Posts by Trey Ford

5 min Events

The Black Hat Attendee Guide Part 7: Your Survival Kit

Joining us for the first time? This post is part seven of a series that starts right here [/2015/07/13/the-black-hat-attendee-guide-part-1]. Hacker Summer Camp is no joke, and you've got to have a game plan when you head for Vegas. If you don't travel frequently, this is for you. Ignoring sartorial conundrums and basic hygiene, this post is focused on keeping your body operating at peak… or at least somewhat operational. Vegas: It's nothing like home for most of us. Desert allergens, low humi

10 min Events

The Black Hat Attendee Guide Part 6: The Sponsor Hall, Arsenal, and more

If you are just joining us, this is the sixth post in the series starting here [/2015/07/13/the-black-hat-attendee-guide-part-1]. Conferences are magical and serendipitous. YouTube can't capture the electricity you remember in the room as you tell someone “I watched Barnaby jackpot an ATM,” as others echo back “I was there that year too!” At technical conferences, the content leads the way—it is what brings us to the show. Catching up on that research and work being done at “the tip of the spe

5 min Events

The Black Hat Attendee Guide Part 5 - Meaningful Introductions

If you are just joining us, this is the fifth post in the series starting here [/2015/07/13/the-black-hat-attendee-guide-part-1]. Making An Introduction I might be wrong, but I'll argue that networking is a transitive verb, so ENGAGE! The real magic starts happening as you progress: * Level 1-- Start with a “Hi, my name is… ” Yes, it's that simple, thanks to Slim Shady [https://youtu.be/dQw4w9WgXcQ?t=43s] * Level 2-- Demonstrate that you have an idea of the world the other person li

5 min Events

The Black Hat Attendee Guide Part 4 - Guest Post: Talking to the Media & Press

My friend Miss @VioletBlue [http://twitter.com/VioletBlue] has shared some wisdom on connecting with the press at Black Hat in this guest post below. Enjoy! So, you're going to Black Hat 2015 [http://blackhat.com/us-15/]… As Mr. Trey Ford succinctly described in the Black Hat Attendee Guide Part 1 [/2015/07/13/the-black-hat-attendee-guide-part-1], you're going to Infosec Zombieland. Infosec Zombieland is a unique apocalyptic landscape, besides which requiring comfortable shoes and a strong liv

7 min Events

The Black Hat Attendee Guide Part 3 - Networking Like A Boss

If you are just joining us, this is the third post in the series starting here [/2015/07/13/the-black-hat-attendee-guide-part-1]. Networking Like A Pro Black Hat will clear 9,000 attendees this year, and it is really easy to feel really small in a crowd that big. The vast majority of folks you'll see there will only know a few people at the show—it is your duty to change that for them. This blog post won't make you the best conversationalist at the conference, but it should be enough to get

7 min Events

The Black Hat Attendee Guide Part 2 - The Briefings

If you are just joining us, this is the second post in the series starting here [/2015/07/13/the-black-hat-attendee-guide-part-1]. Content is king. Research is what binds us, and you should not be surprised that some of the best in the game focus their annual research calendar on the Black Hat USA CFP. Offensive security research is the tail that wags the dog—many vendors and architects spend the year trying to get back in front of some of the bombs dropped at Black Hat each year. There's a

3 min Events

The Black Hat Attendee Guide, Part 1 - How to Survive Black Hat

If you're like me, you have wanted to go to Black Hat [http://blackhat.com/us-15/] for ages. If you're going, have a game plan. For first timers, this series will be a primer full of guidance and survival tips. For returning attendees, this will help maximize your experience at Black Hat. First, I want to give you perspective on my bias, coloring guidance offered here. My slant is that of someone who was a booth babe (sales engineer), a speaker, an attendee, Review Board member and former Gen

1 min Events

CyberUL & Standards of Due Care

Last week I attended a SINET [http://www.security-innovation.org/innovation-summit_2015.htm] event in NYC- one of those rare crossings of technology talent from Silicon Valley and other tech hubs, Wall Street security executives, and DC beltway leadership. Lots of thoughts, but this one has been on my mind for some time. Those that caught my BSides Nashville keynote have heard these thoughts. A question was posed by a gentleman from DHS, “How do we establish and build upon a standard of due car

4 min

Securing Credit Lines: Eating Our Own Dogfood

We InfoSec (or cybersecurity) folks, we're full of all kinds of sage wisdom: “Put a password on your phone, tell it to self destruct after 10 failed attempts” … check! “Set up WPA2 on your home network!” … check! “Install patches as fast as you can!” … (well, as best as I can?) …check! “Freeze your credit reports!” … static “Dogfooding [http://en.wikipedia.org/wiki/Eating_your_own_dog_food]” (verb, slang) is a term used to reference a scenario in which a company uses its own product to va

5 min

Civilian Considerations on Getting Government Security Clearance

[EDIT] Added some additional thoughts based on twitter feedback I just read an article about how Silicon Valley and DC are at odds on getting security clearances, and my thoughts won't fit into 140 characters as Twitter demands. (And apparently this is what blogs are for!) Here's the article: Friction heats up between DC, Silicon Valley [http://www.cnbc.com/id/102483901]. Go ahead and read it first. I'll wait. whistles ... OK, great! You're back -- so let's dive in. Setting the stage here:

4 min Government

Obama: Data Custodians are Accountable

Yesterday, President Obama announced he's proposing new legislation to boost data privacy and custodianship on a national level. [http://www.whitehouse.gov/the-press-office/2015/01/12/fact-sheet-safeguarding-american-consumers-families] As there's a lot to tackle here, I'm breaking my thoughts into a handful of areas. The need for a Federal mandate on breach notifications and data privacy Currently, data privacy is a bit of a patchwork that varies a great deal from state to state. Today, 47 s

3 min

Cyber Monday Halftime - Actionable Guidance for Retail Teams

Today is Cyber Monday, a major online shopping day following U.S. Thanksgiving that continues the frenzied retail activities of Black Friday [http://www.rapid7.com/resources/videos/anatomy-of-a-credit-card-breach.jsp], and the growing inclination toward online shopping (rather than camping on a sidewalk in the dead of winter) means online performance matters. Said slightly differently, retail analysts project 2.5 BILLION USD to spent online today. At this point in the season, retailers have

3 min PCI

Cyber Security Awareness Month: Data Custodianship

By now, you know that October is Cyber Security Awareness Month in the US [http://www.staysafeonline.org/ncsam/] and across the European Union [http://www.enisa.europa.eu/activities/stakeholder-relations/nis-brokerage-1/european-cyber-security-month-advocacy-campaign] . We know many SecurityStreet readers work in information security and are already “aware” - so this year we're equipping you for executive tier cyber security discussions. We kicked this off last week with a piece on why security

4 min

Anatomy of Retail Credit Card Breaches

At the moment it seems like there's a breach announcement pretty much every day. And this year, there's been a big focus on retail breaches. Rather than pick on Home Depot or any of the other 1,555 breaches that have been documented this year, we want to break down how miscreants typically get into retail chains. While we don't know exactly what happened at Home Depot—yet—the method below is a pretty typical path of attack. If you are at all familiar with PCI, you already know and appreciate th

3 min

The true cost of "free": Xfinity Comcast's new WiFi offering

Just in case you missed it… Comcast recently launched the first of its planned public WiFi hotspots, which leverage equipment being used in the homes of millions of its current customers to extend service availability. At first glance, this bold move by Comcast seems like a brilliant way to use the existing hardware in millions of homes to extend internet access for customers on the go. The way it works is this: XFINITY customers using the Comcast hardware (Arris 852 or 862 wireless routers)