Profile

Cover photo
Gabriel Bassett
129 followers|140,527 views
AboutPostsPhotos

Stream

Gabriel Bassett

Shared publicly  - 
 
The role of Pen Testing / Vuln Hunting in Information Security
Intro At a security conference, ask someone in attendance what they do.  More than likely they are a consultant, either doing penetration testing, vulnerability hunting or both.  Penetration testing and vulnerability hunting are mainstays of security testin...
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
Hybrid Cybers
At the Women in Cyber Security Conference , someone posted a slide title " The Rise of the Cyber-Hybrid ".  The concept was that to advance and develop in cyber security, people needed multiple disparate skills (policy, law, regulatory, interpersonal skills...
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
Is Your Objective Risk Assessment Methodology Really Objective? Really?
Introduction I hear a lot about Risk Assessment Methodologies (RAMs) and making risk assessment objective these days.  Let me pass on some lessons learned in a previous attempt to make risk objective. Bucketing Most organizations that attempt to make risk o...
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
Make Your Own DBIR Charts!
Today starts a four blog series on making your own DBIR charts.  Learn about the tools and processes to go from your excel file of incidents to the charts in the Verizon DBIR ! Make Your Own DBIR Charts! Part 1 of 4: The tools! Make Your Own DBIR Charts! Pa...
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
Verum: How Skynet started as an attack graph (bSides Las Vegas 2015)
Tuesday, I spoke at bSides Las Vegas in a talk titled Verum: How Skynet started as a context graph.  I covered a two things in the talk:  First, what the problem infosec defense is dealing with is.  Second, A machine learning algorithm and implementation ca...
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
Twitter for Infosec
While a lot of people discuss infosec on Twitter and in other forums, they are dwarfed by the number of people who work in infosec but do not participate in the community.  This blog, Twitter for Infosec , is for all those people working in infosec who have...
1
Add a comment...
In his circles
183 people
Have him in circles
129 people
Jen Olofson's profile photo
Scott Marconnet's profile photo
Joseph Ho's profile photo
Bhaskar Karambelkar's profile photo
Morgan Lee Kestner's profile photo
Christian W Probst's profile photo
Josh Corlew's profile photo
Geoffrey Babb's profile photo
Sun Pak's profile photo

Gabriel Bassett

Shared publicly  - 
 
Alexi Hawk's Impossible Data Set
As the author of the only unsolved puzzle in the DBIR Cover Challenge this year, I figured I should provide a bit of a write up.  I'll apologize to all of the cover challenge participants as it's quite literally 10 lines of code to solve,  only two of which...
As the author of the only unsolved puzzle in the DBIR Cover Challenge this year, I figured I should provide a bit of a write up. I'll apologize to all of the cover challenge participants as it's quite literally 10 lines of c...
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
Of Course the Network Diagrams are Bad!
As security professionals we know network diagrams are critical to providing security.  It's the top control in the SANS CIS CSC top 20 controls . Yet, almost every organization we go to has network diagrams that are convoluted, out-of-date, missing things,...
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
Apprenticeship and Infosec
So how do you learn to be an infosec professional? Honestly, most of the leaders in the field these days were the stuckie, (i.e. the guy who didn't say "not it" quick enough), in the office when a security person was needed. While infosec academic programs ...
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
No Average Breach Timeline
Over at the Verizon Security Blog , I just published a  new post: Incident Discovery and Containment : Average is Over .  In it I explain a little bit about discovery and containment times of incidents and breaches in the DBIR.  One big caveat, this isn't j...
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
Internal vs External Breach Detection
You may not believe this, but there's some serious differences between breaches discovered internally versus externally.  You can see them over on my new blog about it at the Verizon security blog !
1
Add a comment...

Gabriel Bassett

Shared publicly  - 
 
DBIR The Missing Section: Phishing
Go check out my new blog at the Verizon security blog :   DBIR The Missing Section: Phishing -   TL:DR - Yeah, lots of espionage and criminal activity for financial gain and stealing secrets.  But what's surprising is exfiltration takes days, so even though...
1
Add a comment...
People
In his circles
183 people
Have him in circles
129 people
Jen Olofson's profile photo
Scott Marconnet's profile photo
Joseph Ho's profile photo
Bhaskar Karambelkar's profile photo
Morgan Lee Kestner's profile photo
Christian W Probst's profile photo
Josh Corlew's profile photo
Geoffrey Babb's profile photo
Sun Pak's profile photo
Basic Information
Gender
Male
Work
Occupation
Information Security
Links