OpSec for InfoSec

Presented at CarolinaCon 13 (2017), May 20, 2017, 4 p.m. (60 minutes)

A brief overview of OpSec techniques for various threat levels. The talk will cover different techniques depending on what your threat model is. Are you trying to hide from your parents / spouse, your ISP, or nation-state backed threat actors? The talk will briefly cover alias and persona creation and compartmentalization, browser fingerprinting, VPNs and various ways they will fail you. Of course, we can't have a good OpSec talk with looking at and learning from some other people's glorious OpSec failures.

Presenters:

• Justin Nordine
  Justin Nordine (@jnordine) has worked in cyber security for 13 years in various engineering, architecture, and research roles. He is currently the Galactic Viceroy of Clicking & Scrolling and occasionally has a global thought. Justin is on the board of directors for the FALE Associate of Locksport Enthusiasts as the Chief OSINT Overlord. FALE is a small non-profit whose goal is to educate others on the effectiveness, or lack thereof, of the physical security measures commonly used in today's society.

Links:

• https://infocon.org/cons/CarolinaCon/CarolinaCon 13 2017/OpSec for InfoSec - Justin Nordine.mp4
• https://infocon.org/cons/CarolinaCon/CarolinaCon 13 2017/OpSec for InfoSec - Justin Nordine.srt (subtitles)
• https://www.youtube.com/watch?v=8u7yyFYvzC4

Similar Presentations:

• BSidesLV 2015 / Classic Misdirection: Social Engineering to Counter Surveillance
• Red Team Summit 2019 / Offensive OPSEC - Walking on Air
• ToorCon San Diego 14 (2012) / OPSEC