Tell me where it hurts. No - really! As much as we like to point fingers of blame and malign the processes in place, the fact is that one size does not fit all when security updates get issued. What's the definition of insanity: doing the same thing over and over. Organizations at every level seem to be struggling with staying on top of patching, but it feels more like a necessary evil rather than a best practice. Especially given the Meltdown Spectre debacle. We're damned if we do and damned if we don't. We need to go beyond just finding that sweet spot between mitigating business risk with vulnerability exposure. Let's talk about how can we fix this process that seems inherently broken, especially as it now affects IoT, OT and medical devices. Because the cure isn't supposed to be worse than the disease.

Cheryl Biswas, aka @3ncr1pt3d, has landed her dream job as a Strategic Threat Intel Analyst with TD in Toronto, Canada. Prior to that she was a Cyber Security Consultant with KPMG and worked on GRC, privacy, breaches, and DRP. Her areas of interest include APTs, mainframes, ransomware, ICS SCADA, and building threat intel. She blames this on her ITIL certification and degree in Political Science.She actively shares her passion for security in blogs, online, via podcasts, and speaking at conferences.

Back to Circle City Con 2018 Videos list