Defense in Depth for Systems Administrators

Views: 316

Written By: Jayme Hancock March 16, 2017

Defense in Depth is a complex topic, and many of the available resources target senior executives or information security professionals. How does a systems administrator implement defense in depth within the scope of their job, focus on what matters, and plan for failure of each security control? What can be implemented quickly, without associated costs, and help prevent a great majority of attacks?

In my talk at the Cascadia IT Conference in Seattle (March 2017), “Defense in Depth for Systems Administrators,” the concept is introduced through a series of “bad to worse” scenarios that demonstrate where a layered defense would have helped prevent or contain damage from a malicious actor.

Slides are available here.

Jayme Hancock

Jayme Hancock is a Penetration Tester with AppSec Consulting with 14 years of experience in the Information Technology field as a systems administrator and security professional. He holds the Offensive Security Certified Professional (OSCP) certification, the Certified Information Systems Security Professional (CISSP) certification, the Certified Ethical Hacker (CEH) certification, and the GIAC Certified Enterprise Defender (GCED) certification. He has helped secure and implement network systems for small and medium businesses, as well as Fortune 500 companies. Over the past five years, he has implemented and managed the HIPAA compliance program for an insurance brokerage from the ground up, including creating and enforcing security policies and performing compliance audits and penetration tests. He served on the board of directors for a local ISSA chapter from 2013-2014 and is active in the information security community.

read more articles by Jayme Hancock

© Copyright 2017 AppSec Consulting, All Rights Reserved