What trends in the security seems to lead in the right direction and which ones are bad ideas?
Information Security within the information technology space has been with us since the advent of the mainframe and the use of access control tools on IBM mainframes. The advent of the internet moved us to a full open model of exchange information enabling direct opportunities to exploit and leverage this information. Many early models were based on the age-old castle and moat model eventually moving to a defense in depth model that incorporated people process and technology. This model has not changed much with minor iterations applied even though major shifts in data usage, availability, transfer mechanisms, and storage occur at an ever-faster pace. Over the years, what was once seen as a good idea has eroded into poor security practices and hygiene. The intense push to deliver more features and greater functionality at near warp speed takes its daily toll on information security programs while new devices for creating, storing, and forwarding data explodes and Moore’s law is no longer valid.
The paper and subsequent discussion intends to examine information security budgets, reporting structures, the concept of risk, software development, patches/updates/vulnerabilities, the outmoded model for information security, incident response, and a look at disruptive information security technologies non-inclusively. We will examine each are for pros and cons. The intent is to discover forces for and against positive change while explaining if the pattern and potential trends suggest the correct direction. We will attempt to make practical and pragmatic recommendations within our findings.
Jeff is the Chief Intelligence Officer for Treadstone 71 with clients on 4 continents. In 2007, Jeff received the RSA Conference award for Excellence in the Field of Security Practices. His team also won the 2007 SC Magazine Award – Best Security Team. Jeff sits or has sat on the Board of Boston Infragard, Content Raven, Journal of Law and Cyber Warfare, and Wisegate and was a founding member of the Cloud Security Alliance. Jeff served in the USAF as a cryptologic linguist and in the US Army / US Army National Guard as an armor officer, armored scout platoon leader.
Mr. Bardin has extensive experience in cyber intelligence lifecycle services, intelligence program builds, TIP selection and build out, targeted research and support, cyber counterintelligence services and analysis, deception planning, and cyber operations. He teaches Cyber Intelligence and Counterintelligence (Anonymity, Cyber Personas, Collection management, Clandestine Cyber HUMINT, Socio-Cultural Aspects of Intelligence, Critical Thinking, Cognitive Bias, Methods and Types of Analysis, Mitre ATT&CK, Structured Analytic Techniques, Analytic Writing, Briefings, and Dissemination), open source intelligence collection and tool usage, strategic intelligence, operational/tactical/technical intelligence, and methods in media manipulation identification.
He has BA in Special Studies - Middle East Studies & Language from Trinity College and an MS in Information Assurance from Norwich University. Jeff also attended the Middlebury College Language School for additional language training. Mr. Bardin also spent two+ years studying Russian history, literature, political systems, and language. He lived and worked in the Mediterranean area and the Kingdom of Saudi Arabia and the UAE. Jeff was an adjunct instructor of master’s programs in cyber intelligence, counterintelligence, cybercrime and cyberterrorism at Utica College. Mr. Bardin has also appeared on CNN, CBS News Live, FoxNews, BBCRadio, i24News, BBN, and several other news outlets and has contributed bylines to Business Insider non-inclusively