Taking "eclectic" to the next level
I just finished uploading the audio and video from my talk at HOPE. Here’s the link to the files, along with the PowerPoint slides.
Risk Analysis for Dummies (PPTX)
Risk Analysis for Dummies (MP3 Audio)
Risk Analysis for Dummies (MKV Video)
This past weekend, i helped out with the special event station N2H at The Next HOPE. We worked everything from 2 to 20 meters, including FM, SSB, CW, PSK and RTTY. It was pretty cool doing digital modes for the first time. Here are some pictures of us setting up the antennas on the roof, as well as operating during the conference.
Here’s the slides from my talk at The Next HOPE about how to conduct a risk analysis. I’ll follow this up with the audio and video once it’s available.
Presentation slides:
Risk Analysis for Dummies (PPTX)
View the PowerPoint online
———-
Audio:
Risk Analysis for Dummies (MP3 Audio)
———-
Video:
Risk Analysis for Dummies (MKV Video)
Video on Vimeo
———-
For more information on how to conduct a risk analysis and other resources on the field, visit the following websites:
SARMA: Security Analysis and Risk management Association
Professor McGill’s blog (he taught me everything I know)
I HIGHLY recommend the following books on the subject:
Peter Bernstein: Against the Gods
Nassimm Taleb: The Black Swan
After speaking at The Last H.O.P.E. in 2008, I wanted to come up with another talk I could give on a topic that would interest the 2600 community. After racking my brain for some cool thing I had done that would interest them, I finally figured out what skill I possessed that I could pass on to these computer security enthusiasts, network administrators, IT professionals and people interested in security in general.
From The Full List of Talks:
Risk Analysis for Dummies
Nick Leghorn
We all get that “gut feeling” about what is risky, but how do we communicate that to managers or other people in a meaningful way? And how can we determine what risks are worse than others in a justifiable manner? How do you even define “risk?” In this talk, you’ll learn about the most up to date methods of identifying risk, evaluating risk, and communicating risk to others, as well as some models used by the U.S. government and others to identify attack targets, evaluate building security, diagram attacks, and more. And no math problems harder than simple addition, guaranteed.
Friday 2100 Bell
The synopsis doesn’t really capture what I hope this talk will be. It’s intended for IT professionals and aspiring penetration testers to understand how to take their experience and their intuition regarding what risks and vulnerabilities are int heir network and relate it in a quantifiable manner to managers and clients who may not either believe in their expertise or want to have to justify that new security staff and all those expensive security appliances. I plan to cover:
Here’s the list of other talks for Friday.
If anyone has any suggestions for topics to cover, drop me a comment.
Apparently, every year there’s a memorial day high-power and CMP match on the west coast. Not wanting to be outdone, MCB Quantico hosted this year the first Armed Forces memorial match. There were about 80 shooters (60 NRA, 20 CMP), and I decided to join in on the fun.
The day started with the Marine Corps lighting off a couple fireworks.
We were all very happy to find out they weren’t competing.
After that, we moseyed down to the 200 yard line to set up for the 200 yard shots, which were 2 sighters + 20 record shots offhand slow fire, then 2 sighters + 20 record shots sitting in 60 seconds rapid fire (with a forced mag change). I didn’t do as well as I thought I would. But notice that in the following pictures I have like a gun, a spotting scope, and some ammo, and everyone else has shooting jackets and fancy equipment. So there might be some consolation in that.
The view from 300 yards (the bipod was removed during shooting):
Some of you may be wondering how exactly the targets are moved around. Well I’ll let you in on a little secret: there are PEOPLE working in the pit! Yes, these pit pullers sit there all day long (for $30/shooter) and pull and score your targets.
Here’s a slow fire target. The white circle is on a spindle placed in the last shot fired so the spotter can see it, and the orange dot indicates the score. The score positions are (clockwise from 9 o’ clock) 5, 6, miss, 7, 8, 9, 10, X.
Here’s a target from one of the rapid fire stages. Instead of scoring each shot, orange golf tees are placed in the holes and the scores are tallied on a chalkboard for the spotter.
Here’s the firing line at the 600 yard shot. The sky cleared up quite a bit and I even got a pretty nasty sunburn out of the experience. I’m in lane 11, 5 shooters from the left:
The guy in the red behind me is an Army officer spotting and scoring me. He shot after me, and we swapped (me spotting and scoring him) when he shot. Cool guy. I broke his ECI though.
600 yards is FAAAAAAAAAAAAAAAAAAAAAAAAAAAR!
I lost the first 3 heats’ scores, but here’s my 2 strings from 600 yards:
2+20 @ 600
Sighters : 9 10
Record-S1: 5 10 X 7 6 8 7 8 10 7 = 78 1x
Record-S2: 10 9 7 7 7 8 10 6 8 7 = 79
= 157 1x
[EDIT]: After an email from the event staff, I now have all my scores:
- 200 yards standing slow fire: 165 1x
- 200 yards seated rapid fire: 170 3x
- 300 yards prone rapid fire: 184 1x
- 600 yards prone slow fire: 157 2x
Total score: 676/800
And with my refund check, I think I’m gunna buy an NRA service rifle. So I can stop feeling like I’m cheating in tactical class.
Nick Leghorn is a Pennsylvania State University graduate living in Virginia and was browbeaten into creating this blog. Visit NickLeghorn.com for more.
Bloghorn by
Nicholas Leghorn is licensed under a
Creative Commons Attribution-Noncommercial 3.0 United States License.