RT @intelwire: Twitter an excellent venue to find quality people who should be allowed access to your entire life https://t.co/hOPvzJvCQp
Oh FFS.
It probably seemed like a good idea at the time… pic.twitter.com/h6ebi2H1RC
Town Hall (Top Half) pic.twitter.com/yyyM00Oxm9
Both excellent* and classy*. https://t.co/U4E4ZOu03e
@dobes It doesn’t get the probe unless it fills in the survey.
I suppose I should wander over to the @zdnetaustralia office, assuming it’s safe to do so.
Dear God that is all kinds of wrong.
This is why you all need to be more careful, people. #thiscouldhappentoyou https://t.co/U8QpguztIk
@jpwarren I did. But can’t think of another pun so that’s pretty much the end of that.
@jpwarren Some folks I spoke to thought that, yes, we already have a risk management structure so why add a digital one.
Here ends the Gartner Security & Risk Management Summit 2016. Thank you linesmen. Thank you ballboys. #GartnerSEC
RT @SwiftOnSecurity: Based on what I hear, pretty sure dial-up is the only thing online in Australia. https://t.co/CWI4lHJSTa
And finally, the recommendations. #GartnerSEC pic.twitter.com/DgyMP2HEwm
It’s time to get serious, says Byrnes. #GartnerSEC pic.twitter.com/BYkDnJAQO9
Byrnes says Gartner is commonly asked to explain to the Board what their CISO just said. #communicationfail #GartnerSEC
How to empower the people? #GartnerSEC pic.twitter.com/vQgmNTvsSq
I’ve got a lot of time for Christian Byrnes, but Net Promoter Score is some high-grade bullshit#GartnerSECEC
Really? The Digital Risk Officer will talk NPS? Kill them. Kill them all. #GartnerSEC pic.twitter.com/aEYWMXoG2F
@burgotastic The Digital Risk Officers will create so many new risks by just waving their fingers.
“I’m not saying this is what they do. It’s just what the law requires.†[#GartnerSECrtnerSEC
“Uncoordinated risk management will itself be a risk.†See requirements for US power gri#GartnerSECrSEC
MitchellBrendon “My wife and I get fresh credit cards every 3 months” that’s how bad it is out there #GartnerSEC #creditcard #fraud @cbyrnes
Elapsed time from incident to regulation can be very short. #GartnerSEC pic.twitter.com/YWVmMRQ3K3
Byrne says digital risks are only faced by people “with something rare, like a credit card.†[Smirk#GartnerSECrSEC
MitchellBrendon “The first orgs to be hit will be hospitals! ” #GartnerSEC “Attacks are going to endanger human life” @cbyrnes pic.twitter.com/7alUj1Rrkq
“Digital attacks with physical impacts are no longer a novelty,†but CISOs haven’t been asked to deal with these r#GartnerSECnerSEC
Key issues for the next few years. #GartnerSEC pic.twitter.com/njJKEUYoXm
Exactly this sort of thing, yes. #GartnerSEC https://t.co/OlYuqxg4OB
“The [infosec] risks we face in the next five years will be greater than we’ve had in our entire careers.†— Christian #GartnerSECrtnerSEC
Example: Smart electrical outlets taken over and turned into a botnet for [internal?] DDoS attack. Cute. #GartnerSEC
More emphasis from Byrnes on OT security flaws enabling orgs to be shut down. Elevators, electrical outlets, aircon etc. #GartnerSEC
Hmmm. I thought I’d written about that 2015 model, but apparently not#GartnerSECEC
Here’s Gartner’s 2015 addition to that model. #GartnerSEC pic.twitter.com/zUqSlQdEHv
Byrnes is running through Gartner’s scenario planning from 2013. Here’s how I wrote it up then. https://t.co/Hwrmylj0b4 #GartnerSEC
Closing keynote now: “Security 2020 — the Future of cybersecurity†with Christian By#GartnerSECnerSEC
That’s a paraphrase ’cos I was just settling into the room as Prof MacLeod was finishing his presentati#GartnerSECrSEC
“Spearphishing works best against orgs where the leaders create a culture of never questioning the leaders.†Prof Andrew MacL#GartnerSECrSEC
OH: “You’ll need to retrofit middle management,” which is a glorious euphemism I reckon.
Rob_Stott Hey now the Greens aren’t that bad pic.twitter.com/N0UX2WXxqK
“Precioius.” https://t.co/5NbJODqQTb
I see. https://t.co/cCnTLkRBcL
Can I just say that the #RI at this event is fuckin’ dismal.
