Why does InfoSec play bass?

•

2 j'aime•723 vues

Shortly after I was convinced to join Twitter and get engaged with the security community, I started noticing patterns with the people I was meeting. Namely, I noticed that many were also musicians and that the vast majority played the electric bass. As a bass player myself, I understand that the general rule is, if you show up to an open-mic blues jam, you’ll get to play bass all night, and the guitarists will be relieved that none of them have to ‘do bass duty’. I became fascinated with how this pattern seems to reverse in the infosec/hacker community and started to see parallels between security and this particular instrument. I plan to share my research, ideas and theories that I’ve collected on my journey to understand this strange anomaly and look forward to hearing more.

Technologie

Why does InfoSec play bass?
And other insights into hacker/Infosec culture

The InfoSec music scene unfolds…
@joswr1ght
@jsokoly
@ax0n
@secbarbie
@selenakyle
@mongold
@__sporkbomb
@gattica
@mattjay
@JZdziarski
@chrissistrunk
@3XPlo1T2
@DanBratt99
@SeanVerity
@phoobar
@secboffin
@maradydd
@adelmatrash
@hackerhuntress
@J0hnnyXm4s
@p0wnlabs
@daveshackleford
@p0wnlabs
@chrissistrunk
@billbrenner
@caseyjohnellis
@p0wnlabs

Why does InfoSec play bass?
"Good Taste.”
-- Joseph Sokoly

Why does InfoSec play bass?
"We like the low, dark
and sinister. And
backbones.”
”We're not in it for glory
or props. Content in the
background.”
-- Eve Adams

Why does InfoSec play bass?
"Easy, we pull it
together. We keep
the drums on
tempo and support
the band :)”
-- Dave Lewis

Doubts – do we really play bass?
How could I be sure?

Casual observations versus
the big picture

Security Community/Worker Size Estimates
Social Media
Conferences
Workforce
How small is our bubble?

FollowerWonk Results
• Security + researcher = 5334
• Pentester = 1488
• Cybersecurity = 2996
• Hacker = 43571
• Ethical + hacker = 1581
• CISSP – 1605
• Infosec + bass –drum = 11
• Infosec + guitar = 27
Hmm…

How accurate are my stats?
What
Statistics?
Dead on
balls
accurate
Accuracy Scale

So what? Why does any of this matter?
https://fsmontenegro.wordpress.com/2015/07/29/on-the-shortage-of-infosec-professionals/
@fsmontenegro  Follow this guy on Twitter
3561 just in the USAF (cyber command)
2170 just in US Army
1560 Booz Allen Hamilton
1407 Deloitte
1257 US Navy

Would you like to take a survey?
Attackers 45%
Defenders 35%
IR/Forensics 25%
Male 90%
Female 10%
1 – Robot
Active on Social Media?
Nope – 13%
No, not allowed – 5%
Option 5 – 10%
Yes – 79%
Yes, but under an alias– 17%

I throw Information Security events
0%
I work full-time in the information
security industry
69%
I work overtime/double time/too much
time in Infosec. I need a vacation.
10%
I work part-time in the information
security industry
3%
I'm a hacker, security researcher, or do
something else in security, but it isn't
my day job
15%
Security student
1%
SysAdmin
1%
working toward
1%
How are you connected to InfoSec?

Who we are – trolls, pranksters, wiseasses
144 survey respondents, 2448 responses in total
I wasn’t able to count the vast number of wiseass responses.
• Getting kicked in the face by Jimmy Vo.
• I beat up CISOs in dark alleys for fun
• Option 5 typo was a favorite (x14)
• What do you do in the industry? Space Hitler < Thanks!

Survey results – Music
33% of respondents played an instrument
40% of those were multi-instrumentalists
Guitar 28
Bass 8
Violin 5
Drums 4
Saxophone 4
TOP 5

Survey Results – Martial Arts
• Aikido
• Boxing
• BJJ
• Karate
• Kickboxing
• Krav Maga
• MMA
• Tai Chi
• Tang Soo Do
• Goju
• Tae Kwon Do
• Muay Thai
• Shaolin Kempo
19% of respondents practice martial arts

Friends and strangers alike sent me photos of
them doing their hobbies.
Not a single photo scarred me for life or led me to
need therapy!

