Thanks for Another Great ICS/SCADA Security Symposium

Posted on November 2, 2012 by Brent Huston

J0289528

Thanks to all who helped make the ICS/SCADA Security Symposium fantastic again this year. Great conversations, excellent content and such friendly discussions among peers and concerned parties.

Next year, we plan to open the event to attendees from throughout the midwest and hope to get even more participation from manufacturing and those who support critical infrastructures.

Thanks again for all of the hard work that Connie, Chris and the rest of the organizers did to make the event possible. Most of all, thank you for attending, participating and trusting us (and each other) to create such an amazing process of open dialogue. You are all heroes in my book!

Thanks to NEOISF & Ohio State Office of the CIO

Posted on October 31, 2012 by Brent Huston

J0289893

Last week we had a great time in Cleveland speaking at the North East Ohio Information Security Summit. Thanks to the folks who came out to hear us speak and to the great staff of NEOISF for making the event such an amazing thing for all who attend. We look forward to next year!

Thanks, as well, to the Ohio State University office of the CIO. We were pleased to participate in the Information Security Day sponsored by the university and Battelle. Thanks to all who attended that event with the threat of Hurricane Sandy looming large. It was a fantastic interaction with some of the next generation of infosec folks and some of the awesome members of the CMH InfoSec community. Thanks for having us participate and especially for asking us to keynote.

The slide decks for both of these talks are available by request. If you would like to have a copy or set up a time to discuss them, have them presented to your team or engage with us about the content either drop us a line in the comments, reach out on Twitter (@lbhuston) or give your account executive a call at (614) 351-1237 ext 215.

Some pictures from the events are available here:

2012 10oct 25 dsc 0065 smaller

NEO Summit – Picture courtesy of Greg Feezel (Thanks Greg!!!)

Ohio State Information Security Day

ICS/SCADA Security Symposium Reminder

Posted on October 29, 2012 by Brent Huston

COLUMBUS, Ohio October 9, 2012 – The second annual ICS/SCADA Security Symposium, to be held November 1 2012 in Columbus, is designed to serve as a level set for teams and organizations who are actively managing production ICS/SCADA environments. Once again, this full day session will include best practices advice, incident response, detection techniques and a current threat briefing focused on ICS/SCADA providers. Presenters will cover a variety of topics about what is working, what is not working so well in terms of information security, network protection and trust management. To learn more about the event and to see if you qualify to attend, please contact us via email (info<at sign>microsolved(<dot>)com) or via phone by calling 614.351.1237 ext 215. Chris Lay (@getinfosechere) is handling the invitee list for the event and will be happy to discuss the event with you in more detail. Attendance is free of charge, meals will be provided and a limited number of seats are still available if you qualify.

NE Ohio Security Summit – Come Out & See Us!

Posted on October 24, 2012 by Brent Huston

The NE Ohio Security Summit kicks off tomorrow and runs through Friday evening. Chris Lay (@getinfosechere) and myself (@lbhuston) will be in attendance. I will be speaking on Thursday afternoon about Detection in Depth and some other models for doing nuance detection around the enterprise.

While you are there, check out the booth of Managed HoneyPoint partner Hurricane Labs, and hit Chris up for a cup of coffee and a friendly discussion about our services, partnerships and engagements.

We look forward to a great event and give much thanks to the folks who put this amazing Summit together. They are an awesome team, with a ton of great help and a can-do attitude. Their hard work and dedication is what makes this one of the best Summit events of the year. Stop them in the hall and give them a big thanks for all they do!

As always, thanks for reading. If you mention you read the post and use the code word “snazzy” when you come up to chat, I just might have a little special treat for you. 🙂

PS – My talk is in Bordeaux B at 2:30 PM Eastern. See ya there!

MSI Announces The Second Annual ICS/SCADA Security Symposium

Posted on October 9, 2012 by Brent Huston

See YOU at Derbycon!

Posted on September 26, 2012 by Brent Huston

I will be presenting Friday night at 7pm Eastern at Derbycon. Come on out and see us discuss the history, models and cellular nature of cyber-crime. We also plan to cover where we think online crime is likely to go in the next couple of generations and discuss some ideas for what we need to consider to combat the issues.

