Akamai Diversity

The Akamai Blog

FirstCon14, As Seen from Twitter

As is the case with any conference, attendees can't be everywhere at once. If you attend one talk, you're missing a few others down the hall. If you can't attend, you miss everything.

That's one of the things I love about Twitter: You can keep up with what's happening. Such is the case this week during the FIRST conference in Boston. As I attend my chosen talks, I'm keeping up with everything else by scanning tweets using the hashtag #firstcon14. Here are some of the tweets catching my attention.

"Detect/respond" capability is as important as "prevent". Badguys *will* get in to your network: find & remove them

Ozment: Information sharing doesn't help unless recipients have a baseline capability to use the shared info.

Yesterday at and it seemed like male to female 25 to 1. At now and seems like a 30 to 1 ratio. We need women in

"SOC culture is closed and suspicious by necessity" Not at all! Observe a better SOC.

"You have to do the work and live the life to understand the SOC." Using Anthropology to Study Security

Analysts know more than they can tell: tacit knowledge, held in the community. Need to incentivise sharing

Need to be an analyst to learn what analysts do - participant observation, not flies on the wall

Sochi network: ~4billion flows per day recorded by lancope

"Emerging Trading System Attacks" presented by BT ethical Konstantinos Karagiannis.

Number of sessions saying we don't know how CIRTs work. Really wish they could have observed GE-CIRT a few years ago.

Hi & I tried to capture the operational processes we applied to CIRT ops in ch 9 of my book

great point! More of these researchers need to read that.

CERTs are a foreign country: to study them, need to be an anthropologist, not a tourist

NBC Universal spent $65m on technology for Sochi Olympics

Cyber exercise to stay fit! Ozment: "to be really good at incident response you must practice"


Security Expert: Industry Is Failing Miserably At Fixing Underlying Dangers:

"STIX & CybOX are really complex." Need to build tools that guide user data needs into specific use cases. <-- VERY MUCH THIS!

All props to DHS, but I'm going to be annoyed if every automating/sharing threat Intel preso is "look, we discovered STIX."

"The whole idea that we can patch it later, fix it after publication is simply wrong"   

Unless security is baked in at the foundation, it will always be a secondary concern and therefore the weak link in the chain

Here... I patched your patch so you can patch while you're patching your patches

S&T initial CSIRT finding: Non-routine incidents usually trigger complex collaboration