We'll be announcing a special ThreatModeler webinar on building threat models for cloud services. This session will focus on AWS; we'll be looking at Azure and dedicated platforms in later sessions. Look out for registration links next week. https://www.linkedin.com/posts/peterglock_threatmodelling-cyberrisk-activity-6578210726043803648-1LDj
GDPR has become accepted best practise. Time to put COPPA into your framework as well...: Google and YouTube will pay $170 million to settle a case with the US Federal Trade Commission and New York Attorney General that alleges the tech giant illegally collected the personal information of children. Under the Children's Online Privacy Protection Act (COPPA), owners of online services targeted at children need to gain parental consent before collecting data on persons unde
At the very simplest level we've seen card skimmers at charging stations. This event is aiming to go much deeper. If you're in the vicinity of Rockville it looks like a worthwhile trip...: NIST will host a host a one-day meeting focusing on the current state of federal research around the cybersecurity of Electric Vehicle Supply Equipment (EVSE) on Thursday, September 12, 2019 from 8:30a.m. to 4:30 p.m. at the National Cybersecurity Center of Excellence in Rockville, MD.
I'm not at BlackHat or DEFCON this year. If you're going, checkout the list of events...: [...] If you’ve been to a conference like this before, you already know that there will be plenty to do at night as well. If this is your first time, be prepared. Many vendors host receptions or parties and it’s easy to have a calendar with 5 or 6 overlapping events on a given night. If you aren’t sure what’s going on or you want to make sure you aren’t missing a party you’d really like
This will be fascinating to see what's said in public vs. the behaviours we see from the different national agencies...: The Five Eyes intelligence agency alliance is to discuss global cyber vulnerabilities, shared experiences and differences in approach at the National Cyber Security Centre’s CyberUK 2019 conference in Glasgow from 24 to 25 April. The two-day event is expected to attract 2,500 cyber security experts, including specialists across government, industry and
My friends for Cymmetria will be at Black Hat. Pop along to booth #264 (Shoreline, Level 2) to chat about deception. Meanwhile, there's an attempt to stir up some PR about the event through re-publication of some survey results. I'm skeptical about these surveys. Who is going to say "It's ok, I've got sufficient budget and resources to do everything."?...: Anticipation for the 2018 Black Hat USA Conference has become almost palpable. Tomorrow, August 4, the conference beg
I've spoken at conferences, but TBH usually because my company has paid for a slot. If you're competing for a more open slot, here's some advice from Lesley...: Ever wondered if your conference talk proposal measures up? I definitely do, every time I submit to a conference. Over the past week I reviewed over 600 call for paper submissions for the Derbycon information security conference. This was definitely a unique experience – I had participated in review boards in the
I'm a fan of DevSecOps so glad to see it's being discussed at this event...: [...] DevSecOps boosts cyber security by providing a configuration management framework through which security fixes can be rapidly deployed to very large environments, says Jason Suttie, head: Engineering at Foundery division of Rand Merchant Bank. Suttie will be presenting on 'Innovating in cyber security using DevOps', at the ITWeb Security Summit, being held this week (21 to 25 May) at Vod