Hacking up the Chain: Stories & Tips for Communication to Bosses, VPs, and C's

Security BSides Springfield, 2017 (Drury University, Springfield, MO)- Talk 1.5 - Ben Miller - Hacking up the Chain: Stories and Tips for communication to bosses, VPs, and C's - Slides for this talk were not available, the video download links are coming soon, on the Drive below. Download the audio pocast version of this talk at https://drive.google.com/open?id=16kD-dq7f4IuX2dCoIgbEQfzSGkncBfXy Link to slides, download video and podcast versions of most other BSides Springfield talks: drive.google.com/open?id=0BxW... The podcast versions of most of the talks are also at https://soundcloud.com/securitybsides/sets/bsides-springfield-2017, and this one may also be there shortly for streaming and download (you can use the Drive link above, instead just as well) Music featured at the end and begining "Over your cities grass will grow" by Ötone (Pablo Diserens), from the label YGAM @ygam Used with permission from YGAM and the artist. Learn more about the artists and download the songs for free at soundcloud.com/ygam/sets/otone-past-structures-present-matter-ep-ygm003-1 or at the bandcamp pages linked on Soundcloud. All other audio is from the conference or the VOC team. Official Links: @BSidesSpfd www.securitybsides.com/w/page/116970567/BSidesSpfd VOC angels: @ablythe twitter.com/ablythe @cherokeejb_ twitter.com/cherokeejb_ Follow cherokeejb.blogspot.com/ for more video and audio from Springfield, as well as upcoming dfir, security operations, and forensics posts. Organizers and other volunteers included (thanks!) Beth Young Shannon McMurtrey Lorne Hazlewood Steve McIntosh Matt Stephenson Ryan Halstead Sponsors (also, a big thanks!) with special thanks to augustalocksports.org/ * @pickaugusta *Jack Henry & Associates, Inc. * Drury University * Revolutionary Seurity * Forcepoint by Raytheon * O'Reilly Media *Splunk *Motta Network Experts, Inc. *No Starch Press *IBM Other presenters: @armycyberinstitute @amaughan @c2thewinkler @securithid @sysopfb @motta_mike mnex.biz @westongeorge @sysopfb - From Ben: You know you have the right info, under the risk, and have presented your technical case to CXO or whoever. But the they don’t listen, or they sco at the need to take action before they are hacked and become another statistic! Why do exec’s and non technical not listen to you? Are they just dumb? They can’t read the news? This can be especially frustrating when they hired you to tell them about these problems in the first place! What is a hacker to do? We hack our communications, message, and delivery. I’ll present to you the hard earned knowledge of years of telling people how they will be breached and how to say it so your bosses, your VP, or your CXOs actually listen, understand the depth of the risk, and TAKE ACTION. We just want to help, and surprisingly the execs want our help. Let’s work to make sure they grok it. Here’s some of the quick wins: If you can’t measure it, it isn’t real (to them) A cool hack is not as interesting (to them), as one that demonstrably a ects The Business. Yes, most exec’s what you to understand the WHY of their plans (and want to know yours!)