective" featuring two experienced cyber executives. In this talk, we'll explore the pros and cons of transparency in the cybersecurity industry, and the approaches that others can take to enhance transparency in their organizations.
Jerich Rob and Frank will share their insights on the importance of transparency in building trust with stakeholders, and how it can benefit both the organization and the wider community. They will also delve into the potential drawbacks of transparency, such as the risk of exposing vulnerabilities and the challenges of managing stakeholder expectations. In addition, our experts will discuss the different approaches that organizations can take to enhance transparency in their cybersecurity practices. This includes strategies such as sharing information with stakeholders, setting clear expectations for data security, and leveraging technologies such as encryption and access controls.
This show is a must-attend for anyone in the cybersecurity industry who wants to gain a deeper understanding of the role of transparency in enhancing data security, building trust, and promoting best practices. Don't miss out on the opportunity to hear from two highly respected cyber executives who have firsthand experience in navigating the complex world of cybersecurity transparency.
Host:
Jerich Beason, CISO of Commercial Bank, CapitalOne
Guest Speakers:
Robert Wood, CISO and Director of the Information Security and Privacy Group at Centers for Medicare & Medicaid Services
Frank Domizio, Deputy Chief Information Security Officer, Centers for Medicare & Medicaid Services
Listen to Jerich’s other Seat at the Table Episodes at www.sans.org/cybersecurity-leadership/live-streams/
Learn more about SANS Cybersecurity Leadership Curriculum at www.sans.org/cybersecurity-leadership/
Connect with us on social:
LinkedIn - SANS Security Leadership
Twitter
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from SANS Institute · SANS Institute · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
SANS NetWars
SANS Institute
SANS DFIR NetWars
SANS Institute
Hack The Drone - SANS Cyber Academy UK
SANS Institute
SANS VetSuccess Immersion Academy
SANS Institute
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
The 2015 SANS Holiday Hack Challenge
SANS Institute
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
SANS VetSuccess Academy Overview
SANS Institute
SANS ICS Security Summit & Training 2017
SANS Institute
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
WannaCry recap, patches, and analysis
SANS Institute
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
SANS Data Breach Summit & Training 2017
SANS Institute
SANS Secure DevOps Summit & Training 2017
SANS Institute
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
SANS Institute
SANS Institute
ICS515: ICS Active Defense and Incident Response
SANS Institute
SANS Institute
SANS Institute
Introducing the NEW SANS Pen Test Poster
SANS Institute
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
SANS ICS Security Training, Munich, Germany
SANS Institute
SANS Automotive Summit Webcast
SANS Institute
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
SANS Security Operations Summit & Training 2018
SANS Institute
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
A Sneak Peak at the New ICS410
SANS Institute
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
Introduction to Linux
SANS Institute
Introduction to Malware Analysis
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
SANS Webcast - Zero Trust Architecture
SANS Institute
SANS STX Cyber Range
SANS Institute
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute
More on: AI Security
View skill →Related Reads
🎓
Tutor Explanation
DeepCamp AI