BSides SF Security Mendoza Line

33 %
67 %
Information about BSides SF Security Mendoza Line

Published on March 5, 2013

Author: ebellis



Hitting Above The Security Mendoza Line. Presentation by Ed Bellis at BSides San Francisco.

Hitting Above The Security Mendoza Line Ed Bellis, CEO Risk I/O

Nice To Meet YouAbout Me CoFounder Risk I/O Former CISO Orbitz Contributing Author Beautiful Security CSO Magazine/Online Writer InfoSec Island BloggerAbout Risk I/O Data-Driven Vulnerability Intelligence Platform DataWeek 2012 Top Security Innovator 3 Startups to Watch - Information Week 16 Hot Startups - eWeek

About MarioPlayed for Pirates,Rangers & MarinersPlayed MLB for 9 SeasonsLifetime Batting Avg: .214,4HR, 101 RBIFailed to bat .200 5 times

The Security Mendoza LineWouldn’t it be nice if we had something thathelped us divide who we considered“Amateur” and who we considered“Professional”? Enter The Security Mendoza Line Alex Hutton came up with original concept of the Security Mendoza Line

HD Moore’s Law Josh Corman expands the Security Mendoza Line “Compute power grows at the rate of doubling about every 2 years” “Casual attacker power grows at the rate of Metasploit” 2011/11/01/intro-to-hdmoores-law/

A Difficult TaskNearly 2K MSF Exploits 2000 Exploit Developmentin first 9 months! 1500ExploitDB > 18K Exploits 1000 50017.8% Known Exploits 0 2010 MSF Modules 2012

Release Early Release Often

Point Click Pwn

A Data DrivenApproach

Out Scripting the KiddiesFighting Automationwith AutomationNetflix/SimianArmy

Context MattersAttackPath dataanalysis

Context MattersWait just a minute...Computing Optimal SecurityStrategies for Interdependent Assets Theory: Smart Data>Big Data

Context MattersMitigating Controls Firewalls / ACLs IPS WAF MFA Other

Context MattersHoneypot, WAF & IDS data logs! logs! logs! Measuring Likelihood

Broader Context Targets of Opportunity?My(vuln posture X other threat activity) / (other vuln posture X other threat activity)

Beyond Info Sharing Model Sharing

A Quick Side NoteCVE Trending Analysis Gunnar’s Debt Clock

Q&Afollow us the blog twitter @ebellis And one more thing.... @riskio We’re Hiring!

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Security BSides / BSidesSanFrancisco2013

... Valerie starts her recollection of the events by say the BSides SF ... BSides San Francisco is ... Hitting above the Security Mendoza Line.
Read more

Security BSidesSF Goes Above and Beyond | The State of ...

... and has set a new benchmark for other Security BSides ... the Business » Security BSidesSF Goes Above and ... the Security Mendoza line; ...
Read more

BSides - BrightTALK

Presentations from the BSides Events and ... Technical Product Manager at Tenable Network Security. ... Hitting above the Security Mendoza Line Ed Bellis ...
Read more

Security BSides / BSidesSanFrancisco01

BSidesSanFrancisco01 Event details . ... to and from Moscone Center, Security BSides SF, and your ... #47 will take you there as will the MUNI "M" line ...
Read more


BSides Las Vegas – August 2nd and ... Security BSides Las Vegas . ... Our 2016 Sponsor Kit is now on-line. The Proving Ground Call for Mentors is FULL!
Read more

BSides PDX - Portland Oregon's Favorite Information ...

... Oregon area Security Conference. ... The convention center is right on a MAX line and ... BSides PDX is a gathering of the most interesting infosec ...
Read more

BSidesSF: Mike Dahn Discusses Everything Security BSides

BSidesSF: Mike Dahn Discusses Everything Security BSides Michael ... Mike Dahn Discusses Everything Security BSides. ... and corporate service lines.
Read more