Support Silicon Dojo at:
https://www.donorbox.org/etcg
http://www.silicondojo.com/
Cyber Security Introduction
Point of Cyber Security
Prevent Loss of Data
Prevent Down Time
Prevent Systems from Being Used Nefariously
Stay Compliant with Laws/ Regulations
Don’t Do Harm
If users can’t use systems because of security you fail
Your Environment
No environment looks like a college exam.
“Best Practices” don’t last 30 seconds in the real world
Focus on what you can fix NOW
Plan for the future
Building Trust
STOP… just stop… you are not as important as you think
Executives are juggling numerous priorities. Acting like an ass will not help your cause
You need to build peoples trust in you. They need to trust YOU not what you advise.
Office Politics IS PART OF YOUR JOB!!!!! !!!!! and a couple more !!
Cyber Security = Good Administration
Security should be built in to the infrastructure
Security is Layered
Any Single Layer Compromise Should Not Be a Killer
Zero Trust Environment
BYOD was the end of Trust
Remote workers
Convergence
Getting Decision Maker Buy In
Preventive Maintenance is a hard sell
Add Security to normal upgrades and purchases
CEO’s like “cool sh*t” – 100” LCD screens showing real time dashboards
Sell the “Sizzle” to get the “Steak”…
Visualizing the value of tech is hard, stupid gimmicks are not
Know who is actually in charge.  Is it the CIO or the CFO?
Getting Employee Buy In
Training
Listening to Employees
Befriend Employees
Successful Attacks Require
A Vulnerability
A Vector to the Vulnerability
An Attack/ Event
Vulnerability or Feature?
You can’t hack a server that’s powered off.
You also can’t use the server
Limit the feature set of each server/ device
Instead of a single FTP, Web, SMTP, VPN server break them into individual systems.
Use virtualization
Use cheap hardware. Does your FTP server need a Xeon Processor?
Security is More Than Chinese Hackers
Security is a mentality not a product
Strategy should change with time.
A solution for one threat will prevent numerous other threats
Threat: Employee
Employees trying to game the system
Dumb Mistakes
Nefarious Actors
Threat: Natural Disaster
What happens in Flood/ Fire/ Earthquake?
Threat: Normal Crime
Crackheads don’t know what an Active Directory Server is….
Threat: Rats Nest
Don’t pull the wrong cable!
Threat: Stupid Problems
Backhoe through your fiber line
Unplugging Active Directory Server
SaaS single IP issues
Threat: Vendor Issues
Supply Chain Attacks
Facility Destruction
Vendor Hacked
Threat: Hackers
Actual Hackers are probably the least of your problems
By focusing on “hackers” you may miss much more pressing issues
Having a full Disaster Recovery System solves both the Flood AND Ransomeware problem
If your security prevents and administrator from doing something stupid it also will block “hackers”
Security Products
Support
Cost
Scalability
Reliability
TCO – Total Cost of Ownership
Interoperability
Disaster Recovery and Resiliency
Backups are not enough
Disaster Recovery is about having FUNCTIONALITY back ASAP.
High Availability
Failover
Hybrid Cloud
 
																											 
																											