Final Week for OnDemand Special Offer: iPad mini, Surface Go 2, or Take $300 Off thru 9/30

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Cleaning Up Our Cyber Hygiene

  • Friday, August 07, 2020 at 3:30 PM EDT (2020-08-07 19:30:00 UTC)
  • Russell Eubanks, Randy Marchany, Tony Sager

You can now attend the webcast using your mobile device!

  

Overview

Successful attacks almost always take advantage of conditions that could reasonably be described as poor cyber hygiene including the failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privilege. In this session, well dig a little deeper into the idea. Well discuss the importance of cyber hygiene as a root cause issue for attacks, and as a defensive strategy. We look at various attempts to define a specific set of practices to include, and how this might help establish a baseline for action. And suppose hygiene isnt enough, what then? Finally, well look at what might be done to turn cyber hygiene from a notion or a general exhortation to do better (cheerleading) into a large-scale program of improvement.

Speaker Bios

Russell Eubanks

From factory job to owner of Security Ever After and consultant for Enclave Security, Russell Eubanks' career trajectory has been anything but traditional. Years ago, while working a factory job, Russell realized he wanted more and started investigating options. He learned about his company's tuition reimbursement program and promptly signed up for computer classes at his local community college. He worked in the factory until early morning then attended classes during the day.

Russell is a certified instructor for SANS, teaching MGT415: A Practical Introduction to Cyber Security Risk Management; MGT514: Security Strategic Planning, Policy, Leadership; and SEC566: Implementing and Auditing the Critical Security Controls - In-Depth and MGT 521: Driving Cybersecurity Change - Establishing a Culture of Protect, Detect and Respond.


Randy Marchany

Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a member of the Center for Internet Security development team that produced and tested the CIS Solaris, HPUX, AIX, Linux and Windows2000/XP security benchmarks and scoring tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the DDOS attacks of 2000.


Tony Sager

Tony Sager is a Senior VP for the Center for Internet Security. He led the development of the CIS Controls, a community consensus project to identify and support best practices in cybersecurity. His “volunteer army” identifies practices that will stop the vast majority of attacks seen today, and he leads projects that will share, scale, and sustain these practices for worldwide adoption.

Tony retired from the National Security Agency in 2012 after 34 years as a mathematician, software vulnerability analyst, and executive manager. Tony oversaw all NSA Red and Blue Teams, as well as all security product evaluation teams. He helped guide the Agency's top talent development programs, and founded the Vulnerability Analysis and Operations Group (NSA's premier technical organization in defense).

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.