Here’s the slides from my talk at The Next HOPE about how to conduct a risk analysis. I’ll follow this up with the audio and video once it’s available.
After speaking at The Last H.O.P.E. in 2008, I wanted to come up with another talk I could give on a topic that would interest the 2600 community. After racking my brain for some cool thing I had done that would interest them, I finally figured out what skill I possessed that I could pass on to these computer security enthusiasts, network administrators, IT professionals and people interested in security in general.
We all get that “gut feeling” about what is risky, but how do we communicate that to managers or other people in a meaningful way? And how can we determine what risks are worse than others in a justifiable manner? How do you even define “risk?” In this talk, you’ll learn about the most up to date methods of identifying risk, evaluating risk, and communicating risk to others, as well as some models used by the U.S. government and others to identify attack targets, evaluate building security, diagram attacks, and more. And no math problems harder than simple addition, guaranteed.
Friday 2100 Bell
The synopsis doesn’t really capture what I hope this talk will be. It’s intended for IT professionals and aspiring penetration testers to understand how to take their experience and their intuition regarding what risks and vulnerabilities are int heir network and relate it in a quantifiable manner to managers and clients who may not either believe in their expertise or want to have to justify that new security staff and all those expensive security appliances. I plan to cover:
I was looking around trying to remember what news articles I’ve been in recently, and so to save myself from having to do it again in the future I figured I’d post them here.
Yesterday, Rob and I went to the Harrisburg Gun Show. Rob finally found the Tokarev TT-33 (OK, it’s really a Zastava m57, but it’s basically identical), and I picked up some nifty ammo. Naturally, we had no choice but to organize a trip to the range to try out our new toys.
Rob cleaning his new handgun
Exploded m57
All oiled and pretty...
The range we went to was out in Bellwood, PA. We wanted to go to the Sportsmen’s Association, but the other guys in our group weren’t members, which wouldn’t fly with the club rules. So we tried out a little range about 6 minutes from the BSA. It was, however, a bit unsettling that the road to get to the range runs parallel to the range for about 20 yards. As in, one negligent discharge slightly to the right from the pistol shooters and my car has extra ventilation. Other than that, $3 a head for a day of shooting isn’t all that bad.
Any opportunity to wear the uniform is a good one.
The gang
Mmm... Chicks with handguns...
SKEET SKEET BANG BANG!!!
Volley fire = win
After a while, we asked the range officer to let us shoot some hard drives that had failed, and that I “just happened” to bring along.
Our makeshift hard drive stands
Unfortunately, the video of the actual shooting is too low quality to warrant being immortalized on YouTube. However, I bring you the aftermath:
Evidence of Ryan trying to get the elevation right
Hillary holding a particularly destroyed drive
Rob shows off his kill
The day's carnage. Somehow, the black one came through unscathed.
My target. One shot, one kill.
This is pretty cool. The platters fused together when the bullet passed through.
A nice shot of the exit wound
As we were leaving, I spotted a guy with a Desert Eagle, and asked him to let me take a few shots. To my delight, he agreed!
Yes, the spent cartridge hit me in the eye. Left a nice streak of spent powder on my nose and cheek.
Nick Leghorn is a Pennsylvania State University graduate living in Virginia and was browbeaten into creating this blog. Visit NickLeghorn.com for more.