loader from loading.io

2017-025-How will GDPR affect your Biz with Wendyck, and DerbyCon CTF info

BrakeSec Education Podcast

Release Date: 07/22/2017

post-bsides SD discussion, EPSS, the answer I should have given, and 'Lord Brake' show art post-bsides SD discussion, EPSS, the answer I should have given, and 'Lord Brake'

BrakeSec Education Podcast

Check out the BrakeSecEd Twitch at or Youtube: https://youtube.com/c/BDSPodcast join the Discord: https://bit.ly/brakesecDiscord https://arxiv.org/abs/2302.14172 - EPSS whitepaper https://www.linkedin.com/posts/jayjacobs1_epss-threatintel-vulnerabiltymanagement-activity-7308146548767404032-RubN https://www.first.org/epss/ https://events.zoom.us/ev/AmoNH3baC7HVqDlDmgUtd2uCmTCMwJXfkR8mG6I5OxzbW01nhRMQ~AoEYQz5ROK4ybE4iX9b0PL-1utz4z0nbyrTjT4lskH_08_zfesR_Q_rNlA - BHIS training with Bronwen Aker on 03 April 2025 Music: Music provided by Chillhop Music:...

info_outline March23: buy browser extensions, attackers don't need exploits, socvel CTI quiz show art March23: buy browser extensions, attackers don't need exploits, socvel CTI quiz

BrakeSec Education Podcast

Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://bit.ly/brakesecDiscord Questions and topics: (please feel free to update or make comments for clarifications) * https://techoreon.com/http-flaw-in-apple-passwords-left-iphones-vulnerable/ * https://darkmarc.substack.com/p/attackers-dont-need-exploits-when * https://www.techzine.eu/news/security/129713/the-browser-is-riddled-with-bugs-2025-may-squash-them/ * https://medium.com/@vanvleet/compound-probability-you-dont-need-100-coverage-to-win-a2e650da21a4 (interesting article on quantifying attack risk by...

info_outline steam distributes malware in game form, RDP open from DOGE servers, hacking a supply chain for 50K show art steam distributes malware in game form, RDP open from DOGE servers, hacking a supply chain for 50K

BrakeSec Education Podcast

Youtube VOD:     – supply chain issues can crop up anywhere… are you blocking people from steam and popular software downloads online? <- 100 digits of pi <- periodic table song   Additional information / pertinent LInks (Would you like to know more?): https://www.socvel.com/quiz/ https://xphantom.nl/posts/Offensive-Security-Lab/ Show points of Contact: Amanda Berlin: Brian Boettcher:   Bryan Brake:   Brakesec Website: Youtube channel: discord: https://discord.gg/brakesec Twitch Channel:    Music: "Flex" by Jeremy...

info_outline Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more! show art Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more!

BrakeSec Education Podcast

Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://discord.gg/brakesec #youtube VOD (in 1440p):   Questions and topics: Bsides Vancouver discussion Semgrep Community and Academy Building communities What are ‘secure guardrails’ Reducing barriers between security and developers How to sell security to devs: “hey, if you want to see us less, buy/use this?” “Security is your barrier, but we have goals that we can’t reach without your help.” https://wehackpurple.com/devsecops-worst-practices-artificial-gates/  How are you seeing things...

info_outline Josh Grossman - building Appsec programs, bridging security and developer gaps show art Josh Grossman - building Appsec programs, bridging security and developer gaps

BrakeSec Education Podcast

Youtube VOD:   #appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis Questions and topics: 1. The background to the topic, why is it something that interests you? How do you convince developers to take your course? 2. What do you think the root cause of the gap is? 3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?) 4. Where do gaps begin? Is it the ‘need’ to ‘move fast’? 5. What can devs do to involve security in their process?...

info_outline Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox show art Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox

BrakeSec Education Podcast

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences and do not represent views of past, present, or future employers.   Recorded: 08 Apr 2024 Youtube VOD: https://www.youtube.com/watch?v=K8qApvsFtqw   Show Topic Summary: If you want to get in the mind of a board member, I submit to you my discussion with we did last night on . Join Mary and I as we discuss...

info_outline p2-accidentalCISO, building trust in new places show art p2-accidentalCISO, building trust in new places

BrakeSec Education Podcast

  Full Youtube VOD:       Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader.  What worked? What didn't? What would you have done differently? Do you emulate your manager's style? What have been your go-to management resources?  What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership? Topic #2: building/Operating SaaS products (we can discuss securing them, what functions...

info_outline AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec show art AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec

BrakeSec Education Podcast

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information, and do not represent views of past, present, or future employers.   Recorded: 28 Jan 2024 Youtube VOD: https://youtube.com/live/uX7odQTBkyQ Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader.  What...

info_outline 1st show of 2024! Our 10th Anniversary... show art 1st show of 2024! Our 10th Anniversary...

