Akamai Diversity
Home > Web Security > FirstCon14, As Seen from Twitter

FirstCon14, As Seen from Twitter

As is the case with any conference, attendees can't be everywhere at once. If you attend one talk, you're missing a few others down the hall. If you can't attend, you miss everything.

That's one of the things I love about Twitter: You can keep up with what's happening. Such is the case this week during the FIRST conference in Boston. As I attend my chosen talks, I'm keeping up with everything else by scanning tweets using the hashtag #firstcon14. Here are some of the tweets catching my attention.

"Detect/respond" capability is as important as "prevent". Badguys *will* get in to your network: find & remove them


Ozment: Information sharing doesn't help unless recipients have a baseline capability to use the shared info.


Yesterday at and it seemed like male to female 25 to 1. At now and seems like a 30 to 1 ratio. We need women in


"SOC culture is closed and suspicious by necessity" Not at all! Observe a better SOC.


"You have to do the work and live the life to understand the SOC." Using Anthropology to Study Security


Analysts know more than they can tell: tacit knowledge, held in the community. Need to incentivise sharing


Need to be an analyst to learn what analysts do - participant observation, not flies on the wall


Sochi network: ~4billion flows per day recorded by lancope


"Emerging Trading System Attacks" presented by BT ethical Konstantinos Karagiannis.


Number of sessions saying we don't know how CIRTs work. Really wish they could have observed GE-CIRT a few years ago.


Hi & I tried to capture the operational processes we applied to CIRT ops in ch 9 of my book


great point! More of these researchers need to read that.


CERTs are a foreign country: to study them, need to be an anthropologist, not a tourist


NBC Universal spent $65m on technology for Sochi Olympics


Cyber exercise to stay fit! Ozment: "to be really good at incident response you must practice"


 16h

Security Expert: Industry Is Failing Miserably At Fixing Underlying Dangers:


"STIX & CybOX are really complex." Need to build tools that guide user data needs into specific use cases. <-- VERY MUCH THIS!


All props to DHS, but I'm going to be annoyed if every automating/sharing threat Intel preso is "look, we discovered STIX."


"The whole idea that we can patch it later, fix it after publication is simply wrong"   


Unless security is baked in at the foundation, it will always be a secondary concern and therefore the weak link in the chain


Here... I patched your patch so you can patch while you're patching your patches


S&T initial CSIRT finding: Non-routine incidents usually trigger complex collaboration

Leave a comment