Who are we?
We’re a
post-dystopian,
neo-cyberpunk
travelling ren
faire!

Conclusions – we see the world differently
They see
• A car
• A door, a lock, a barrier
• Retail environment
• Trash bin
• Gobbletygook
We see
• Potential 80mph brick of death
• A challenge, a puzzle
• Hilariously insecure playground
• Intelligence
• Something to be decoded,
cracked, decrypted…
Both a gift and a curse…

Conclusions
Security is a calling for many of us. It isn’t
a career… it is who we are.

Conclusions
“It was an accident…”
“Can’t remember when it started…”
“I had to decide between jail or an honest paycheck.”
“It's fun to break rules.”
“I like thinking I’m helping”

What’s Next?
What do you want to see? Do you have anything else you’d like to
share?
What direction should I take this?
Avery.Sawaba@gmail.com
@sawaba

Contenu connexe

Similaire à Why does InfoSec play bass?

Why Video Games are Good for You - 12-3-09

hartt

Women in Games Boston March 2018 Talk: Fostering Dialogue between Game Studie...

Audio pro forma

Howdidonesurvive

How did one survive?

Audience research

Zombie Presentation

Audio pro forma

Play and games are set to be the media of the 21st Century in the same way audiovisual media were of the 20th. But libraries have largely ignored the tremendous importance (and potential) of these new media, making little to no effort to include them in collections except as they do so easily, and even ignoring games that come in book form. There has been little effort to curate games and play, cultivate deeper and broader critical appreciation in the public, or even apply accurate taxonomies. (And if you know librarians, that really says something about the size of the blind spot!) This presentation, delivered at the Australian Library & Information Association's 7th New Librarians' Symposium (ALIA's NLS7), outlines the foundational reasons why games and play actually matter a lot more than our culture likes to think, and especially to libraries; it also offers some pointers for making this case to existing library institutions, and how to negotiate a system that is almost completely blind to the value of play.

Playing catch-up: games and play in the wider culture and in the library

Philip Minchin

Animation 14: Computer Science and Music

Buzztime trivia

Monopolize pitch

Monopolise pitch new

Nerds bullying

Robert Douglass explains how the Open Goldberg Variations project successfully raised $24,000 using Kickstarter, produced and released a new public domain score and recording of Bach's iconic work, and spread the message to thousands of people across the world. This presentation was delivered as part of a seminar on Crowdfunding at the Classical:NEXT music conference in Munich, Germany, on May 31, 2012.

Classical:NEXT - Crowdfunding, with Steven Walter and Robert Douglass

Robert Douglass

Life-Play E-Handbook

cdewees

Syzygy 2019 : MELAS Quiz at IMNU

Snehashis Panda

Be Successful! Get Involved!

GeGe Drozen

Delivered at UX Week 2015 in San Francisco, CA: Existing design work treats emotion as a snapshot -- distinct, moment-based -- when real emotion is a moving target that progresses over time. What is your product’s core emotion? When beginning, sinking into, and finally leaving your experience, what states are you evoking in your user, and in what order? Why do we call them “users”, and what starkness of experience fills our foundational assumption space as a result? When we begin to detect what a user is feeling across time in a product experience (hint: even the latest science on this admits it’s really hard), it’s like seeing color for the first time: dynamic ranges that flow across your product landscape, palettes that differ between users, discords and harmonies as user action intersects with intent. Emergence! Here we’ll put a magnifying glass on that elusive emotional progression, explore how the atomic mechanical actions of interaction evoke specific corresponding emotions (which linger on the mind-palate), and suggest a new way of looking at the designer’s toolset when it comes to interactive design.

Wind, Not Sand: Mapping Dynamic Emotion Across a Product Landscape

Erin Hoffman-John

research (interactive)

VeltalGaming

Similaire à Why does InfoSec play bass? (20)

Why Video Games are Good for You - 12-3-09

Women in Games Boston March 2018 Talk: Fostering Dialogue between Game Studie...

Audio pro forma

Howdidonesurvive

How did one survive?

