===== JOIN the HACKERverse ARMY =====
===== OUR SPONSORS ===================
Real-Time Hands-On Self-Service POV’s of Cybersecurity products
Immerse yourself in the HACKERverse
Kim Crawley, https://www.linkedin.com/in/kimcrawley/ … CR0Wg1rl … “Mistress of the Dark Web”
Mariana Padilla, https://www.linkedin.com/in/heretoshakeshitup/ … R0z13 … “QU33N of Disruption”
Craig Ellrod, https://www.linkedin.com/in/craigellrod/ … SURFd4wg … “K1NGpwn of the HACKERverse”
Our illustrious Guest today:
Patrick Munch, CISO at Mondoo
At Mondoo, they focus on providing their hacker knowledge into Security as Code (SECaC)
Transfer Hacker Knowledge into Security as Code.
Patrick and his team noticed early on that industry tools were investing too much in detection, which is too late.
They believe in shifting left to do more prevention.
Its a cat and mouse game between hackers and tools for protection.
At Mondoo they dig deeper into why the hack happened, and create Policy as Code and Security as Code to fix it.
At Mondoo they believe that Cybersecurity needs to be more data driven, not so much report driven.
With report driven, you don’t have the data about where the fix needs to take place, just a report.
Data driven allows us to query multiple times and identify where the holes are, so we can fix them.
Mondoo is based on a GraphQL API that allows a Google like search into your infrastructure.
Policy as Code, Security as Code are two main threads at Mondoo.
Lets take Policy as Code – Can be formulated into a YAML definition file, for example that both humans and computers can read, it makes it clear to all sides of the business, CISOs and Developers for example – it is a common place for communicating how to enforce security.
Also, can take security rules from a business perspective and convert them to security rules for developers to implement.
Policy as Code melds the nuances of Business policy with Technical Security Policy.
With the Mondoo tools and methodology, organizations can shift left and do more on the prevention side of Cybersecurity.
Mondoo is going to RSA! Come to their booth #0251.
On a personal level, Patrick loves to hack, using Mikikatz and Metasploit.
Open Source Projects:
AN effort by Patrick and team to automate security in tandem with devops automation by providing cookbooks and playbooks. They use the same tools after all, Ansible, Chef, Puppet, Terraform.
#ANSIBLE #CHEF #PUPPET #TERRAform