On this episode, the roundtable discusses if IoT is making us less secure overall. They get into a discussion of what kind of attack surfaces IoT presents, whether these device impact privacy more than security, and why current IoT is based on a “no support” model.
Learning about the journey of Zoë Rose from her past to the bright future ahead of her has been enlightening for Tom Hollingsworth. Read on as he covers some highlights of the presentations she’s shared at Security Field Day and Aruba HER over the past few months and how we can learn about the path she’s taken to get where she is today.
Tom Hollingsworth looks at one of the biggest fallacies of defense in depth in security: It’s all about buying more devices and services to layer on top of your existing infrastructure. In reality, it should be looked at more like a tower defense game. It isn’t just about the assets you have, but how you place them that matter.
How do you build a community? You have to build Trust first. Ethan Banks gave a great talk on Trust at Security Field Day and Tom Hollingsworth gives some thoughts on what this means.
Changing your passwords frequently is the best way to keep accounts secure, right? Or does frequently changing passwords cause users to lean on easily predictable patterns that ultimately make things less secure? The roundtable discusses what the best approach is, whether two-factor authentication changes your approach, and what changes when considering personal vs organizational passwords.
Inevitably when companies explore the prospect of microsegmentation, a common question arises. Why bother using a firewall at the hypervisor level when the VMs themselves have a host based firewall built into the OS or you could just use a hardware firewall to segment workloads?
Managing infrastructure is hard enough. But in today’s world of cloud computing it can be tough to manage constructs that live for seconds instead of persisting. How can you keep a handle on it all. Confidentially, the best way is with Aporeto. Tom Hollingsworth discusses the power of identity management for workloads in this post.
WPA3 is the new wireless authentication protocol just around the corner. It’s being developed to fix some of the issues with the ancient WPA2 protocol. But what about open encryption? Why don’t we just run everything over SSL and save time? Tom Hollingsworth examines the need for WPA3 with OWE and why TLS alone isn’t going to work.
Security is a complicated thing to deal with in the modern world. What we need now more than anything is education about what we face. Tom Hollingsworth takes a look at some of the things that impact our secure world and an upcoming event that can shed some light on how to face those challenges.
Tom Hollingsworth and Jack Daniel discussed the biggest challenge in becoming a part of the security community today: agreeing to disagree. One of the negative aspects of social media and hyper connectivity is the new frame of mind that people have a position and will fight and shout for it without compromise. While that does have a time and place, it is not contributing to a healthy debate in the security community or other technology communities either.