Audience research

Zombie Presentation

Audio pro forma

Playing catch-up: games and play in the wider culture and in the library

Animation 14: Computer Science and Music

Buzztime trivia

Monopolize pitch

Monopolise pitch new

Nerds bullying

Classical:NEXT - Crowdfunding, with Steven Walter and Robert Douglass

Life-Play E-Handbook

Syzygy 2019 : MELAS Quiz at IMNU

Be Successful! Get Involved!

Wind, Not Sand: Mapping Dynamic Emotion Across a Product Landscape

research (interactive)

Plus de Adrian Sanabria

In decades past, cybersecurity professionals spent a lot of their time warning organizations away from bleeding-edge technology. As a group, we’re inherently nervous around new technology. It’s unproven, it has bugs, there’s no basis for trust, and sometimes it violates or pushes back on traditional boundaries and best practices. Traditionally, you were a fool to rush into new technology, but these days… would you be a fool not to? Modern businesses are hyper-aware of the competitive advantages emerging technology can give. While every new technology doesn’t become an advantage, organizations in many industries can’t afford to wait and see before experimenting with it. This talk will explore the cybersecurity professional’s role in each of the five stages of adoption, from innovators to laggards. The talk will also explore what we can do to better guide our employers and clients to make safer and more informed decisions as they try to balance the growth and stability of their businesses.

Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...

Adrian Sanabria

### Part 1 (20 min) - Avoiding Bad Stats Bad and even fake statistics are commonly found in mainstream media, but did you know that they're even more common in InfoSec? Cybersecurity vendors and media can often be found using statistics that are poorly interpreted, come from bad data, or are even entirely fabricated! I'll cover some high-profile examples of bad and fake stats. Then, I'll walk through some strategies and tools you can use to spot and debunk bad stats yourself! This skill isn't just useful for your InfoSec day job, either - these same approaches will work for bad stats you come across in any field. ### Part 2 (20 min) - The Benefits of Playing Live Trivia with Friends Now that you understand how to spot and validate bad stats, I'll talk about how doing weekly live trivia with friends can improve your self-awareness, confidence, and humility. We'll talk about how trivia can help you spot and avoid your own cognitive biases and some fallacies that often lead us down dangerous paths.

Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...

Adrian Sanabria

In InfoSec, many closely held beliefs, commonly accepted best practices, and accepted ‘facts’ are just wrong. These myths and lies spread quickly. Collectively, they can point security teams in the wrong direction. They can give rise to ineffective products. They often make their way into legitimate research, clouding results. "Sixty percent of small businesses close within 6 months of being hacked." There's a good chance you've seen this stat before. It has no basis in reality. The available evidence suggests quite the opposite. "Attackers only need to get it right once, defenders have to get it right every single time." This idea has been repeated so often in InfoSec that it has become generally accepted as a true statement. It isn't just wrong, it's demotivating and encourages defeatist thinking that can sink the morale of a security team. Most of the myths and lies in InfoSec take hold because they seem correct, or sound logical. Similar cognitive biases make it possible for even the most preposterous conspiracy theories to become commonly accepted in some groups. This is a talk about the importance of critical thinking and checking sources in InfoSec. Our industry is relatively new and constantly changing. Too often, we operate more off faith and hope than fact or results. Exhausted and overworked defenders often don't have the time to seek direct evidence for claims, question sources, or test theories for themselves. This talk compiles some of the most interesting research I’ve done over the past decade. My goal is to convince you to treat vendor claims, commonly accepted industry statistics, and best practices with healthy skepticism. You don't need to be a data scientist or OSINT expert to test theories and discover the truth - you just need to sacrifice a bit of your time now and then. I'll show you how.

