Tag Archives: show

Accepting Risks

Posted on by
Reply

risksOne could argue that life is all a series of risks. Sometimes we remain in a state of ignorant bliss. Other times, we are aware of risks and take measures to mitigate it. But sometimes we choose to accept the risk.

Accepting risk is not a bad thing. Quite the opposite. Without risk acceptance, there would be no innovation. The reservoir of great ideas would dry up and bankers would have to make do make ends meet with mere six figure bonuses. Risk acceptance is the grown up thing to do. “We understand the risk, and chose to accept it. It’s the cost of doing business.”

But the question is whether some of the risks businesses accept are “unreasonable”. Like creating a toy that captures children’s information. Such as their name, address, birthday, photo, parents details, and allergies – then taking this information and putting it on an insecure website.  We don’t mean a website that is accessible over HTTP minus the S. But a website so insecure that it makes OWASP training websites look ‘military grade secure’ by comparison.

Thankfully though, whenever a company is breached and millions of customer records are exposed – a company can merely shrug and say sorry.  All the time while assuring they ‘take security seriously’.  Customers don’t like it.  Troy Hunt will upload the data to haveibeenpwned.com and the world will grit their teeth and take it.  This is the seedy world of corporate risk acceptance.  The terrifying underbelly of cyber-actuarial tables (if such a thing exists).

The point is that you can’t innovate and deliver new functionality to customers by building a secure website. Or waste precious time ensuring your hardware is hacker-proof. If you do, your competitors will have leapfrogged you.  Not to mention, no customer would want to pay a premium on your offering just because you say it’s more secure than the others.

Or maybe the real question is “how secure do I need it to be?”.

Host Unknown presents: Accepted the Risk (A Risk Management strategy for removing blockers to productivity)

Why waste time remediating when you can simply accept the risk?

@HostUnknownTV bring to life a Risk Manager who gets the balance of risk management very wrong.  Are the CISA auditors being inflexible or did Javvad skip a module on his CRISC?

Love it? Hate it? Leave a comment below!

http://hostunknown.tv

@HostUnknownTV

Produced by Mahmoud El-Azzeh @mantheycallmoo

Directed by Mahmoud El-Azzeh

Director of Photography – Caleb Wissun-Bhide

1st Assistant Cameraman – Iustin Filip-Mucenic

Editor – Lara Blanco

VFX and Colour Grading – Timothy Greenfield

 

Starring

Javvad Malik

Andy Agnês

Thom Langford

 

Dancers provided by Epika Dance http://www.epikadance.com/

Emiko Jane Ishii

Martha

 

Extras

Pauline Singh

Lee Munson

 

An Elazayan Films Production

https://www.facebook.com/Elazayan-Films-284223804977370/

Host Unknown does the RANT Conference

Posted on by
1

Host Unknown WatermarkLast week saw our presenters trying their hand at working the conference circuit, as attendees, presenters and vendors, and all in one day.

Apparently it was a success, and despite the somewhat dubious swag that was given away throughout the day there was a lot of interest in what Host Unknown has to offer the info sec world (Although Andy will say it was more down the the bucket of sweets he was handing out, Javvad will talk endlessly about his nail files and Thom will proselytize about the merits of stickers).

Since Host Unknown is obviously now playing with the big boys in the conference space, we decided to put together a series of Top Tips on how to successfully attend a conference and have your brand make an impact. These tips are vital to anyone looking to get the most out of meeting their potential customers for the first time. Use them with caution though, they are powerful stuff!

Tip 1: Get your story straight. Ensure you are all know what your key messages are and that they are consistent.

Tip 2: Always promote your brand. Use every opportunity to get your brand ahead of your competitors.

Tip 3: Share the days workload with your colleagues. Conferences make for long days, so make sure you do your best to support each other throughout.

Tip 4: Ask for constructive feedback from the other vendors. They were new to this game as well, and that conference camaraderie means they will always help you to improve.

Tip 5: Leave your potential customer knowing who you are. They should be in no doubt as to who you are and what your brand stands for.

The first tip was posted yesterday, with another one coming every day for the next four days.

Look out for our in depth review of the RANT Conference next week! The internet phenomenon known as Host Unknown is now officially in business.

