Skip to content ↓ | Skip to navigation ↓

picSecurity BSides Orlando is just a week away, and we wanted to take this opportunity to highlight a few of the sensational speakers the organizers of the event have lined up for this year.

Security BSides Orlando is a community driven event seeking to bring together anyone with a passion for making, breaking, or protecting.

They welcome newbies and experts, and anyone in between. Even if you don’t work in information security, you will be sure to find topics of interest at this event taking place on April 5th and 6th in Orlando.

First up is a session being presented by one of the organizers, Lee V. Mangold (@LeeMangold) titled Open Source Security: Security Poverty and the Small Enterprise, which will examine the challenges small businesses are facing in battling the increase in network security threats with minimal or non-existent security budgets.

Mangold has over fifteen experience as a computer and information security practitioner, and has built a diverse portfolio of high-tech projects and security solutions for dozens of public and private organizations, and was recently awarded an (ISC)2 ISLA award for his work with the Florida Cyber Alliance.

He currently a senior researcher, security operations manager and information assurance security officer for a US Department of Defense contractor, the vice-president of the Florida Cyber Alliance, the vice-president of the Central Florida ISSA, and a private security consultant.

Small to medium-sized businesses (SMBs) are typically falling below what many researchers have called the “security poverty line” – the need for increased security while lacking the necessary resources in both funds and skilled personell.

In this presentation, attendees will be introduced to several several free and open source security products to help secure the small business and, at a minimum, break through the security poverty line. The session will include live demonstrations that will be provided in a DVD of the talk to help those in need get started quickly.

Mangold points out that small businesses are just as much of a target for attackers as their larger counterparts, but unfortunately many are unable to afford even the cheapest of security solutions. As such, the session will be focused exclusively on free, mature, and easy-to-setup solutions for the SMB.

“This presentation is targeted towards those security and IT professionals struggling to be successful in spite of their less than adequate security budgets,” said Mangold.

“I’ve spent nearly my entire career working through this ‘security poverty’ issue. Fortunately, modern free and open source technologies are becoming mature enough to consider as enterprise replacements, at least for the small business.”

Mangold says the audience will come away with a solid arsenal of current FOSS technologies for managing and securing their networks, and that much of the presentation will be focused on live CDs, allowing the practitioner to test these technologies out very quickly.

“While individual FOSS security and administrative tools have existed for years, not all of them are mature enough to rely on,” Mangold continued. “Systems that require constant care-and-feeding will either cost too much to maintain or simply not get used, so this presentation focuses on those tools which have a focus on enterprise replacement capabilities.”

Mangold says that while it’s hard to say how FOSS tools are going to mature over time, in some cases open source tools have become the standard (such as Apache) and continue to be viable solutions. However, there is an increasing trend of migrating the development of these FOSS tools into closed-source and commercialized products.

The demonstrations in the session will be as close to real-world scenarios as possible, so attendees will walk away with a good sense of how they can apply the tools to their own networks.

“I’ll be running a virtual machine infrastructure which mimics a typical small business while applying these new tools live,” Mangold said. “The audience will get the chance to see how these tools may actually function in a real environment.”


Related Articles:



picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service  for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.


picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].


Title image courtesy of ShutterStock