Network Security Talk

[Jbarget]

With the recent chat about a security vulnerability associated with our router https://github.com/dwyl/hq/issues/188 https://github.com/dwyl/hq/issues/197 and internal workshops/talks https://github.com/dwyl/hq/issues/188

Would @nelsonic be up for giving a talk on network security at some point? I know there are articles posted in https://github.com/dwyl/hq/issues/135 but it would be great to be learning about it as a group and a talk with Q & A is much more interactive than reading a webpage

[nelsonic]

@Jbarget yeah, this would be useful to anyone who likes the idea of data privacy ... 😉 finding the time tho... also, I would invite someone who knows way more than me to do the talk. 👍

[Jbarget]

Yeh understand about the time, does anyone spring to mind to invite?

[nelsonic]

@evilpacket would my go-to-guy for network security. (creator of https://nodesecurity.io/ ...) he did a (remote) talk for F&C7 in Jan 2016 so we could ask him nicely again... 😉 (this time on the "Podcast"...)

P.S: we ❤️ LiftSecurity! https://twitter.com/nelsonic/status/750758248056180736

[evilpacket]

I'd be happy to talk about security or asking one of my team members that can fill the role better depending on topics.

Any thoughts on narrowing the topic down from general network security?

[Jbarget]

Amazing! well my original motive for opening the issue was reading https://github.com/dwyl/hq/issues/135 and seeing acronyms, googling them and not knowing understanding how they fit together :)

Thought it might be nice to have a direct case study/context to have behind the topic of a talk

[nelsonic]

@evilpacket I know you are insanely busy so wouldn't want to give you guys extra work... I think what would be really interesting for all of us would be to contextualise security from a Developer Perspective e.g: what 5-10 things can I do to improve my security "hygiene".

For example, I saw a young padawan insert a random USB device into their laptop the other day and when I mentioned that his device had just ben Pwnd he laughed it off ... https://github.com/dwyl/learn-security/issues/17 most people don't understand InfoSec or they think it doesn't "affect" them ... 😧

As a rule I never let my laptop out of my sight without turning it off (completely). and even .then only around people I trust with a lot more than a laptop. I'm Paranoid because I've seen the power of the tools. e.g: https://youtu.be/hqKafI7Amd8 even a unskilled script kiddie could Pwn any device in F&C in a matter of seconds without the owner being aware of it. Then I hear about people installing cracked versions of Photoshop (no names to avoid embarassing anyone...) and all I can think of is: this person is smart, but they've just (potentially) handed access to their bank account to a cyber criminal to save a few bucks on paying for software ... can I trust them with access to the company systems ...? 😭

[evilpacket]

I have not forgotten about this thread. I'm pretty busy putting together something for DeveloperWeek next week but once that is over I'll have some time to devote to figuring out the right things to talk about and putting something actually together or getting the team involved and have some fun :)

On Thu, Feb 2, 2017 at 11:41 AM, Nelson notifications@github.com wrote:

@evilpacket https://github.com/evilpacket I know you are insanely busy so wouldn't want to give you guys extra work... I think what would be really interesting for all of us would be to contextualise security from a Developer Perspective e.g: what 5-10 things can I do to improve my security "hygiene".

For example, I saw a young padawan insert a random USB device into their laptop the other day and when I mentioned that his device had just ben Pwnd he laughed it off ... dwyl/learn-security#17 https://github.com/dwyl/learn-security/issues/17 most people don't understand InfoSec or they think it doesn't "affect" them ... 😧

As a rule I never let my laptop out of my sight without turning it off (completely). and even .then only around people I trust with a lot more than a laptop. I'm Paranoid because I've seen the power of the tools. e.g: https://github.com/pwnieexpress/raspberry_pwn even a unskilled script kiddie https://en.wikipedia.org/wiki/Script_kiddie could Pwn any device in F&C in a matter of seconds without the owner being aware of it. Then I hear about people installing cracked versions of Photoshop (no names to avoid embarassing anyone...) and all I can think of is: this person is smart, but they've just (potentially) handed access to their bank account to a cyber criminal to save a few bucks on paying for software ... can I trust them with access to the company systems ...? 😭

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/dwyl/hq/issues/198#issuecomment-277060768, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHEOTccAy98rZ4D0h7Mx1MjJk5JeldOks5rYjGFgaJpZM4L1Nag .