Lies and Myths in InfoSec - 2023 Usenix Enigma

Adrian Sanabria

The phrase low-hanging fruit is an apt metaphor to explain how security market growth and cybercrime success have mirrored each other. For early humans, it made sense to go for maximum calories with the least effort. As with most things in security, traditional logic doesn't always apply. We got the budget we asked for. We got the shiny products. We got the training. We got the staff. We got breached. Something is clearly still missing in security. This won't be a vendor-bashing, anti-products talk. In fact, I'll argue that products are the least of the problem. In nearly ever breach I've analyzed, the target had all the products and people they needed to prevent, detect, and stop the attack. What's missing is more nuanced. While it isn't low hanging fruit, it isn't rocket science either. What's missing isn't even unique to security - other disciplines and industries figured it out long ago (usually the hard way, after a lot of accidental deaths). We’ve made a lot of progress over the 20+ years I’ve been involved in the industry, but to make the next leap in maturity, we have to shift our focus a bit. This talk will argue we need to shift some of our focus to things like resilient processes, more feedback loops, and improving response through team practice.

Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...

Adrian Sanabria

2019 InfoSec Buyer's Guide

Adrian Sanabria

Equifax Breach Postmortem

Adrian Sanabria

The New Security Practitioner

Adrian Sanabria

The state of endpoint defense in 2021

Adrian Sanabria

Everybody decries the state of the industry. Everyone hates the over-hyped headlines, the obvious FUD and the shameless snake-oil. So why do we have so much of it? This talk aims to examine several of the dark-patterns that have become perfectly acceptable in infosec and then aims to drill down to their root causes. With any luck, we will also get to discuss some options to chart our way out of this mess.

The Products We Deserve

Adrian Sanabria

It's 2019 and we still don't know if we have a complete inventory of our assets. It is impossible to guarantee that they are all safe. The last penetration test resulted in a bloodbath. Every day we worry about whether today is the day they hack us. This cycle of stress and worry MAY break, but each stage of securing system has its complexities and challenges. We will analyze these challenges, these difficulties, and provide strategies to address them. From asset discovery to system tightening to vulnerability management - this presentation will show you how to build lasting trust in the security we provide to our organizations.

Securing Systems - Still Crazy After All These Years

Adrian Sanabria

Red Team Framework

Adrian Sanabria

From due diligence to IoT disaster

Adrian Sanabria

There are over 100 endpoint security products that claim to stop malware and other attacks against Windows. Nearly every major security incident or breach that has made media headlines had two things in common: Windows running one of these 100 products. This workshop won't spend any time bashing vendors, however. In fact, many of these products can be valuable assets when part of a more comprehensive endpoint protection strategy. Part one of this workshop will address the anatomy of malware and why it succeeds so often. The second part will dive down into practical defensive strategies, including passive prevention, detection, response, and remediation. - Passive prevention is effectively free and ideal - Prevention will always fail a percentage of the time, so detection is essential - Response, if practiced and efficient, has a chance of stopping attacks before they reach their goal - Remediation, because someone has to clean up this mess... Every successful security strategy includes planning to handle failure quickly and effectively. The remainder of the workshop will be hands-on. Part three will review the native defensive capabilities in Windows and the pros/cons associated with using them. For the finale, brave and trusting attendees will be invited to run neutered malware on the virtual Windows systems provided for this workshop to test out our newfound defensive skills. If not, there's no shame in watching your neighbor infect themselves with ransomware as you take notes.

Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...

Adrian Sanabria

Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?

Open Source Defense for Edge 2017

Adrian Sanabria

At a time when some say users pose the biggest threat, new tools are emerging that give users more freedom than ever. 451 Analyst, Adrian Sanabria speaks on this bold new approach to application control in our latest webinar. KEY TOPICS 1. Learn from the past: valuing User Experience, IT workload & business/IT relations. 2. Take off the training wheels: it’s possible to trust users to make the right choices, but still have options if they don”t. 3. Drop unreasonable goals: more restrictions ≠ more security.

451 AppSense Webinar - Why blame the user?

Adrian Sanabria

Enterprise security teams are facing numerous challenges because of evolving threat vectors bypassing existing technology, deluge of alerts, and lack of skilled resources to stop advanced threats. Even if enterprises have a budget to bring in outside incident response and forensics teams to stop the bleeding, by then, damages and loss have already occurred. Security teams must change the shape of their security program to stop threats at the earliest and all stages of the attacker lifecycle. Join 451 Research Senior Analyst, Adrian Sanabria, and Director of Products at Endgame, Mike Nichols, talk about how earliest prevention and instant detection can change the shape and outcome of enterprise security program. This talk will outline strategies for: • Prioritizing the alerts and events that really matter • Identifying parts of the investigation workflow that can be automated • Building a detection methodology that creates confidence and continuously improves defenses

451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...

