Patching - it’s complicated. Organizations at every level struggle with patching. It feels more like a necessary evil rather than a best practice. We're damned if we do, damned if we don't. As much as we like to point fingers of blame and malign the processes in place, the fact is that one size does not fit all when security updates get issued. We’ve lived through the joy of Patch Tuesdays gone bad, watched systems meltdown from patches for Spectre and Meltdown. Given all we should have learned, why does it seem like things are getting worse? Securing our stuff should not be an endless succession of dumpster fires. We need to go beyond just finding the sweet spot between mitigating business risk with vulnerability exposure. Join me in a candid and interactive discussion on this fundamental process that seems inherently broken, especially as it now affects IoT, OT and medical devices. In an off the record, behind closed doors session, let's share what we’ve seen and say what we really think about management, internal and external customers, vendors. Because the cure isn't supposed to be worse than the disease.

Cheryl Biswas, aka @3ncr1pt3d, is a Strategic Threat Intel Analyst with TD Bank in Toronto, Canada. Previously, she was a Cyber Security Consultant with KPMG and worked on security audits and assessment, privacy, breaches, and DRP. Her experience includes project management, vendor management and change management. Cheryl holds an ITIL certification and a degree in Political Science. Her areas of interest include APTs, mainframes, ransomware, ICS SCADA, and building threat intel. She actively shares her passion for security online, as a speaker and a volunteer at conferences, and by encouraging women and diversity in Infosec as a founder and member of the "The Diana Initiative".

@3ncr1pt3d

Back to Derbycon 2018 video list