Host Unknown Loves Conferences – But Which One is THE BEST?

Posted on by
Reply

Wallpaper1

Host Unknown is willing to help everyone in this community they call Info Sec, and that includes contributing to other blogs and ensuring our unique point of view and brand are spread as far and wide as possible.

Previously posted on Information Security Buzz last week, our hosts discuss which conference is the best one to attend and why, as well as other very important factors that affect our decision to attend one conference or another. Indeed, our hosts will be representing Host Unknown at a conference just next week!

What is the Best Security Conference to Attend and Why?

Andrew Agnes: THE best event to attend was Defcon RANT Conference 9 in 2001.  It had everything; fancy new badges never before seen (funky badges have since become a feature at some cons), technical content I understood, female attendees (not so common before that), new friends and lots of alcohol.  Plus I recall the pound being fairly strong against the dollar at the time so that helped too.

Javvad Malik: Yeah, I could list the usual suspects and say if you want a view on all the latest technology then something like RSA RANT Conference is the place to be, if you want the latest exploits Defcon / blackhat RANT Conference are great venues – and if you just want to ‘keep it real’ like the NWA and chill with the do-ers and practitioners in the hood, I’ll take a local Bsides RANT Conference event over anything else each and every time.

Thom Langford: Any conference that allows you to get a complimentary cup of tea throughout the day. Too many conferences (I’m looking at you RSA RANT Conference) define when I am in need of the elixir of life leaving me dehydrated and close to the edge. It sounds small, but when you take advantage of the hallway track as much as me only having tea available during formal breaks is no use.

Unfortunately, based on that criteria that leaves the list quite short, so I have had to resort to attending under the guise of the Press to get access to a lounge, or tough it out for a few years until I get access to the VIP lounge. Still, at least it got me participating.

JM: Wow Thom, way to set the bar – your enjoyment of a conference is directly proportional to the amount of free caffeine they provide. Nice, then people wonder why the quality of conference attendees is so poor – it’s freeloaders like you who give the rest of us a bad name! I mean, don’t worry about things like – you know, actual content or networking with talented peers.

AA: Don’t “tea’s” him Javvad, I actually agree with Thom for the most part (don’t mocca me)!  I don’t know if the quality of conference attendees is getting poorer or if that is just some unsubstantiated statement which others continue sharing.  Very few conferences have a continuous schedule that holds the interest of everyone.  Attendees will go with the intention of seeing a select few talks (or speakers) and then whatever else looks interesting to them.  A lot of the time that “whatever else” is the hallway track RANT Conference, either one-to-one or with a small group.

If an attendee wants a drink, let them have it!  It’s actually law that a British citizen should never be denied a cup of tea when requested.  It’s our equivalent of the First Amendment in the US [someone should check this fact before we go to print] <we checked, it’s true. HU.>.  Let attendees decide when they’re ready to sit and concentrate and when they need a different type of interaction – we don’t all learn from presentations.  Most conference RANT Conference venues are in easy to reach, metro locations.  People will walk out to a local cafe to enjoy the ambience of the “cafe track” RANT Conference in favour of the hallway track RANT Conference if you don’t give them what they need and those are networking opportunities the thirsty people who remained behind will miss out on.  If the affordable and reasonably priced conferences RANT Conference can do it, the bigger commercial ones should be able to as well.

So have we talked enough without actually specifying a single, current, upcoming conference which we recommend as the best?  Or shall we just hide behind our love for community driven events like BSides RANT Conference,  SteelCon RANT Conference, et al and those we know supply a healthy selection of beverages with great content like RANT Conference and 44con RANT Conference?

TL: Yes, the best conferences are the ones that give you a great environment to chat with your peers, colleagues and friends, as well do a bit of career networking too. Different conferences are better for different people depending upon the subject matter and your areas of interest, so it is going to be the mandatory tea that makes the difference.

That said, I really like 44CON RANT Conference; I can’t understand a word of most of the presentations (pretty sure they are given in Japanese or maybe even Greek) but the people you meet are fascinating and well educated and I always learn something. The mandatory tea, beer and gin o’clock obviously help too.