Your Security Is The Key To Our Success!

Future Shock: The Future of Fraud Today

Below is the abstract and link to the referenced material, including the presentation, from the Taste of IT on Nov 8, 2023. This is the first release in the Future Shock series. [FYI: Mo was unable to attend so I presented his slides]. Enjoy!

"The presenters will discuss the evolution of Organizational Identity Fraud and the abuse of organizational identity assets from the beginning of the World Wide Web to its current incarnation. They will assess the state of organizational identity asset protection programs and answer the question “Are organizations prepared for the world of software defined everything, nation state threat actors and coexisting with the Internet of Dangerous Things?”

The presentation will update the definition of Corporate Identity Assets and introduce relevant, novel, and forward-thinking threat catalog items associated with Organizational Identity Fraud. The presenters will articulate control affinities and practical life-cycle management practices for consideration, positing how transformational trends in mobility, computing and social media conspire to make organizations more vulnerable, while demonstrating how marketing, security and operations can join forces to turn the tables on their adversaries by becoming “hard targets”.

Building on prior work published in 2006 ( ) and 2021 ) the presenters will share new research & insight that demonstrate multi-domain mayhem caused by abusing organizational identity assets and exploiting (hidden) dependencies! Further, they will share their methodology, findings, and novel & emerging threat catalog items (aka relevant use cases).

Presentation Link

Innovation Matters: Invisibility Cloak

“Wicked” Business Problem:
The simple act of connecting a device to a network (wired or wireless) exposes (high-value) it to more risk.                                
Innovative Approach:
Provide dynamic connectivity protection and resource sharing, in hostile environments, with no externally visible attack surface.
Vetted Solution:
BYOS’ human friendly approach uses a physical dongle to effectively “Cloak” personal computing devices, rendering them invisible and allowing them to connect with confidence.
Call To Action:
If you are interested in learning more dm me on LinkedIn or check them out @ BYOS [ Tell them Bryan sent you ;) ]

Innovation Matters: Ransomware "Kill Switch"


“Wicked” Business Problem:

Organizations running flat networks are especially vulnerable to high-impact attacks that rely on lateral movement like ransomware.
Innovative Approach:
The ability to move from a flat network to a layer-3 isolated (micro-segmentation) network (IT/OT) in a matter of hours with NO downtime or 3
rd party agent software.
Vetted Solution:
Airgap’s elegant approach is truly innovative and worthy of consideration. Using DHCP to build a layer-3 overlay network, they can transform a legacy network into a virtual Purdue compliant environment. Prebuilt logic provides the ability to prevent ransomware propagation and introduces a “kill switch”, which can be activated in the case of a ransomware outbreak.
Call To Action:
Educate yourself on
Airgap's innovative approach to layer-3 isolation and segmentation.

Facilitated Innovation & Structured Choice

What is it?
·       A field-proven methodology that identifies self-funding business cases and drives transformational change. I have used this method successfully in my practice for many years now.
How does it work?
·       Facilitates a dialog with key stakeholders who can affect organizational change.
·       Aligns the organization’s mission with stakeholder capabilities (known & latent).
·       Determines what MUST be true in order for the organization to achieve its mission objectives.
·       Optimizes value across diverse stakeholder communities.
·       Leverages rapid prototyping to Fail/Succeed Fast as measured against key proof points.
·       Delivers in 30-90 Day Proof of Value (PoV) sprints.
·       Produces a pipeline of Innovation Candidates to support a transformation plan of record.
·       Populates an organization specific Curated Service Catalog that is fit for purpose and provides choice
·       Institutionalizes a bespoke service selection methodology that ensures the Optimal Choice is made to capture Maximum Value as defined by the relevant stakeholders.
Here is an example of a Curated Service Catalog for the manufacturing sector:

So what?
By distilling the world of possibilities down to business-friendly options, organizations can realize more value faster and at scale. I plan on sharing some of the most interesting, timely and relevant candidates via a new blog series called Innovation Matters.

Point of Origin Hacking (POOH)

Historically, infosec risk managers have stressed only focusing on the most likely and impactful threats. However, this practice often misses “obvious” vulnerabilities that lead to catastrophic failure. When realized, these threats are often branded as “black swan” events, which some believe could never be predicted. This lack of imagination is no longer acceptable, given advances in modeling and simulation capabilities.
Rather, novel, forward thinking and expanded threat catalogs need to be developed and adopted. This is the fundamental tenant behind POOH (Point of Origin Hacking). The concept goes like this; If you have a properly motivated adversary, they will (eventually) develop or obtain a (theoretical) capability that they will use against you. So, build systems that take into account theoretical vulnerabilities, as they will likely become practical in the fullness of time.


Example: In a post quantum world, many encryption algorithms will be worthless as a protection mechanism. Knowing this, organizations should choose algorithms that are post quantum secure.
So the next time someone tells you that an alien invasion, zombie apocalypse and giant meteors are out of scope for your threat catalog, just remind them that those items look a lot like volcanoes, pandemics, unprovoked war, trucker strikes, train derailments, global warming...Plan accordingly, because you never see the one that gets you.