[nelsonic]

@evilpacket thanks! we haven't forgotten either. 🤔 we just don't want to "pester" you. 🙊 really looking forward to it! ❤️

[ghost]

@evilpacket hello! Apologies for the premature question^ ... @iteles has just informed me that this is still on the cards! Can we book you in in for May/June? :)

[evilpacket]

oh man yes, Is there a time in the last week of May that might work? (trying to give myself some sort of time to prepare)

— Adam Baldwin

--- original message --- On Thu, May 11, 2017 at 08:51 am, notifications@github.com Mark William Firth wrote:

@evilpacket hello! Apologies for the premature question^ ... @iteles has just informed me that this is still on the cards! Can we book you in in for May/June? :)

—

You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub, or mute the thread. --- end of original message ---

[ghost]

@evilpacket yes we can certainly find a timeslot! And please take as much time as you need to prepare - we can delay until June if you'd prefer.

Do you have a preference for an evening/after work thing (e.g. 31st may) or something during the working day? Maybe an afternoon? Friday afternoon 26th May? Timeslots other than those are available too - just let us know what would be ideal for you!

[evilpacket]

So I'm in PST timezone and I can be pretty flexible with my schedule from 9am until midnight roughly is fine with me, so what might work in there? I'm bad at timezones.

May 26th would work for me. Really I'm deadline driven so if I have a deadline and I know what ya'll want I can meet that :)

— Adam Baldwin

--- original message --- On Fri, May 12, 2017 at 01:59 am, notifications@github.com Mark William Firth wrote:

@evilpacket yes we can certainly find a timeslot! And please take as much time as you need to prepare - we can delay until June if you'd prefer.

Do you have a preference for an evening/after work thing (e.g. 31st may) or something during the working day? Maybe an afternoon? Friday afternoon 26th May? Timeslots other than those are available too - just let us know what would be ideal for you!

—

You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub, or mute the thread. --- end of original message ---

[ghost]

@evilpacket awesome! How does 9:00 AM your time (5:00 PM here) on May 26th sound to you?

[evilpacket]

rad, let's do it. I'l review the thread again and possibly reach out for a few conversations to focus the talk. About how much time do we want to allot?

— Adam Baldwin

--- original message --- On Fri, May 12, 2017 at 10:26 am, notifications@github.com Mark William Firth wrote:

@evilpacket awesome! How does 9:00 AM your time (5:00 PM here) on May 26th sound to you?

—

You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub, or mute the thread. --- end of original message ---

[Jbarget]

This seems even more appropriate with the NHS hacking just happened.

Really looking forward to this. Thanks @evilpacket!

[ghost]

@evilpacket Let's do 18 min talk + 12 min Q+A Let me know if you'd prefer a different format and we can switch it up - otherwise is that ok?

@Jbarget yes very on trend right now

[evilpacket]

That format works for me. Looking forward to it. Going to put it together today so we'll see what shakes out :)

--- original message --- On Tue, May 16, 2017 at 05:09 am, notifications@github.com Mark William Firth wrote:

@evilpacket

Let's do 18 min talk + 12 min Q+A

Let me know if you'd prefer a different format and we can switch it up - otherwise is that ok?

@Jbarget yes very on trend right now

—

You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub, or mute the thread. --- end of original message ---

[evilpacket]

@nelsonic I don't want to assume as it's got me in trouble before, I see something about a "podcast" above. I'll be able to share slides / visuals right not just audio?

[iteles]

@markwilliamfirth Can we get this into everyone's diaries asap please? :)

[ghost]

@evilpacket awesome thanks for confirming!

