Monday, September 07, 2009

Bejtlich Speaking at Information Security Summit

My boss Grady Summers, GE CISO, and I will be presenting one of the keynotes at the Information Security Summit, 29-30 October, in Warrensville Heights, Ohio. Our topic is "CISO + CIRT = Success."

In 2007, the CISO of General Electric decided to invest in a dedicated program to detect and respond to intrusions, as a centralized, global function within GE. Since then, GE has built a Computer Incident Response Team (CIRT), deployed dozens of sensors acorss the company, aggregated billions of log records, and institutionalized its detection and response processes. In this presentation, the CISO of GE (Grady Summers) and GE's Director of Incident Response (Richard Bejtlich) will describe their experience with this process.

I am really excited about the pre-conference training at this event. I will participate in Introduction to Malware Dissection by Tyler Hudak, GE-CIRT's reverse engineer. This is a two day course for less than $500. You cannot beat the quality of this training at that price, period!

You can follow @Summit2009 for updates on the conference.

1 comment:

Anonymous said...

Great use of comparative cost. How was risk factored? Your thoughts?

Sep 21 2009, 10:41 am by Marc Ambinder

Cyber Security: Einstein And The Privacy Debate
Within the next two weeks, as National Cyber Security Awareness Month begins, the White House is finally expected to name its executive cyber security coordinator, and former assistant secretary of defense Frank Kramer is the leading candidate. One of Kramer's selling points is that he sees a public debate about cyber security as urgent and necessary. The communications challenge he faces is, in some ways, the same old story: when it comes to homeland security, we do a poor job of estimating risk. Where DHS spent $50 billion since its inception on Project BioShield, which stockpiles medicines in the event of an improbably widespread biological terrorism event, it has spent about $80 million on cyber security, even though cyber security breaches happen regularly, and are regularly damaging. It's a fairly large miscalculation, one that has shaped policy and the public's response to it. Since the beginning of the administration, there have been more than 100 confirmed cyber attacks on major American corporate and government interests.

http://politics.theatlantic.com/2009/09/body_font-familytahoma_font-size10pt.php