Adrian Sanabria

In recent years, endpoint security has evolved well beyond signature-based antivirus which proved unable to keep pace with the speed and volume of evolving threats. With the onslaught of new security technologies available, it can be difficult to determine where to begin. In this webinar, 451 Senior Analyst, Adrian Sanabria and Cylance Product Marketing Manager, Steve Salinas will discuss a proven approach to securing your endpoints. Adrian and Steve will present the fundamental steps to securing endpoints: • Step 1: A Better Malware Mousetrap • Step 2: More Resilient Endpoints • Step 3: Stopping Non-Malware Attacks • Step 4: Full System Visibility with Endpoint Detection and Response • Step 5: Dynamic Defense with User Behavior • Step 6: Data Visibility • Conclusion: Malware is Solved! What Now? Endpoint security can be complex. Join us for this webinar to learn how applying a reasoned, results-based approach can help you can take control of your endpoints and silence attackers.

451 and Cylance - The Roadmap To Better Endpoint Security

Adrian Sanabria

Security and DevOps Overview

Adrian Sanabria

Endpoint threats have entered a new era, and the security industry has been rushing to catch up. The result is a highly fragmented and confusing market that has doubled in size to over 70 vendors in the last four years. We're in the midst of the second great endpoint security consolidation and will discuss precisely what that means. We'll discuss six progressive stages endpoint security will work through as this market continues to mature over the next five years or so.

2016 virus bulletin

Adrian Sanabria

You’ve heard about security startups on the bleeding edge and you’ve heard early adopters sharing success stories at conferences. Meanwhile, legacy security paradigms have been falling (and failing) around us. This session will discuss building a continuous program for evaluating startups and new technologies (on a budget) while avoiding unnecessary risk and instability to existing infrastructure.

RSAC 2016: CISO's guide to Startups

Adrian Sanabria

Plus de Adrian Sanabria (20)

Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...

Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...

Lies and Myths in InfoSec - 2023 Usenix Enigma

Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...

2019 InfoSec Buyer's Guide

Equifax Breach Postmortem

The New Security Practitioner

The state of endpoint defense in 2021

The Products We Deserve

Securing Systems - Still Crazy After All These Years

Red Team Framework

From due diligence to IoT disaster

Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...

Open Source Defense for Edge 2017

451 AppSense Webinar - Why blame the user?

451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...

451 and Cylance - The Roadmap To Better Endpoint Security

Security and DevOps Overview

2016 virus bulletin

RSAC 2016: CISO's guide to Startups

Dernier

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

How to convert PDF to text with Nanonets

naman860154

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Explore 'The Codex of Business: Writing Software for Real-World Solutions,' a compelling SlideShare presentation that delves into digital transformation in healthcare. Discover through a detailed case study how Agile methodologies empower healthcare providers to develop, iterate, and refine digital solutions that address real-world challenges. Learn how strategic planning, user feedback, and continuous improvement drive success in deploying technologies that enhance patient care and operational efficiency. Ideal for healthcare professionals, IT specialists, and digital transformation advocates seeking actionable insights and practical examples of technology making a real difference.

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Malak Abu Hammad

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Histor y of HAM Radio presentation slide

vu2urc

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Dernier (20)

08448380779 Call Girls In Civil Lines Women Seeking Men

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Presentation on how to chat with PDF using ChatGPT code interpreter

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Finology Group – Insurtech Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

How to convert PDF to text with Nanonets

Breaking the Kubernetes Kill Chain: Host Path Mount

Automating Google Workspace (GWS) & more with Apps Script

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Scaling API-first – The story of a global engineering organization

Histor y of HAM Radio presentation slide

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Artificial Intelligence: Facts and Myths

What Are The Drone Anti-jamming Systems Technology?

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

CNv6 Instructor Chapter 6 Quality of Service

Tata AIG General Insurance Company - Insurer Innovation Award 2024

IAC 2024 - IA Fast Track to Search Focused AI Solutions

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Why does InfoSec play bass?