We have a TV screen in our office at Focus Hub so I figured we could do a Google Hangout. This would allow you to appear on screen and also share your screen (and therefore slides/visuals too).

@nelsonic I assume by your thumbs up on my comment here (https://github.com/dwyl/hq/issues/198#issuecomment-301761981) that you're happy with this format so I'll send out the invites as @iteles suggests but please jump in and correct if we should be doing a podcast or something else instead!

[ghost]

@evilpacket does your talk have a title or summary yet? Suggestion below...please let me know what I should change so I can send out to people asap! 😄

Network Security 101 with Adam Baldwin

Join us for a remote afternoon talk with Adam Baldwin, team lead at ^Lift Security and creator of Node Security. Adam is an information security professional with over 23 years of experience working with and securing technology. He's worked with some of the worlds largest governments and corporate entities to help secure their assets. Adam will be sharing some of his experiences and providing useful advice and action points people can take to stay secure. Attendees will have a chance to ask questions in the Q&A session following the talk.

Friday 26th May 2017

5:00 PM - 5:30 PM

The event will be streamed at: Focus Hub 16 Palmers Road London E2 0SY

Alternatively join the hangouts link on the day here: hangouts link

[evilpacket]

The working title is : Security beyond the repo

I'm working on the outline and talk right now, but I'm considering it to be a talk about assessing and protecting what we have built outside the repo touching on network and physical security. So while this is not a description it's what I'm working towards.

[ghost]

Hi @evilpacket ! Great - I will advertise this for now (earlier invites will help us get a bigger audience!) - let me know if there are changes and I can update when I send out the event reminder 👍 😄

Security Beyond the Repo

Join us for a remote afternoon talk with Adam Baldwin, team lead at ^Lift Security and creator of Node Security. Adam is an information security professional with over 23 years of experience working with and securing technology. He's worked with some of the worlds largest governments and corporate entities to help secure their assets. Adam will be sharing his experiences about how he is assessing and protecting what he has built outside the repo, touching on network and physical security. Attendees will have a chance to ask questions in the Q&A session following the talk.

Friday 26th May 2017

5:00 PM - 5:30 PM

The event will be streamed at: Focus Hub 16 Palmers Road London E2 0SY

Alternatively join the hangouts link on the day here: hangouts link

[Jbarget]

@evilpacket are there any resources that you would advise looking through before the talk or is this a beginner friendly talk. I say "beginner" because for most of us in the DWYL sphere our experience of coding has mainly come from "within the repo"

[evilpacket]

This will be beginner friendly. I know the audience and should be able to tailor it appropriately. I'll try and also have documentation for anything I mention as well to play with after. Trying to make it high level but practical.

--- original message ---

Fri, May 19 at 4:07 AM, notifications@github.com wrote:

@evilpacket are there any resources that you would advise looking through or is this a beginner friendly talk. I say "beginner" because for most of us in the DWYL sphere our experience of coding has mainly come from "within the repo"

—

You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub, or mute the thread. --- end of original message ---

[ghost]

Hi @evilpacket ! Just wanted to check in with you and ask how things are going? Is there an updated talk title/description or are you happy with what I've posted here?

[evilpacket]

@markwilliamfirth we're good to go. If we can get the hangout setup a little earlier than the talk is scheduled that might be nice in case of technical difficulties.

[ghost]

Will do! Link is here - sent you an invite too!

[ghost]

@evilpacket hope you're excited for the talk! Just a quick q - we were thinking about recording it and putting on the dwyl YouTube channel so that it can reach an even bigger audience - I wondered if you had a preference for us to record it or not? If you'd rather we didn't that's totally fine - but if it's ok then please let me know and I can set it up for recording!

[evilpacket]

@markwilliamfirth recording it is fine.

[ghost]

Closing as this has now been completed (thanks again @evilpacket !)

[samhstn]

@markwilliamfirth Where can we find the recording?

[ghost]

@shouston3 sadly the sound didn't record because of the issues we were having with the speaker/mic - highly annoying considering we tested it three times prior to the talk and at first it was working(!)