Damn I could have saved so much time! https://t.co/I8NvxCoKWM
@MateoMGJ Exactly.
RT @tauriqmoosa: This is literally how all sci-fi horror films start https://t.co/lYjKWXzcHP
Sentences like this are much better without context. https://t.co/3EkYLMgE0y
Just saw a woman who’d made her phone hands-free by sliding it into the folds on the side of her hijab. Neat trick.
@elizabeth_joh Fun for all the family, right? :)
@liquidparanoia My understanding is that a proof of concept has been done.
“Segment your network. Light bulbs should be with light bulbs.â€#GartnerSECEC
“If the trusted execution environment goes evil, what to we do next? I’m sorry, that’’s probably a movie plot.†A#GartnerSECGartnerSEC
@elizabeth_joh “Things are people too,†says Gartner. So yeah, IoT devices become victims of identity theft. Maybe independent of humans.
Mobile threat defence might spot sudden increase in battery drain, apps launching in unusual contexts etc. #GartnerSEC
@MateoMGJ “It’s just a drawing…†;)
RT @Lance_Bradley: The social media manager for @esquire can go ahead and take the rest of the day off. They’re not topping this. https://t…
@rashasman This is the whole point of the discussion here. Devices can’t have ALL your authority, just certain bits of it.
Girard says the auth networks around door locks and aircon and cars are complex. Will anyone want to deal with the complexity? #GartnerSEC
@SwiftOnSecurity Well there’s a question. There’s a bunch of talk here about distributed trust networ#GartnerSECrSEC
Some IoT devices might run on a battery for 10 to 20 years. Example: Someone rewrites your tollroad tag to do… something else#GartnerSECEC
As more than one presenter at #GartnerSEC has said, “Things are people too.” https://t.co/uBhVOotpLS
“It claims to be John’s laptop but it might really be a hacked printer pretending to be a lapto#GartnerSECnerSEC
Gartner: By 2020, 70% of orgs will treat all endpoints as untrusted, up from 20% today. #GartnerSEC
Is the air conditioning too cold in the office? Just download an Android app that’ll let you take over the HVAC system and turn up the temp.
Example: Send malicious PDF to org, when printed it re-flashes printer firmware, printer hacks IP phones, all become audio bugging devices.
@FakeDanTosello And yet here we are.
@voltagex You should equip your wheelchair with those Ben Hur rotating knives for chariot wheels. Many handy uses.
“I used to not get paranoid about lightbulbs, but now you have to worry about what the lightbulbs are up to.†Prezact#GartnerSECrSEC
@voltagex Oh dear. Web 3.0 was supposedly the semantic web†and it’s not anywhere near being a thing. Kill them.
What’s the point of soldiers guarding your nuclear power plant if anyone can connect in over the network#GartnerSECEC
Those ICS apps were “download and control your whole factory from your phone†things and not all a a riskm no sir#GartnerSECrSEC
In the last year, 70% of IoT devices had no encryption. ALL Android ICS apps were vulnerable. 3.4 million cars have major vulns. #GartnerSEC
Girard reckons mobile security and IoT security are extensions of each other. #GartnerSEC
Next up for me: “How Digital Business Reshapes Mobile Security†with John Girard#GartnerSECEC
@marcuskelson @MelbourneGeek We just have to find our fun where we can.
@marcuskelson @MelbourneGeek Far fewer prawns.
LukewSavage Using complex calculations, Trudeau explains how it’s possible to be a feminist while selling arms to Saudi Arabia. pic.twitter.com/FJHfkmhSu0
StephenAtHome Farewell, @Gawker. Hope some other website will step up and finally publish my nudes.
@jplonie These? pic.twitter.com/mLcSoiZNJh
The CISO stream is only part of what happens. Vendors need to explain how they help with the strategy. #GartnerSEC https://t.co/HM12OppJrN
Same. https://t.co/w7cMAF8Tir
@garthk @kcarruthers Her, not me.
@JohnBarronUSA Well as you know, I am a terrible human being…
Pink bits. #GartnerSEC pic.twitter.com/S1BjDfM46e
Imagine the action that might have taken place on this beauty. https://t.co/iyO2D8Esev
If we’re still having to tell people to do this basic stuff then we really are screwed#GartnerSECEC
So how long have we all been hammering these things now? #GartnerSEC pic.twitter.com/Xhn98XApba
State-sponsored threats are just a normal part of the landscape now. #GartnerSEC pic.twitter.com/nBIO9ZORlp
@tobyhede All PowerPoint is excellent, but yes this one is more excellent than most.