1. Why does InfoSec play bass? And other insights into hacker/Infosec culture

2. Why are we here?

4. Puzzles, prizes, ermahgerd!

5. Me Nick

6. The InfoSec music scene unfolds… @joswr1ght @jsokoly @ax0n @secbarbie @selenakyle @mongold @__sporkbomb @gattica @mattjay @JZdziarski @chrissistrunk @3XPlo1T2 @DanBratt99 @SeanVerity @phoobar @secboffin @maradydd @adelmatrash @hackerhuntress @J0hnnyXm4s @p0wnlabs @daveshackleford @p0wnlabs @chrissistrunk @billbrenner @caseyjohnellis @p0wnlabs

7. Why do I play bass?

8. Why do I play bass?

9. Why does InfoSec play bass? "Good Taste.” -- Joseph Sokoly

10. Why does InfoSec play bass? "We like the low, dark and sinister. And backbones.” ”We're not in it for glory or props. Content in the background.” -- Eve Adams

11. Why does InfoSec play bass? "Easy, we pull it together. We keep the drums on tempo and support the band :)” -- Dave Lewis

12. Doubts – do we really play bass? How could I be sure?

13. Time for some Data

14. Casual observations versus the big picture

15. Security Community/Worker Size Estimates Social Media Conferences Workforce How small is our bubble?

16. FollowerWonk Results • Security + researcher = 5334 • Pentester = 1488 • Cybersecurity = 2996 • Hacker = 43571 • Ethical + hacker = 1581 • CISSP – 1605 • Infosec + bass –drum = 11 • Infosec + guitar = 27 Hmm…

17. How accurate are my stats? What Statistics? Dead on balls accurate Accuracy Scale

18. So what? Why does any of this matter? https://fsmontenegro.wordpress.com/2015/07/29/on-the-shortage-of-infosec-professionals/ @fsmontenegro  Follow this guy on Twitter 3561 just in the USAF (cyber command) 2170 just in US Army 1560 Booz Allen Hamilton 1407 Deloitte 1257 US Navy

19. Jobs? What jobs??? 68 56 191

20. Would you like to take a survey? Attackers 45% Defenders 35% IR/Forensics 25% Male 90% Female 10% 1 – Robot Active on Social Media? Nope – 13% No, not allowed – 5% Option 5 – 10% Yes – 79% Yes, but under an alias– 17%

21. I throw Information Security events 0% I work full-time in the information security industry 69% I work overtime/double time/too much time in Infosec. I need a vacation. 10% I work part-time in the information security industry 3% I'm a hacker, security researcher, or do something else in security, but it isn't my day job 15% Security student 1% SysAdmin 1% working toward 1% How are you connected to InfoSec?

22. Who we are – trolls, pranksters, wiseasses 144 survey respondents, 2448 responses in total I wasn’t able to count the vast number of wiseass responses. • Getting kicked in the face by Jimmy Vo. • I beat up CISOs in dark alleys for fun • Option 5 typo was a favorite (x14) • What do you do in the industry? Space Hitler < Thanks!

23. So, this bit about the bass…

24. WELCOME TO OUR NEW MASCOT

25. InfoSec actually plays…

26. Survey results – Music 33% of respondents played an instrument 40% of those were multi-instrumentalists Guitar 28 Bass 8 Violin 5 Drums 4 Saxophone 4 TOP 5

27. Survey Results – Martial Arts • Aikido • Boxing • BJJ • Karate • Kickboxing • Krav Maga • MMA • Tai Chi • Tang Soo Do • Goju • Tae Kwon Do • Muay Thai • Shaolin Kempo 19% of respondents practice martial arts

28. Friends and strangers alike sent me photos of them doing their hobbies. Not a single photo scarred me for life or led me to need therapy!

29.

30.

31.

32.

33.

34.

35.

36.

37.

38.

