It’s RSA week! A week where security professionals from far and wide travel to San Francisco to attend not only RSA conference, but the number of other events around it. Whatever the flavour, there’s usually something for everyone.
I didn’t make the pilgrimage this year, opting for a low-key vacation with the family during the Easter break. So, this week, most of the updates are viewed through the lens of attending a conference remotely.
RSA
RSA is the melting pot for diverse groups to converge. It’s not just a security conference. It is an ecosystem that breeds many micro-conferences, each catering to specific audiences. While many observations can be made about the size of the vendor hall, it would be an over-simplification to say RSA is just a vendor-conference.
There are investors looking to see where money should go, industry analysts get a good idea of which direction trends are heading, professionals share ideas and network, recruiters find out who is hiring, and who is looking.
It’s also the time of year for which many vendors save their biggest announcements, be those new product lines, features, or mergers and acquisitions.
AlienVault announced its new free threat hunting service, OTX Endpoint Threat Hunter™.
It’s a free threat-scanning service in Open Threat Exchange that allows you to detect malware and other threats on your critical endpoints using OTX threat intelligence. This means that you can now harness the world’s largest open threat intelligence community to assess your endpoints against real-world attacks on demand or as new attacks appear in the wild.
- #RSAC: Defenders Need to Work Together for Better Protection | Infosecurity Magazine
- #RSAC: It’s Time to Kill the Pen Test | Infosecurity Magazine
- RSA acquires UEBA vendor Fortscale | RSA
BSidesSF
Apparently, BSides San Francisco was held in a movie theatre and the talks were given in front of an IMAX screen. All I’m saying is I hope that more conferences do that – the opportunities to take advantage of such a setup are amazing.
A bit of trivia is that apparently IMAX is a Canadian invention
New life goal: give a talk on an IMAX screen #BSidesSF (ps. did you know IMAX is a Canadian invention??) pic.twitter.com/pOb0T8tl46
— Leigh Honeywell (@hypatiadotca) April 15, 2018
It looked to be a good event, as is to be expected from an established BSides, with a number of talks getting some social media love.
@KingmanInk is a fantastic illustrator, and was at hand to create posters of talks in real-time. The collection of all the posters can be found on this twitter thread.
- BSidesSF 2018 Schedule, see what happened | BSidesSF
- #BsidesSF How to Solve Infosec Problems with Creative Solutions | Infosecurity Magazine
- #BsidesSF Managing Secrets in Your Cloud Environment | Infosecurity Magazine
OURSA
One of the new events this year at RSA was Our Security Advocates, OURSA. A single-track, one-day conference that focussed on diverse experts to present.
Regardless of your views on diversity, there is no question that there were some stellar talks, and all are available to view on the live stream.
OURSA Live stream| YouTubeOURSA Agenda| oursa.org
How to prepare for an infosec interview
Hopefully many people have made the most of their networking at RSA and lined up some interviews. Here’s a good post by Timothy De Block from a couple of weeks ago with tips on preparing for an infosec interview.
- How to prepare for an infosec interview | Timothy De Block
Netflix open sources Titus
Netflix has announced it is open-sourcing its container management platform Titus.
Over the last three years, Titus evolved initially from supporting batch use cases, to running services applications (both internal, and ultimately critical customer-facing). Through that evolution, container use at Netflix has grown from thousands of containers launched per week to as many as three million containers launched per week in April 2018. Titus hosts thousands of applications globally over seven regionally isolated stacks across tens of thousands of EC2 virtual machines. The open-sourcing of Titus shares the resulting technology assembled through three years of production learnings in container management and execution.
Titus allows us to quickly and nimbly add features that are valuable as our needs evolve, and as we grow to support new use-cases. We always try to maintain a philosophy of “just enough” vs “just in case” with the goal of keeping things as simple and maintainable as possible.
- Titus code | Github
- Titus, the Netflix container management platform, is now open source | Netflix blog Medium
How deep does the rabbit hole go?
A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others -- without the users' knowledge or consent.
Localblox, a Bellevue, Wash.-based firm, says it "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks." Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles.
Something different
I’ll end with this article on why so many tech companies’ logos look the same. It’s a really interesting piece with some insights into what makes a tech brand.
THE LOGO ISN’T THE BRAND ANYMORE
“People at the head of these powerful digital brands, as any strong brand, know very well they are not defined by their logo anymore but by the product or service they provide. They are strong, thanks to what they allow you to do with them. Before, logo designers would look for a ‘concept’ when designing a logo. That is obviously not needed anymore: The brand is the concept. Their logos may look similar, but what they offer is totally different and effective, and that’s what finally counts for the consumer. They are 100% recognizable.
- Why Do Google, Airbnb, And Pinterest All Have Such Similar Logos? | Fast Co Design
Post-credit teaser
I know I said the previous article was the last one, but I have been reliably informed by my colleague and editor of our AlienVault blog, Kate Brew that I won the security bloggers award for the most entertaining blog.
So far this tweet is the only evidence I’ve seen of it – so I’m honoured and grateful… unless this was a prank, in which case, well played.
At Security Bloggers Meetup @J4vv4D has won most entertaining Security blog! @alienvault watch out he’ll be demanding an increase :blush: #rsac
— Kate Brew (@securitybrew) April 19, 2018