ANNOUNCEMENTS: INFOSEC CAMPOUT TICKETS ARE STILL ON SALE. Go to https://www.infoseccampout.com for Eventbrite link and more information.

Part 2 of our Discussion with Chris Sanders (@chrissanders88)

Topics discussed:

Companies dropping existing frameworks for ATT&CK Matrix, why?

Rural Technology Fund - What it is, how does it work, Who can help make it more awesome.

https://chrissanders.org/2019/05/infosec-mental-models/

I’ve argued for some time that information security is in a growing state of cognitive crisis…

Demand outweighs supply

Because so many organizations need experience, they are unable to appropriately invest in entry-level jobs and devote the necessary time for internal training.

That’s an HR and hiring manager issue, right? --brbr  No. --bboettcher

Information cannot be validated or trusted

    There are few authoritative sources of knowledge about critical components and procedures.

Large systemic issues persist with no ability to tackle them in a large, mobilized, or strategic manner.

    The industry is unable to organize or widely combat the biggest issues they face.

    Groups of individuals, everyone thinking they have the ‘right answer’, just like linux flavors --brbr

https://www.fireeye.com/blog/threat-research/2015/06/caching_out_the_val.html

https://www.helpnetsecurity.com/2018/07/10/windows-shimcache-threat-hunting/

Dependence on tools: http://traffic.libsyn.com/brakeingsecurity/2016-006-Moxie_vs_Mechanism-dependence_on_tools.mp3

https://en.wikipedia.org/wiki/Cognitive_revolution

https://buzzmachine.com/2019/04/25/a-crisis-of-cognition/

How do we solve it?

1. We must thoroughly understand the processes used to draw conclusions.
   1. S.M.A.R.T.?
2. Experts must develop repeatable, teachable methods and techniques.
3. Educators must build and advocate pedagogy that teaches practitioners how to think.

https://www.maximumfun.org/shows/sawbones - sawbones podcast (amanda mentioned)

Mental Model?

    We use them all the time? Gotta simplify the complex...

    Distribution and the Bell Curve

    Operant Conditioning

https://www.latimes.com/science/la-sci-emotional-stereotypes-about-women-20190530-story.html

    The Scientific Method

Applied Models

    13 Organ Systems

    4 Vital Signs

    10 Point Pain scale

Defense in Depth

OSI model

Investigation Process

https://en.wikipedia.org/wiki/Inductive_reasoning

Model Desperation

    Companies dumping existing models and embracing something else

The problem is that we’re model hungry and we’ll rapidly use and abuse any reasonable model that presents itself. Ultimately, we want good models because we want a robust toolbox. But, not everything is a job for a hammer and we don’t need fourteen circular saws.

What makes a good model?

Simple

Useful

Imperfect? (wuh?)-brbr

Creating models

    Begins by asking a question… (what is the weather going to look like tomorrow? --brbr)

        What defines the sandwich? (kind of like “https://en.wikipedia.org/wiki/Theory_of_forms” --brbr)

Discuss the Rural Tech Fund https://twitter.com/RuralTechFund

    https://ruraltechfund.org/

Practical Threat Hunting - https://twitter.com/chrissanders88/status/1133388347194454018

Practical Packet Analysis - https://nostarch.com/packetanalysis3

Suggesting books:

https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555

https://www.amazon.com/Undoing-Project-Friendship-Changed-Minds/dp/0393354776

More references on Chris’ site https://chrissanders.org/2019/05/infosec-mental-models/

Book Club

Cult of the dead cow - June

Tribe of Hackers - July

The Mastermind - August

The Cuckoo’s Egg - September