39. Mycology

40. Who are we? We’re a post-dystopian, neo-cyberpunk travelling ren faire!

41. Conclusions – we see the world differently They see • A car • A door, a lock, a barrier • Retail environment • Trash bin • Gobbletygook We see • Potential 80mph brick of death • A challenge, a puzzle • Hilariously insecure playground • Intelligence • Something to be decoded, cracked, decrypted… Both a gift and a curse…

42. Conclusions Security is a calling for many of us. It isn’t a career… it is who we are.

43. Conclusions “It was an accident…” “Can’t remember when it started…” “I had to decide between jail or an honest paycheck.” “It's fun to break rules.” “I like thinking I’m helping”

44. What’s Next? What do you want to see? Do you have anything else you’d like to share? What direction should I take this? Avery.Sawaba@gmail.com @sawaba

Notes de l'éditeur

Ask if there are any bass players in the audience. Ask them to raise their hands. Look pensive and thoughtful for a moment to let the tension build At this point, I either get to say “See, I told you so!” or “Either you guys are lying, or I’ve just discovered a massive, critical flaw in my talk!”
Agenda Intro/Expectations (without giving too much of #3 or #4 away) My Story Casual observations vs. big picture and why this matters Who we are – Survey results Making sense of all this Wrap-up, questions and feedback
A few directions I could have gone with this talk. I envisioned it as something I could give several times, evolving over time. I decided to go lighthearted and entertaining the first time out. At a crossroads with this talk. That’s pretty. There were a few directions I could have gone with this talk. I could have gone serious: ADHD, Burnout, Alcohol – real issues affecting our industry. But I decided to go lighthearted and entertaining for this one. Let me know if you’re interested in the more serious side. Also, I’d love to update this talk and go deeper over time – let me know at the end if that is something you’d be interested in.
*** Pic of Oprah giving stuff away on one side, hacker stickers on the other Anyone that participated in the survey, feel free to pick up your favorite hacker sticker (over on a table somewhere in the room)! Pass out puzzles – two old school iron puzzles and one rubik’s cube < Have someone help with this stuff Prizes will include two SNES carts and a Bsides Knoxville badge for whomever solves the puzzles. Anyone in addition to those, I’ll give an IOU for a tshirt or sticker once I’ve got them made
Let me tell you a story about a boy. AWWW, isn’t this sweet… Tell the Sassy Ann’s story of me and Nick Morgan Fast forward to 2009, when Shack talked me into getting on Twitter – yes, the Twitter fun gauge is directly responsible for all my tweets. Go over the 10:1 Guitar:Bass rule and how I started to notice it seemed to be reversed for musicians in InfoSec. This intrigued me.
Comment that there are some seriously pissed off clarinet players out there. “Why wasn’t my instrument included in his stupid survey!?!” Well, hang on angry clarinet player, and give me a chance to redeem myself! Oh, right, and there’s Dave Shackleford. Sorry, Dave. Seriously though, if you ever have Dave around a piano, try to convince him to play something for you. You won’t regret it!
Why was I attracted to bass? #1 - Its electric cousin was no different – my actual plan if our old townhouse was ever broken into was to use my Hamer Cruisebass as a weapon.
Why was I attracted to bass? #2 - If the electric guitar is a katana, the bass is a 2-handed axe. In Resident Evil, I prefer the shotgun. In Diablo 2 and 3, it was the Barbarian for me – dual-wielding giant fucking axes.
I started asking others about this odd pattern – why did they think so many of us played bass? Put an image for each of them, with the quote, each in a different slide – 3 in all
I started asking others about this odd pattern – why did they think so many of us played bass?
I started asking others about this odd pattern – why did they think so many of us played bass?
Does InfoSec really play bass? How could I find out? Ask for answers, opinions – what do you think? Bullshit? Put multi-instrumentalist tweets here Go go data scientist mode! I decided on a two-pronged approach Interwebs analytics Surveys/interviews
What about everyone else? What about the non-musicians? We’ve all heard people talk about the echo chamber – having discussions within the “security bubble” – we’re in it now! Do I need this slide?
