DojoCon 2009 Presentation

Posted November 7th, 2009 by

For those of you who didn’t know the real purpose of DojoCon, it was to raise money and awareness for Hackers for Charity. If you like anything that is in this post, go to HFC and make a donation of time, equipment, tech support, and maybe money. If you’ve never heard of HFC because you’re not one of the “InfoSec Cool Kids”, now is your chance–go read about them.

The video of my dojocon presentation. The microphone was off for the first couple of minutes but I look pretty animated.

And then the compliance panel that I tried not to dominate:

And finally, my slides are up on slideshare:

Similar Posts:

Posted in FISMA, Speaking | 6 Comments »

6 Responses

  1.  Tweets that mention DojoCon 2009 Presentation | The Guerilla CISO -- Says:

    […] This post was mentioned on Twitter by rybolov and Dave Shackleford, TalkToanIT. TalkToanIT said: RT @SecurityBSides: RT @rybolov: I put up my DojoCon presentation, slides, and compliancy panel on my blog: […]

  2.  uberVU - social comments Says:

    Social comments and analytics for this post…

    This post was mentioned on Twitter by rybolov: I put up my DojoCon presentation, slides, and compliancy panel on my blog:

  3.  Vlad The Impaler Says:


    You have achieved a level of sarcasm and insight that few can ever hope to achieve!

    I am forever a sycophant, iof not your #1 fan.


    P.S. Nice job!

  4.  TalktoanIT Says:

    I love these slides. Thanks a lot for all your collaboration! I know for a fact the C&A process can be painful. I am learning about the process from different perspectives rather than the ISSO one. Your site has helped me a lot and I hope to keep using it as REF. I like your attitude and how in a way it could be a less painful process with collaboration. I hope to learn as much as I can from you.

    Thank You

  5.  Mark C. Wallace Says:

    I agree with what you’ve said. I find the challenge in what you haven’t said (yet).

    I looked at your layer cake model when it came out, and I didn’t understand how to use it; I now understand much better. I still don’t understand how you get from the Layer Cake to the Compliancy Bus.

    Might be interesting to examine the constraints on the two communities – the policy guy is constrained by law/regulation – but a compliancy hero can deploy the power of interpretation to triumph.

    The code guy is constrained by hardware/software and Scotty’s law. (“I canna’ make them go any faster Sair…”). His secret superpowers are architecture, genius and Jolt cola.

    The other constituency is the project manager trapped between them. PM doesn’t get any superpowers. There are rumors of secret underground lairs where mad scientists research Risk Based Security…..

    Sorry to be flippant, but what you’re describing is where I live my working life – trying to convince all parties that there is mutual value in cooperation. That given resources (time, permission, support) the code & integration folks can work a miracle. But they really prefer to know what kind of a miracle is wanted. That the auditor ultimately shares the goal of a project that (a) supports the mission and (b) is secure.

    [I’d also like you to do a separate entire presentation the Conflict of Interest issue you mention in the Q&A.]

  6.  rybolov Says:

    Hi Marc

    Part of my problem is that I get to a certain level and look around and realize that it’s hard to find people to “bounce ideas off of”. It’s like I’m right on the edge of discovering something if I have a couple more people to talk to. So yeah, it’s very much a work-in-progress.

    More to follow on the layer model and on conflicts of interest.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Visitor Geolocationing Widget: