Five Mistakes We Wish Users Would Stop Making

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, 4 p.m. (45 minutes).

Despite the carrots and sticks, admonishments, and reward gift cards, enterprise users continue to make critical missteps. This talk presents the top five mistakes that users continue to make, despite seemingly obvious (to us!) consequences. Why are organizations, even those with impressive technology stacks and defensive layers, still vulnerable to user misbehavior? What can security teams do to shape user behavior to eliminate or at least mitigate these risks? Bring your best enterprise user awareness solutions as this all woman panel shares what works based on their professional experiences. They’ll also collect feedback from participants, and give everyone actionable ideas to take home.


Presenters:

  • Lee Neely (moderator)
  • Amanda Berlin / Infosystir as Amanda Berlin
    Amanda co-authored the best practices book called "Defensive Security Handbook: Best Practices for Securing Infrastructure” with Lee Brotherston through O'Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. Amanda has been involved in implementing a secure Payment Card Industries (PCI) process and Health Insurance Portability and Accountability Act (HIPAA) compliance as well as building a comprehensive phishing and awards-based user education program. Amanda is an avid volunteer and has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, O’Reilly Security, GrrCon, and DEFCON. While she doesn't have the credentials or notoriety that others might have, she hopes to make up for it with her wit, sense of humor, and knack for catching on quick to new technologies.
  • Chelle Clements
    Chelle's worked in cyber security for over 20 years. She has a BS and an MS in ISM from University of San Francisco, and strongly supports STEM. She is an Army Veteran, she spent 30-years at Lawrence Livermore Nat’l Lab in three different fields (chemistry, physics and computer science).
  • Lesley Carhart
    Lesley Carhart is a Principal Threat Analyst, Threat Operations Center at the industrial cyber security company Dragos, Inc. She is recognized as a subject matter expert in cybersecurity incident response and digital forensics, regularly speaking on the topic at conferences and universities.
  • April C. Wright
    April C. Wright is a hacker, author, teacher, and community leader with over 25 years of breaking, making, fixing, and defending global critical communications and connections. She is an international speaker and trainer, educating others about Information Security, with the goal of protecting individual privacy and important assets to make the digital components that impact our lives safer and more secure. A security program specialist for a Fortune 15 company, April has held roles on offensive, defensive, operational, and development teams throughout her career, and been a speaker and contributor at numerous security conferences including BlackHat, DEF CON, DerbyCon, Hack in Paris, DefCamp, ITWeb, as well as for the US Government and industry organizations such as OWASP and ISSA. She has started multiple small businesses including a non-profit, is a member of the DEF CON Groups Core Team, and in 2017 she co-founded the Boston DEF CON Group DC617. April has collected dozens of certifications to add letters at the end of her name, almost died in Dracula’s secret staircase, and once read on ‘teh interwebs’ that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the “most significant and interesting person currently inhabiting the earth”, so it must be true.

Links: