Develop invaluable cybersecurity skills through interactive training during SANS 2021 - Live Online. Register now.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cleaning Up Our Cyber Hygiene

  • Friday, August 07, 2020 at 3:30 PM EDT (2020-08-07 19:30:00 UTC)
  • Russell Eubanks, Randy Marchany, Tony Sager

You can now attend the webcast using your mobile device!

  

Overview

Successful attacks almost always take advantage of conditions that could reasonably be described as poor cyber hygiene including the failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privilege. In this session, well dig a little deeper into the idea. Well discuss the importance of cyber hygiene as a root cause issue for attacks, and as a defensive strategy. We look at various attempts to define a specific set of practices to include, and how this might help establish a baseline for action. And suppose hygiene isnt enough, what then? Finally, well look at what might be done to turn cyber hygiene from a notion or a general exhortation to do better (cheerleading) into a large-scale program of improvement.

Speaker Bios

Russell Eubanks

As owner of Security Ever After and consultant for Enclave Security, Russell is responsible for assessing the cyber security of many diverse organizations and increasing their maturity while decreasing the probability of a breach. He wrote the first paper on how to implement the Critical Security Controls and serves on the editorial panel for the Critical Security Controls. As a current handler for the SANS Internet Storm Center and a former chief information security officer (CISO) of the Federal Reserve Bank of Atlanta, he's especially passionate about helping new or aspiring cyber leaders increase their influence. Russell is a SANS Certified Instructor and co-author of the new five day version of MGT 521: Leading Cybersecurity Change: Building A Security-Based Culture and the new SANS SEC405: Business Finance Essentials course for SANS Technology Institute. Read more about Russell here.


Randy Marchany

Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a member of the Center for Internet Security development team that produced and tested the CIS Solaris, HPUX, AIX, Linux and Windows2000/XP security benchmarks and scoring tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the DDOS attacks of 2000.


Tony Sager

Tony Sager is a Senior VP for the Center for Internet Security. He led the development of the CIS Controls, a community consensus project to identify and support best practices in cybersecurity. His “volunteer army” identifies practices that will stop the vast majority of attacks seen today, and he leads projects that will share, scale, and sustain these practices for worldwide adoption.

Tony retired from the National Security Agency in 2012 after 34 years as a mathematician, software vulnerability analyst, and executive manager. Tony oversaw all NSA Red and Blue Teams, as well as all security product evaluation teams. He helped guide the Agency's top talent development programs, and founded the Vulnerability Analysis and Operations Group (NSA's premier technical organization in defense).

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.