“Hands up who knows someone who’s been affected by ransomware?” About 80% of people raise their hands#GartnerSECEC
I let the river wash over me. I am at one with The Message. And later I shall drink. Heavily. But not of the river. https://t.co/C4GMPe0bnL
Window from a vulnerability being announced to being exploited was average 45 days in 2006, 15 days now. #GartnerSEC
@jdub Yeah I was kinda wondering what he was getting at there.
Gartner: Through 2020, 99% of vulnerabilities being exploited will have been out there for a year or more. #GartnerSEC
Threat trends: Multi-vector, low and slow, targeted, evasive, low tech / phishing, monetised, nation state. #GartnerSEC
Some more action items. #GartnerSEC pic.twitter.com/OS9fLYR1zt
Bussa has said “data exhaust†a couple of times. I’m thinking “big data†could be seen as pollution, especially for#GartnerSECGartnerSEC
Data gravity pulls upwards, apparently. #GartnerSEC pic.twitter.com/SOxj0MG4ai
@elronxenu Indeed, and I made this very point at AusCERT two years ago. “Look, I know genocide has a bad reputation, but…”
I like the idea of “Responsible Citizen IT”. #GartnerSEC pic.twitter.com/3qwXPgrbHJ
Containerisation was just referred to as “the Wild West†in terms of standards. “It’s not 100% Docker (yet).â€#GartnerSECGartnerSEC
Garther: Through 2017, SaaS use in 75% or organisations will be dominated by untracked / shadow IT. #GartnerSEC
@MelbourneGeek Some of us are, um, late filing our tax documents, so it’s perennial I’d have thought.
The strategic trends, all of which have security implications. #GartnerSEC pic.twitter.com/sRnY6SjTcK
Here’s some action items for you. #GartnerSEC pic.twitter.com/SBmJajLDig
Gartner: 86% of senior IT/business pros believe there’s a cybersecurity skills shortage. [Feels are not facts, though.#GartnerSECEC
Gartner: By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources. #GartnerSEC
@lewellyn Apparently so. How dare they.
Application security is still “improvisational”. And development is rubbish, imo. #GartnerSEC pic.twitter.com/DFbu27pOOM
Most common email phishing lures. The bad guys A/B test these. #GartnerSEC pic.twitter.com/PAu5dBuUQL
Surprise! Users are still the weakest link. #GartnerSEC pic.twitter.com/M7R5Fh9gA1
RT @jackdrat: lol you can’t take online threats seriously https://t.co/THPs3fzyjl
Next for me: “State of the Threat Environment 2016†with Toby Buss#GartnerSECEC
@trevaskislj Beer, mostly.
RT @johnb78: Everyone who meets Nick Cater should call him “Dick Carter” and then say “whevz loser” when he corrects them https://t.co/19PF…
Oh look! An arsehat organisation using an arsehat word match to do arsehat unfocused spam. Yeah fuck off. https://t.co/9KVFlAvl21
What to do about cloud security when you get back to your desk. #GartnerSEC pic.twitter.com/dbwW6tYx6l
Gartner’s strategic assumption: By 2022 the exceptional scenario won’t be “cloud computing†but “local co#GartnerSEC #GartnerSEC
Most orgs are out of the first column and now working on the second. Column 3 may still be too hard. #GartnerSEC pic.twitter.com/mWUfNnF8QL
Riley says some orgs have fights over who operates the control panel for SaaS, Often it’s business units not IT/security teams#GartnerSECEC
@jdub There is that. Presentations seem to be reinforcing the basics of how you can best use cloud. There’s apparently also corp politics.
What Gartner’s clients are asking for in SaaS providers. #GartnerSEC pic.twitter.com/IZML0uiWRr
@GTRoberts His hair is still a bit spikey, but I suspect there’s quite a bit less coverage than you may remember.
Nice term, “control panel fatigueâ€, because we have “too many point security produ#GartnerSECrtnerSEC
We’re seeing tools emerging that help integrate security into the DevOps cycle, apparently. #GartnerSEC pic.twitter.com/JG5cnhTZBW
This is what Gartner’s clients are asking for in IaaS providers. #GartnerSEC pic.twitter.com/7zvRqypwMT
Once more it’s about risk-based decisions. #GartnerSEC pic.twitter.com/pRUGSUVPku
Gartner’s view of how cloudsec will evolve. #GartnerSEC pic.twitter.com/56MMVLwKxq
The three tiers of cloud service providers. #GartnerSEC pic.twitter.com/LeyN0akmvX
@GTRoberts Yep, he’s wandering around the floor rather than on stage, and it’s conversational.
