Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 3

Operational Security

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Good morning, everybody. How's it going today? And I'm tempted while it was a long weekend and then a little bit of travel back and forth episode 93 operational security. Reason why I want to talk about this. I'm attending blackhat as you can tell by the wonderful new business Hotel background, and I'm on the road.

I'm here in Las Vegas for abnormally. I don't travel that much in August. So I was going to stay home and look from afar, but this time I came down and I'm already having a great time but on the plane down. Couple things happen and it was tweaked a little bit of an idea around for today's episode which comes around there are technical sides to it.

But there's a lot of processing people involved and it's very much and trying to keep that information from leaking out either intentionally or unintentionally use the security of the operation itself. Obviously by the poster loose lips sink ships. So it's making sure that you're not giving away things needlessly.

So good example here is on the on the water runs behind me. You can see you're one of the doors closet door a bit of the window, but nothing significant or distinct actually identify what room are made. Happened to stay here. So there's a slight possibility that I can get my location undisclosed.

Then these aspects behind me this background could potentially they might United States and their I've had an unintentional leak behind instead. What I should have done is gone behind. There's a flat painted wall on a slice of engaging background for a podcast listeners Derek beige wall piece of operation.

attending this conference with your surprise me with what is it about the what was amazing was just having a conversation getting to know each other which is absolutely on planes in travel trying to talk to each other trying to pass the time be friendly that's wonderful, but the content of their discussion over the several our flight was absolutely shocking to me they were describing how their customer networks and they were one of them was describing how his customer Their Network out just how it functioned how they're change visor board worked out of the process to get a change through the challenges specific teams that were problems in that process named off a number of Technologies used to defend that network problems.

He saw with those Technologies and the other person was also describing some of the activities that they were under way too much detail. If I had been a malicious act or I can simply recorded all that information written down and had a great first sweep of sort of enumerated this particular Network and they named the network.

And now I expect from a developer conference. I expected in different contexts that a security conference for people to be actively discussion and discussing these types of details Massive failure in operational Security in that happens time and time again, no positive example in that somebody last night and gave me the classic you don't ask them what they tell you that could have just been out.

I'm trying to be interesting to put a passport people but for me operational security better answer than I can't tell you just yet very generic simple answer like arm and I T admin done, but that was much better operational Security in this happens time and time again where people explain very specific details.

Give me very specific details about the organ could be talking to people is absolutely critical to move security for. You need to be out there. You need to be social but you're right. You helped explaining or network is almost as bad. If not worse explaining at the security controls at different gaits and cons found their weaknesses in the ends or where their strengths that bad.

And there's a number of things that you need to worry about for operational security is Cher but share not but don't just blab about there because you never know who is listening. The hallways of a conference like this. There are always people listening and is always devices that could potentially be operational security something that you need to talk to your team.

It's something that you need to remind yourself about it something you need to practice. So interesting topic. I'm sure we'll cover it more. I just wanted to touch base on it today because it's online marketing email me at Mark thoughts. Do you have a sheriff? Do you have experience in this you have drill operational security practices into Team members employees without being positive examples.

Let me know what as always. I hope you set up for a fantastic day. I will be broadcasting again at tomorrow before taking a short break for holidays. So talk to online and I'll see you on the show tomorrow. Good morning, everybody. How's it going today? And I'm tempted while it was a long weekend and then a little bit of travel back and forth episode 93 operational security.

Reason why I want to talk about this. I'm attending blackhat as you can tell by the wonderful new business Hotel background, and I'm on the road. I'm here in Las Vegas for abnormally. I don't travel that much in August. So I was going to stay home and look from afar, but this time I came down and I'm already having a great time but on the plane down.

Couple things happen and it was tweaked a little bit of an idea around for today's episode which comes around there are technical sides to it. But there's a lot of processing people involved and it's very much and trying to keep that information from leaking out either intentionally or unintentionally use the security of the operation itself.

Obviously by the poster loose lips sink ships. So it's making sure that you're not giving away things needlessly. So good example here is on the on the water runs behind me. You can see you're one of the doors closet door a bit of the window, but nothing significant or distinct actually identify what room are made.

Happened to stay here. So there's a slight possibility that I can get my location undisclosed. Then these aspects behind me this background could potentially they might United States and their I've had an unintentional leak behind instead. What I should have done is gone behind. There's a flat painted wall on a slice of engaging background for a podcast listeners Derek beige wall piece of operation.

attending this conference with your surprise me with what is it about the what was amazing was just having a conversation getting to know each other which is absolutely on planes in travel trying to talk to each other trying to pass the time be friendly that's wonderful, but the content of their discussion over the several our flight was absolutely shocking to me they were describing how their customer networks and they were one of them was describing how his customer Their Network out just how it functioned how they're change visor board worked out of the process to get a change through the challenges specific teams that were problems in that process named off a number of Technologies used to defend that network problems.

He saw with those Technologies and the other person was also describing some of the activities that they were under way too much detail. If I had been a malicious act or I can simply recorded all that information written down and had a great first sweep of sort of enumerated this particular Network and they named the network.

And now I expect from a developer conference. I expected in different contexts that a security conference for people to be actively discussion and discussing these types of details Massive failure in operational Security in that happens time and time again, no positive example in that somebody last night and gave me the classic you don't ask them what they tell you that could have just been out.

I'm trying to be interesting to put a passport people but for me operational security better answer than I can't tell you just yet very generic simple answer like arm and I T admin done, but that was much better operational Security in this happens time and time again where people explain very specific details.

Give me very specific details about the organ could be talking to people is absolutely critical to move security for. You need to be out there. You need to be social but you're right. You helped explaining or network is almost as bad. If not worse explaining at the security controls at different gaits and cons found their weaknesses in the ends or where their strengths that bad.

And there's a number of things that you need to worry about for operational security is Cher but share not but don't just blab about there because you never know who is listening. The hallways of a conference like this. There are always people listening and is always devices that could potentially be operational security something that you need to talk to your team.

It's something that you need to remind yourself about it something you need to practice. So interesting topic. I'm sure we'll cover it more. I just wanted to touch base on it today because it's online marketing email me at Mark thoughts. Do you have a sheriff? Do you have experience in this you have drill operational security practices into Team members employees without being positive examples.

Let me know what as always. I hope you set up for a fantastic day. I will be broadcasting again at tomorrow before taking a short break for holidays. So talk to online and I'll see you on the show tomorrow.