Drop by or chat in the hallways and we look forward to seeing you. Myself (@lbhuston), Phil Grimes (@grap3_ap3) and Adam Hostetler (@adamhos) will be in attendance. Tweet us if you want to connect!

Have a great weekend!

Oracle CSO Online Interview

Posted on September 24, 2012 by Brent Huston

My interview with CSO Online became available over the weekend. It discusses vendor trust and information security implications of the issues with password security in the Oracle database. You can read more about it here. Thanks to CSO Online for thinking of us and including us in the article.

OWASP Talk Scheduled for Sept 13 in Columbus

Posted on September 10, 2012 by Brent Huston

I have finally announced my Columbus OWASP topic for the 13th of September (Thursday). I hope it turns out to be one of the most fun talks I have given in a long while. I am really excited about the chance to discuss some of this in public. Here’s the abstract:

Hey, You Broke My Web Thingee! :: Adventures in Tampering with Production

Abstract:
The speaker will tell a few real world stories about practical uses of his defensive fuzzing techniques in production web applications. Examples of fighting with things that go bump in the web to lower deployment costs, unexpected application errors and illicit behavior will be explained in some detail. Not for the “play by the book” web team, these techniques touch on unconventional approaches to defending web applications against common (and not so common) forms of waste, fraud and abuse. If the “new Web” is a thinking admin’s game, unconventional wisdom from the trenches might just be the game changer you need.

You can find out more about attending here. Hope to see you in the crowd!

PS – I’ll be sharing the stage with Jim Manico from White Hat Security, who is always completely awesome. So, come out and engage with us!

See you at the Central Ohio BBB Torch Awards

Posted on September 6, 2012 by Brent Huston

Today, our team will be pleased to accept the BBB Center for Character Ethics’ Torch Award! We first announced our selection by the committee back in June, and today we are thrilled to spend an afternoon with the fellow winners, our customers, our families and the Central Ohio Community. We are greatly humbled and excited by our selection for the award and we look forward to continuing to live by the same organizational ethics and dedication to customer service in the coming years.

Special thanks today to our families and mentors who taught us to “do the right thing, even when no one is looking” and to all of the customers and clients that have placed their faith in us over the last (soon to be) 20 years. Without all of you, none of this would be possible.

If you can join us for the luncheon today, we look forward to seeing you. If you can’t, we understand, and we’ll be back to work later today, once again laser focused on protecting you and our critical infrastructure. (We’re still leaving the ISOC in capable hands while we gather for the ceremony… :))

As always, thanks so much for reading and for supporting MicroSolved. We love helping you keep your business, your business… 🙂

[UPDATE] – Much love and thanks to those who attended. What a great event! The best part was meeting the young students who wrote essays about ethics, leadership and engagement. Congrats to all of the winners!

Handling Unknown Binaries Class Available

Posted on August 17, 2012 by Brent Huston

J0289552

Recently, I taught a class on Handling Unknown Binaries to the local ISSA chapter and the feedback was excellent. I have talked to many folks who have asked if this class was available for their infosec teams, help desk folks and IT staff on a group by group basis. I am thrilled to announce today that the MSI team is making that same class available to companies and other groups.

The course abstract is as follows:

This is a hands on class and a laptop is required (you will need either strings for windows/Cygwin or regular Linux/OS X). This class is oriented towards assisting practitioners in covering the basics of how to handle and perform initial analyses of an unknown binary. Course will NOT cover reverse engineering or any disassembly, but will cover techniques and basic tools to let a security team member do a basic risk assessment on a binary executable or other file. Given the volume of malware, various means of delivery, and rapidly changing threats, this session will deliver relevant and critical analytical training that will be useful to any information security team.

The course is available for scheduling in early September and can be taught remotely via Webex or onsite for a large enough group.

To learn more about this and other training that MSI can conduct, please drop us a line at info[at]microsolved[dot]com or give an account executive a call at (614) 351-1237. You can also engage with me directly on the content and other questions on Twitter (@lbhuston).

As always, thanks for reading and stay safe out there.

MSI :: State of Security

Insight from the Information Security Experts

Category Archives: Announcements