Tag Archives: SOC

ISACA Moscow Vulnerability Management Meetup 2018

Last Thursday, September 20th, I spoke at ISACA Moscow “Vulnerability Management” Meetup held at Polytechnic University. The only event in Moscow devoted solely to Vulnerability Management. So I just had to take part in it. 🙂

ISACA VM 2018 Alexander Leonov

The target audience of the event – people who implement the vulnerability management process in organizations and the employees of Vulnerability Management vendors. I noticed groups of people from Altex-Soft (Altx-Soft), Positive Technologies and Vulners.

It was very interesting to see such concentration of Vulnerability and Compliance Management specialists in one place. Questions from the audience were relevant and often concerned the weaknesses of competitors. 😉 Here I will make a brief overview of the reports. You can also read here about previous year event at “ISACA Moscow Vulnerability Management Meetup 2017“.

Talking about the audience, there were fewer people than last year, but still a lot:

ISACA VM 2018 auditorium small

The event was recorded. I will add video here as soon as it’s ready.

upd. Video in Russian. My presentation starts at 1:35:56

The event was conducted entirely in Russian, including all the slides. So, maybe I will make English subtitles and voiceover, at least for my part.

Continue reading

CISO Forum and the problems of Vulnerability Databases

Last Tuesday, April 24,  I was at “CISO FORUM 2020: glance to the future“. I presented there my report “Vulnerability Databases: sifting thousands tons of verbal ore”. In this post, I’ll briefly talk about this report and about the event itself.

CISO Forum 2020

My speech was the last in the program. At the same time, in a parallel stream, there was another interesting presentation by the most famous Russian information security blogger. Thus, there was a real danger of speaking in an empty room. 🙂 But everything went well. There were about 30 spectators and we had an active QA session afterwards.

As I wrote earlier, I started preparing my CyberCentral presentation several months before the event. I did not want to tell the same story again at CISO Forum and PHDays. So I prepared 2 different presentations. At CyberCentral, I was talking about Vulnerability Scanners. And at CISO Forum I was talking mainly about Vulnerable Databases. Of course, I reused some materials, but the accents were different.

Continue reading

Westworld of insecurity

Westworld is a TV show about the problems of corporate Information Security. Really.

Look, Delos Corporation actively uses legacy code, which was written 30 years ago. No one has an idea of how it works and it can not be just thrown away. Bugs, critical vulnerabilities and even backdoors appeared in core of the hosts regularly. They couldn’t be fixed and patched. In most cases only some compensatory measures were applied. And they were not applied systematically.

Continue reading