jessica hebenstreit - don't try this at home! (things not to do when securing an organization)
TRANSCRIPT
![Page 1: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/1.jpg)
Don’t Try This at Home!!!RECURRING THEMES FROM TRYING TO SECURING AN ORGANIZATION
![Page 2: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/2.jpg)
Jessica HebenstreitCISSP | CRISC | GCIH | GNFA
@secitup |[email protected] | www.linkedin.com/in/jessicahebenstreit
![Page 3: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/3.jpg)
A Little About Me
16 years in security Multiple verticals Lover of memes
What more do you need to know?
I Love Memes
More Than Kanye Loves Kanye
![Page 4: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/4.jpg)
Topics
But First! WHY? Recurring Themes TIL: Today I Learned And now….a fun video! Q & A
![Page 5: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/5.jpg)
But First! Why? Those who don’t learn
from history are doomed to repeat it
Common themes in shared war stories
Common themes across verticals
![Page 6: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/6.jpg)
Recurring Themes
The Right / Wrong game Secure at All Costs Tools “Save us Tool-wan
Kenobi” Policy Won’t Save You Either Eating Our Young Skipping The Basics
![Page 7: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/7.jpg)
The Right / Wrong game
The “wrong” game to play It’s like arguing on the Internet
Not about winning or being right Know when to back down
Remember it’s about informing about risk and options You don’t have to like it (It’s not a Facebook post)
![Page 8: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/8.jpg)
Secure at All Costs Old School Security
Mentality
Relates to Right/Wrong game
It goes back to Risk and business tolerance
![Page 9: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/9.jpg)
Save Us Tool-wan Kenobi
You must PAY ATTENTION to the tools It’s called logging AND
MONITORING You must invest in your people
Continuously You must have proper
procedures in place You must have policies to back
you up
![Page 10: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/10.jpg)
Policy Won’t Save You Either
Must be enforceable
Must be enforced
Must have teeth
Must be supported by and from Leadership
A “policy” that does not meet the above is not a policy
![Page 11: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/11.jpg)
Eating Our Young It’s getting better, buuuuuuut…
We should be encouraging and welcoming
Critical shortage of info sec professionals
Women…
![Page 12: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/12.jpg)
Skipping the Basics
Innovation and pushing the envelope is great but…
It doesn’t matter if you don’t have basics* in place Software and Hardware Inventory
Secure Configurations (Hardening standards and guidelines)
Vulnerability Management process
Controlled use of Administrative Access
* The first 5 SANS Critical Controls
![Page 13: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/13.jpg)
This and That
Assuming compliance is enough Losing sight of the big picture Proper Risk Classification
Not everything is highest risk or most critical
Properly remediating systems Just reimage it already More on this in a moment
![Page 14: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/14.jpg)
TIL: Today I Learned
It’s not about being right or wrong
Do the right thing for the business
Balance Risk and Security Tools won’t save you but
neither will policy Start with the basics and go
from there Support and grow fledgling
security professionals
![Page 15: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/15.jpg)
And now… TIME FOR A FUN VIDEO
![Page 16: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/16.jpg)
REMOVED DUE TO SIZE – CONTACT JESSICA IF YOU ARE INTERESTED IN SEEING IT
![Page 17: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/17.jpg)
One Last Thing…
Equal Respect Initiative Executive Women’s Forum
![Page 18: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/18.jpg)
THANK YOU!
![Page 19: Jessica Hebenstreit - Don't Try This At Home! (Things Not To Do When Securing An Organization)](https://reader035.vdocuments.net/reader035/viewer/2022081605/58ed534b1a28ab5a0b8b4675/html5/thumbnails/19.jpg)
QUESTIONS?