Some kinds of security transparency are more useful than others. #GartnerSEC pic.twitter.com/iRlB6MoltZ
If customers keep demanding more transparency, cloud providers will have to come up with the goods. Keep asking, says Riley. #GartnerSEC
peproctor This manifestly not true. #GartnerSEC pic.twitter.com/GUGrr3dmLy
Visibility is your cloudsec challenge. #GartnerSEC pic.twitter.com/5whpTWuxmc
1. Control phishing on endpoints. 2. Manage your accounts. 3. Monitor cloud activity. #GartnerSEC
So your greatest risk here is poor credential management. #GartnerSEC pic.twitter.com/oLWPtxqe0d
This is the first of Gartner’s position statement on cloud security. #GartnerSEC pic.twitter.com/TghP4dng0K
And now it’s that now-old message that “They have more money [for security] than you d#GartnerSECnerSEC
Riley says it’ll be easier to demonstrate security compliance with a public cloud provider than with your private cloud#GartnerSECEC
One of the biggest worries is about multi-tenancy, but check the news and you’ll see no problems related to multi-tenancy#GartnerSECEC
Gartner figures show that security and privacy concerns are still what keeps organisations from using public cloud services. #GartnerSEC
Riley suggests auditing your organisation’s proxy logs. You’ll probably find 100 to 1000 SaaS services being us#GartnerSECrSEC
So here’s your cloudsec worries. #GartnerSEC pic.twitter.com/X8r5j0KEEf
Riley: “If you’re still paying for it when it’s turned off, then it isn’t cl#GartnerSECrtnerSEC
Interesting point about different definitions and understanding here. #GartnerSEC pic.twitter.com/uNEfa7boZw
First up for me today: “State of Cloud Security 2016†with Steve Riley#GartnerSECEC
@techoglot I don’t think so.
It’s Adelaide. They were shocked that the axe was only used on a bicycle. #foundinthreegarbagebagsthreeweekslater https://t.co/EtQ4gtcvxh
NO I DON’T WANT CHOCOLATE CROISSANTS I WANT SOMETHING WITH BACON IN IT. #GartnerSEC
No this can’t be right. There must be some sort of mistake. https://t.co/cxX10apyeg
Tue plan: 0900 Gartner Security & Risk Management Summit, Day 2 https://t.co/2UDVuGs89n #GartnerSEC; haircut; @zdnetaustralia video shoot.
@semanticwill @wine_o_phile @davidjbland True enough. And much as I love visiting San Francisco… etc.
@KompleatKnut @semanticwill @davidjbland Good thinking.
@wine_o_phile @semanticwill @davidjbland The whole “in a mansion†thing is reinforcing the idea that thought leadership is related to money.
@wine_o_phile @semanticwill @davidjbland Actually I’d like to see them in a tent in rural East Africa with no electricity or running water.
RT @semanticwill: What could possibly go wrong???? https://t.co/doQJ7gcoSE
RT @VirtualTal: Ladies & gentlemen, meet your new CMO, @ChuckTingle - https://t.co/bwE9l4IDuW
@garystark @R_Chirgwin I should probably stop now.
@garystark But remember too that @R_Chirgwin is a suppository of wisdom.
@garystark Look haemorrhoids are basically @R_Chirgwin’s organising principle for life.
RT @andreasdotorg: AWACS müde. AWACS Strandurlaub! https://t.co/sGsSH7mjuZ
“When Women Stopped Codingâ€, @planetmoney Oct 2014. https://t.co/dF9LabYfut [It came up in conversation yesterday.] https://t.co/M8aVDBKFuk
msuiche A friend working for a Firewall company took this picture at the office today pic.twitter.com/RZPySNaZXg
Actually here’s another way to track my #GartnerSEC tweets. https://t.co/BdOZQTrGlN
All my #GartnerSEC tweets from Monday (and all the others too) are at https://t.co/yFzF7gGFJ9, should anyone care.
Tue plan, supplemental: Somewhere in there we should probably figure out these @zdnetaustralia video will actually contain. #ihavesomeideas
Tue plan, draft: 0900 Gartner Security & Risk Management Summit, Day 2 https://t.co/2UDVuGs89n #GartnerSEC; @zdnetaustralia video shoot.
@ChrissieM Troublemaker.
Tuesday. The more you poke at it, the more it’s likely to fall over. Tuesday