Sorry for the shitty quality here – especially to you Apple Retina users out there, this must be torture. Getting this slide together pushed my graphic design and powerpoint skills to the limit. How big is our collective social media reach? When we bitch about something on Twitter, how far does it go? How many ears does it reach in the grand scheme of things? Note, there are some various discrepancies with this data, but I spent a long time making sure it was as accurate as I could get it. Sorry to those of you that are like vampires with sunlight when CISSP is mentioned…
Well… On a scale from Donald Trump (who feels no need to use statistics) to Mona Lisa Vito (who, is dead-on-balls accurate), my stats are somewhere around the accuracy of Conan O’ Brien’s Clueless Gamer review system
Job Shortages in InfoSec – people are hiring, hiring, hiring! Hiring and talent acquisition is HARD in InfoSec. EXPERIENCE doesn’t tell you if someone is passionate about security or if they’ll fit in with a tightly knit assessment team or incident response group, for example. CERTS don’t tell you a helluva lot, except for ones with practicals RESUMES are full of hopes, dreams and carefully crafted lies Basically, the only good way to find the people you’re looking for is by asking people you trust – networking. That’s really the most important benefit of a security conference, in my opinion. If we understand why great InfoSec/Hacker talent is great, perhaps it could be easier to find/train/retain the talent! Also vice versa – maybe we can make it easier for you to find your dream job! Great post by Fernando Montenegro here (@fsmontenegro)
Jobs! Jobs! Jobs! People want to hire you! They want to throw money at your face! It’s like Oprah in here! You get a job! You get a job! You get a job!
So I decided to do a survey to get a better idea of what was going on here Gender – Exactly the same as my twitter split
How are you connected to InfoSec?
What do you do in the industry? Space Hitler Do you actively discuss security/hacking-related stuff on social media? Option 5 (x14)
So, why does InfoSec play bass?
Ha, I wish! Just kidding. Well, it turns out that sample sizes matter, and I didn’t have a huge sample size when I collected all that anecdotal data I showed at the beginning of this talk. So, I did a survey. 144 of you wonderful people filled it out. Still a small sample size, but I intentionally made an attempt to get people outside the Twittersphere. Want to know what instrument infosec actually plays?
The big reveal – infosec plays…. GUITAR. Cue sad trombone. However, it ISN’T a 10 to 1 ratio – more like 3 to 1 Also, half the bass players that responded were like, “BASS, YEAH!”, whereas half the Guitar players that responded were ‘MEH’ about it So, does the big reveal happen here? Or earlier, so that I can point out my mistake was all from this bubble I was in? Also, am I really, really correct here, or am I still wrong? Or is the point that certain aspects of our personalities just aren’t indicators of a greater whole?
Survey stats – there are two hobbies I felt needed their own dedicated questions in my survey, because of how often they seem to show up – the first of those two is music. 33% of respondents played an instrument – exactly a third. Read some quotes “No, but I have a perfect ear. (Which makes karaoke VERY painful)” I own a bass that I promised my parents I would learn to play 15 years ago.  SIR YOU ARE A DISGRACE 40% of these musicians are multi-instrumentalists
Summary of hobbies, stats
Now THAT’S the Cavalry! Beau and Claus demonstrating non-hackable vehicles.
Nurburgring
Guillaume
Walt reviewing his novel
It’s okay, he’s at a stoplight 
I think we’re all familiar with this sight…
And another familiar sight… Whiskey hackers anyone? Some of us drink, and some of us can’t touch the stuff, but that’s a whole different potential talk, right?
Anyone know what this is?
The overwhelming majority of respondents are clearly passionate about this field – very few simply regard it as “just a job” This is what ties it back to the bass – everyone that played the bass was like, FUCK YEAH, BASS! The vast majority of guitarists were, “meh, a little guitar…”
We stumble upon it < SO MANY! We can’t recall not doing it We had to make a choice We enjoy it Sense of service
Lots of anecdotal stuff, hit on some interesting points, but haven’t gone too deep What’s next? Would like this to be the first in a series of talks about what makes us tick If I dive deeper, where do I go? Dark or light? More job/career-relevant stuff, or more psychological side?

Why does InfoSec play bass?

Recommandé

Recommandé

Contenu connexe

Similaire à Why does InfoSec play bass?

Similaire à Why does InfoSec play bass? (20)

Plus de Adrian Sanabria

Plus de Adrian Sanabria (20)

Dernier

Dernier (20)

Why does InfoSec play bass?

Notes de l'éditeur