BrakeSec Education Podcast

It's our 10th anniversary and the first show of our 2024 season! Amanda was on "7 minute security"   Check out the complete VOD at Explicit language warning    

info_outline Brakesec Call to Action 2023 show art Brakesec Call to Action 2023

BrakeSec Education Podcast

Youtube Video:      is the link to the survey. Your information (should you choose to identify yourself) will not be shared outside of the BrakeSec Team. Thank all of you for listening and for your input. RSS feed for the audio podcast is at   website:  

info_outline
 
More Episodes

Direct Link:http://traffic.libsyn.com/brakeingsecurity/2017-025-How-GDPR-affects-US-Biz-with-Wendyck-Derbycon2017-CTF-info.mp3

 

GDPR (General Data Protection Regulation) is weighing on the minds and pocketbooks of a lot of European companies, but is the US as worried? If you read many of the news articles out there, it ranges from 'meh' to 'OMG, the sky, it is falling". GDPR will cause a lot of new issues in the way business is being done, not just in the realm of security, but in the way data is managed, maintained, catalogued, and shared.

This week we invited Ms. Wendy Everette Knox (@wendyck) to come in and discuss some of the issues that might hit companies. We also discuss how GDPR and the exit (or not) of the UK from the #European #Union will affect data holders and citizens of the UK.

If your company is preparing for the #GDPR mandate, check out the show notes for a lot of good info.

ALSO, If you are looking for a ticket to #derbycon 2017, you need to listen to this show, because it has all the info you need to get started.  The info is also in the show notes, including the form you need to post your flag information.

#RSS: www.brakeingsecurity.com/rss

Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

#iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

 

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: [email protected]

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

 

 

---Show Notes:----

 

 

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1]

 

 

Would it be better if companies stored less data, or de-anon it to the point where a breach

 

Massive fines for breaches. Usually some percentage of profits…

 

(up to 4% of annual global turnover or €20 Million (whichever is greater))

 

Under the GDPR, the Data Controller will be under a legal obligation to notify the Supervisory Authority without undue delay. The reporting of a data breach is not subject to any de minimis standard and must be reported to the Supervisory Authority within 72 hours of the data breach (Article 33).”

 

Is 72 hours for notification realistic? For massive breaches, 72 hours is just enough time to contain

 

Right to be forgotten (not realistic):

“A right to be forgotten was replaced by a more limited right to erasure in the version of the GDPR adopted by the European Parliament in March 2014.[19][20] Article 17 provides that the data subject has the right to request erasure of personal data related to them on any one of a number of grounds including non-compliance with article 6.1 (lawfulness) that includes a case (f) where the legitimate interests of the controller is overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data “

 

GDPR full text:

http://ec.europa.eu/newsroom/document.cfm?doc_id=45631

 

Good intro:

https://www.taylorwessing.com/globaldatahub/article-the-data-protection-principles-under-the-gdpr.html

 

Controversial topics:

http://www.eugdpr.org/controversial-topics.html

 

Key Changes:

http://www.eugdpr.org/key-changes.html

 

Difficulty of doing GDPR in the cloud

https://hackernoon.com/why-gdpr-compliance-is-difficult-in-the-cloud-9755867a3662

US businesses largely ignoring GDPR

http://www.informationsecuritybuzz.com/expert-comments/us-businesses-ignoring-gdpr/#infosec

 

Fears of breach cover-up (due to massive fines ‘up to 4% of profits’)

http://tech.newstatesman.com/news/gdpr-cover-ups-security

 

From the UK ICO, 12 steps to take now to prepare for GDPR https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf (has a nice infographic on p. 2)

 

https://www.auditscripts.com/

 

CTF for derby ticket

Level 1-

The internet is a big place :) I’ve hidden 3 flags out on it and it’s your job to see how many you can find. I’ll give you a few hints to start.

 

  1. Company Name = Big Bob’s Chemistry Lab
  2. There’s something illegal going on, find out what!!
  3. Submit flags here https://goo.gl/forms/iUEVHNuSYr34OZA22