Over the last decade, technology as a whole has exploded worldwide and corporations have struggled to keep pace. Usability and revenue creation have been the key motivating factors, ignoring the proactive design and security required for long-term stability. With the increase of breaking news hacks, record breaking data leaks, and ransomware attacks it is our job to not only scrape by with default installs but to secure our data and assets to the best of our abilities. There will always be cases where you will walk into an environment that is a metaphorical train wreck. So many of us have been there. We've walked into an environment that has exploded with technology, but no talent to manage it, no leadership to distinguish FUD from real threats, and either zero infosec budget or so much they aren't sure what to do with it. If you or someone you know are currently in this situation, we're here to help. We'll go over great steps to start with that will have little impact on budget, but a large impact on moving forward for a more secure environment. It is important to be able to implement low cost security technology and prioritize threats to show upper level management that due diligence has been done before they throw money at blinky boxes.
Amanda Berlin is an Information Security Architect for Hurricane Labs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. While working the healthcare sector, Amanda has been involved in creating a secure method of Payment Card Industries (PCI) and Health Insurance Portability and Accountability Act (HIPAA) compliance and building a comprehensive phishing and awards-based user education program. Amanda is an avid volunteer and has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, CircleCityCon, GrrCon, and DEFCON. She is currently working on co-authoring a Blue Team best practices book as well working as part of a team on an open sourced phishing and user education software package.