Cartoon: The Insider Threat
Comment |
Print |
More Insights
Comments
Newest First | Oldest First | Threaded View
Re: Social engineering the office party..
nice post
Re: It's a small world
That was undoubtedly awkward for both of you. IT communities within a city are typically small and closely knit. I attend several tech conferences every year and I see the same people time and again, albeit sometimes with different companies. Unfortunately, non-IT executives rarely venture into those gatherings and it is difficult for them to network with IT professionals, so they sometimes have to rely on paper qualifications. I know some IT folks who look very good on paper, but somewhat lacking in actual experience. Things have a way of sorting themselves out though, especially in a highly technical field such as IT.
Re: It's a small world
The situation was somewhat less than seredipitous.
From what I learned later, the guy omitted or "embellished" certain details about his work history.
Definitely an awkward situation for my friend. He was desparate for a security professional leader for the executive team, but found out after the fact that he had possibly hired a lemon.
I told my friend that it was not uncommon for paths to cross in the security industry. Good security professionals understand and commonly engage the power of human networking and knowledge sharing.
From what I learned later, the guy omitted or "embellished" certain details about his work history.
Definitely an awkward situation for my friend. He was desparate for a security professional leader for the executive team, but found out after the fact that he had possibly hired a lemon.
I told my friend that it was not uncommon for paths to cross in the security industry. Good security professionals understand and commonly engage the power of human networking and knowledge sharing.
Re: It's a small world
Reminds me of that long standing joke about government employees - if you do good work, you are considered invaluable in that position and simply stagnate; but if you screw up, you are removed from the position and then get promoted!
It's a small world
Awhile back, I was attending a small scale IT security symposium.
The first part of the event was a short social time where everyone had bagels and coffee before the first presentation.
It was shortly into that social time when I ran into a good friend who happened to be an executive for another company in the city where this conference was located. He wanted to introduce me to his new CISO and sent his administrative assistant to fetch him from somewhere on the other side of the crowded room.
A few moments later, the assistant came back somewhat upset. She mentioned the CISO had to leave in a rush due to some kind of emergency. My friend was visibly concerned and hoped that we could link up again in the future. He then told me the name of this new CISO and if I had heard of him before.
When he told me the name of this new CISO, I first had to verify what the guy looked like and finalized that by mentioning the name of this new CISOs wife. My friend was amazed I knew the guy and asked where we had crossed paths.
Then I proceeded to inform my friend how approximately a year prior I was involved in getting his new CISO released (fired) from a network manager position at another organization we both happened to work for. The reasons for which I was not at liberty to disclose.
Awkward...
The first part of the event was a short social time where everyone had bagels and coffee before the first presentation.
It was shortly into that social time when I ran into a good friend who happened to be an executive for another company in the city where this conference was located. He wanted to introduce me to his new CISO and sent his administrative assistant to fetch him from somewhere on the other side of the crowded room.
A few moments later, the assistant came back somewhat upset. She mentioned the CISO had to leave in a rush due to some kind of emergency. My friend was visibly concerned and hoped that we could link up again in the future. He then told me the name of this new CISO and if I had heard of him before.
When he told me the name of this new CISO, I first had to verify what the guy looked like and finalized that by mentioning the name of this new CISOs wife. My friend was amazed I knew the guy and asked where we had crossed paths.
Then I proceeded to inform my friend how approximately a year prior I was involved in getting his new CISO released (fired) from a network manager position at another organization we both happened to work for. The reasons for which I was not at liberty to disclose.
Awkward...
for a day
Maybe if it could be stolen for a day and I could be someone else for just that day, it would be cool. Like Madonna. Or Kate Middleton. Or Gwen Stefani. Would I get Gwen's voice along with her identity?
Re: Who's stealing from whom?
@ODA155: haha, you flatter me.
Okay, someone with more money, then. :p
Okay, someone with more money, then. :p
Re: Who's stealing from whom?
@Joe Stanganelli,... Someone "cooler" than you... dude, how is that even possible?
Re: Who's stealing from whom?
LOL, Joe. If only it was that simple..
Who's stealing from whom?
Sometimes I worry about having my identity stolen.
Then I think that if that ever happened, I could seize the opportunity to take on the identity of someone cooler.
Then I think that if that ever happened, I could seize the opportunity to take on the identity of someone cooler.
White Papers
Video
3 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The transition from telework, back to the office, is harder for some people than others.
Latest Comment: The transition from telework, back to the office, is harder for some people than others.
Current Issue
Five Emerging Security Threats - And What You Can Learn From ThemAt Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...
CVE-2015-4948The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.
CVE-2015-5660netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.
CVE-2015-6003Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
CVE-2015-6333Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.
Archived Dark Reading Radio
Dark Reading editors are live at Black Hat 2016. In this special episode of Dark Reading Radio, join executive editor Kelly Jackson Higgins and senior editor Sara Peters as they bring you conversations with speakers from the Black Hat 2016 conference.
- Terms of Service
- Privacy Statement
- Copyright © 2016 UBM, All rights reserved
Tweet This