ES Episode142

From Security Weekly Wiki
Jump to navigationJump to search

Recorded June 19, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • April Wright
    is a Preventative Security Specialist at ArchitectSecurity.org.


    Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Challenges of Healthcare Security - Bryan Warren, WarSec Security

     
    Bryan Warren is the President & Chief Consultant at WarSec Security

    Bryan Warren is President and Chief Consultant for WarSec Security, specializing in healthcare security and safety assessment and education. He holds a bachelor’s degree in Criminal Justice, an MBA with a focus on legal foundations of healthcare and has over 30 years of healthcare security and safety experience. He is a contributor to numerous publications and has served on a number of national task forces including the U.S. Centers for Disease Control and the Dept. of Health and Human Services Office of Infrastructure Protection. Bryan is a Past President of the International Association for Healthcare Security and Safety (IAHSS) and a member of several professional associations and volunteer leadership boards. In these roles he has provided numerous assessments and presentations nationally and internationally regarding security in the healthcare environment. Bryan has been named as one of the Top 20 Most Influential People in Security in the US by Security Magazine and as one of the Top 30 Voices in Healthcare Security by Forbes magazine. He has been appointed as one of the first private sector representatives in the DHS Field Liaison Officer program for intelligence sharing and analysis in the fight against terrorism and criminal activity involving US critical infrastructures and key resources and honored to be a part of the US Dept. of Health and Human Services Critical Infrastructure Protection task force on Workplace Violence and Active Shooter prevention for healthcare facilities. In 2019 Bryan was selected as the sole representative from the US Healthcare security industry at the World Institute for Nuclear Security summit to discuss strategies for improving the security of nuclear source materials in healthcare and research facilities across the globe.

    Topic: Challenges of Healthcare Security

    Segment Description:
    Security in a healthcare environment takes on many unusual aspects that other industries do not typically deal with. From patient restraints to drug diversion to the highest workplace violence rates in any US industry, healthcare is one of the most complex and challenging security environments to maintain.


    Topic: So You've Inherited Someone Else's Code? - Practical Tips

    I've spent the past few weeks updating software. I was not the primary developer, mostly I was working with other people's code. I ran into several challenges, here are some tips for when you are in this situation:

    1. Use an IDE - My project is Python, so I chose to use PyCharm. I am a hardcore Vim user, however, I use Vim emulation and it works good enough. There are several advantages to using an IDE vs. a command line text editor
      1. Variable Usage - The editor will highlight variables that are unused and those that are undefined. Handy for making updates to code you are not familiar with.
      2. Jump To Implementation and Declaration - This is super handy as you are likely not familiar with the application flow or the code base. You can right click on anything and follow it to the declaration or where it is being used.
      3. Global Search - I use this all the time to find out where functions or object references are being used. Usually to make sure I am not breaking anything and to trace back the flow of execution. You can double click on a result and it takes you to it.
      4. Inspection - There are many plugins for this, I use the built-in one. This tells me all of the errors, warnings, etc... in the code. I use this as the first step to figuring out what negative impact my code changes may have had.
    2. Logging and Exceptions - Spend some time adding additional logging and exceptions, especially around new code that you write. Often times developers will leave out logging or debugging statements once they are comfortable with the code. Go ahead and add some back in, you can always adjust them later if you are concerned about performance. Python exception handling is really neat as well.
    3. Don't Trust Logs or Comments - Logging statements and comments get stale very fast. So many times I've reviewed code, understood what it does, but the log entry or comment says it does something completely different. They cannot be trusted. Also, many developers write either no comments at all or crappy comments. Here's a tip, if you are writing anything, write good descriptive comments. It will help you as the developer, and those that follow. For tips, read Code Complete, great book!
    4. Beware Of Spelling Mistakes - In the code I am working on, there are spelling mistakes. Lots of spelling mistakes. In comments. In code. Across multiple files. Your IDE likely has a spell checker, use it. Don't leave any spelling mistakes in code! If you are making changes, be sure you are spelling it incorrectly or do a search and replace.
    5. Unit Testing - This helped me tremendously to clean-up a ton of code fast. Most languages have unit testing modules (e.g. Python unittest). This allows you to automatically test your code, and more importantly someone else's.


    Enterprise News