SDL Episode86

From Paul's Security Weekly
Jump to: navigation, search

Secure Digital Life #86

Recorded on October 30, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Coming soon!

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Russell Beauchemin
    Cybersecurity & Network Security Program Advisor and Director of Instructional Support & Learning Innovation at Roger Williams University.
  • Announcements

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • One of our illustrious co-hosts, Patrick Laverty, will be co-presenting "Pentesting: Tips, Tricks and Stories" with Aaron Herndon at BSides CT 2019! Ticket sales are open until the day of the show (Saturday, November 3rd) for $20. Go to bsidesct.org to register now!
    • Join us for our Webcast with Signal Sciences entitled Which way should you shift testing in the SDLC? This webcast will be held November 8th @3-4pm EST. Go to securityweekly.com/signalsciences to register now!

    Interview: Eric Carlile, Zoom

    Eric Carlile is a Security Analyst at Zoom
    I've been working in tech for almost a decade and have been securing video communications for a little over a year.

    Eric Carlile is an Information Security Analyst with Zoom Video Communications. As you probably know, Zoom is a part of the really big video interaction marketplace with Skype, WebEx, GotoMeeting, Connect, lots of players. We all use these things all the time and I started thinking that maybe there might be some discussion around both the security of these, and behavior of people using them.
    Questions:

    1. Ok, could you tell us a little about how secure these tools really are?
    2. So, FEDRAMP then (the Federal Risk and Authorization Management Program) is a certification of cloud computing basically. Since all these tools are sitting in the cloud, how does FEDRAMP work in that context?
    3. If my enterprise is trying to really put a lot of meetings online, what kinds of hygiene should there be in place to protect these tools from local artifacts say?
    4. Some of my concerns with clients centered around the inability to actually secure online meetings and online content in three ways, 1) Just it could be captured locally and distributed, 2) How can you ensure who is actually on the other end?, and 3) Is there any way to prevent snooping/shoulder surfing type activity? How does FEDRAMP deal with this sort of thing?
    5. Could we talk a little bit about what sorts of things you should NEVER put into online meetings? Obviously, classified material and such can't really be done is this way right? Or can it?
    6. What's the best setup I can use for doing online meetings in general. I have a lot of lights and a nice mic. I hate using headphones so I usually just use mic placement to avoid any echos. What do you recommend?
    7. Finally, are there tips for behavior in these meetings? I have done a lot of these meetings and even had interviews for jobs in this format. I feel pretty comfortable with my setup and I think I usually can behave. What should we watch out for typically?