Security Management Without the Suck

BSidesLV 2014

Presented by: Tim Krabec, Tony Turner
Date: Tuesday August 05, 2014
Time: 14:00 - 14:50
Location: Common Ground

This talk will discuss real world techniques for implementing and optimizing a security program that we call RADIO(Recon, Analyze, Develop, Implement, Optimize). Conventional wisdom has historically presented guidance that works well in textbook scenarios or for very large companies but often does not integrate well with small to medium size companies. Our Five Step approach aims to provide more reasonable guidance for small to medium size companies or those organizations with operational models that might not lend themselves well to traditional methods.

Tim Krabec

Information Security Analyst, [Redacted] Just Father with an Infosec problem. Over the years Tim's passion for Information Technology has taken him from Programming to System Administration, Consulting and into Information Security. Tim has been an active member of the South Florida Chapter of ISSA since he was introduced to the group back nearly 10 years ago. Tim's passion has let him to giving talks at his local ISSA Chapter as well as Skytalks. Tim enjoys the problem solving aspect of Information Technology. Tim has competed in the Mystery Challenge at Defcon, this is a team based challenge which involves skills from many different disciplines, from Hardware, to soldering, to bookbinding, arcane languages, Social Engineering, to problem solving and Programming.

Tony Turner

Tony has over 10 years of working experience in the information security field, specializing in Web Application Firewalls and Web Application Architecture. Tony has a wide range of experiences including Penetration Testing, Incident Response, Security Architecture, Security Program Development, and PCI Compliance. Before joining GuidePoint Security as a Managing Security Consultant, Tony was the Senior Project Lead for Darden Restaurants, a Fortune 500 organization, responsible for managing security operations and engineering teams, as well as technical lead for web application security architecture, incident response, PCI and security assessment activities. He holds a BS in Information Security and Compliance from Hodges University, founded and leads the OWASP Orlando Chapter and founded and coordinates the B-Sides Orlando security conference. Oh and certs, yeah he has way too many of those things.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats