Tuesday, May 15, 2018

Who is "180A Consulting" and what do we do for your business?



We are a boutique Cyber Security and IT Program Management focused consulting firm with offices in Portland, OR., Austin TX. and San Diego, CA.  Working with clients in numerous business vertical markets.


We partner with clients to provide the following value:
 
We are your Cyber Security, Risk and Compliance  "Second Opinion".

  • Turn around information technology organizations that have become adversarial to the business by, business re-alignment, leadership training, mentoring and facilitation to:
    • Re-focusing the IT organization on business priorities
    • Re-focusing the IT organization on the four types of “work:
      • Business initiated IT project work
      • IT initiated project work
      • “Keep the Lights On” [KLO] activities
      • Un-planned work
  • Breaking the cycle of over promising and under delivering
  • Evangelizing to the CEO and his/her direct reports the value proposition of the “IT Program Management Office” [PMO] concept based on the work of Mr. Satish P. Subramanian
    • Assist with planning, hiring, training and ongoing support for the CEO’s direct reports via the IT PMO, focused on creating a lean, responsive, nimble IT organization with a 100% customer service satisfaction rating for internal and external business customers.
  • Analyze and recommend long term strategies for Cyber/Information Security & Compliance program automation plus integration with a focus on:
    • Global Corporation “requirements traceability” analysis and planning to manage US and International compliance framework requirements.
      • Mapping regulatory, legislative, and contractual obligations to Policies, Processes and Procedures to remake these into a vibrant cost saving and risk mitigation strategies.
      • Create an “audit artifact” validation program that integrates business, IT, Information Security and Compliance organizations to maximize effectiveness, maximize automation, minimize costs, and mage risks.
    • Data Loss Prevention / Data Leakage Prevention
      • Guide CEO’s, Boards of Directors, senior IT / Legal / Compliance and HR executive teams to gain a better understanding of Intellectual Property and Trade Secret protection risks and mitigations of those risks.
      • Facilitate and plan for long term success and minimizing employee “blowback”.
    • Risk Mitigation via “best practices” analysis:
  • Quantifying risks to key business processes, monitoring and managing those risks
  • Risk analysis and mitigation strategies
  • Risk planning strategies for BYOD systems within the corporate perimeter
  • Software Licensing compliance strategy, planning and negotiations
  • API, Web Services and Micro Service security risk analysis and management
    • DEV / SEC / OPS - effective security controls analysis and implementation
      • Using cloud and your existing SDLC methodologies as well as time proven capabilities to:
  • Minimize your software development, QA and Pipeline program risks
  • Working with software and QA team leads to reduce risk and duplication of efforts
  • Implementation of technology "service catalogs" for development teams so they are focused on business requirements and not "security stuff".
 

Friday, May 11, 2018

Artificial Intelligence, Ethics and Society




Just rambling here a bit…brainstorming…

I think as an industry, we tend to overestimate the short term gain of new technologies and under estimate the long term impacts of the same.  

 I’m not a “shinny penny” INFOSEC practitioner, not usually an early adopter, however, when it comes to “…artificial intelligence…” I think I can see the future clearly.  From a business perspective, AI will fundamentally and in a statistically significant manner change the Information Security Game in many ways.

Today, most INFOSEC defense approaches are static.  I’m a big proponent of dynamic defense but most folks I know in the industry are not.

It’s inevitable that AI will be leveraged to tilt the playing field in ways that we can’t fathom today, but we should be giving it some thought, alot of thought! …when AI based “Attack/Defend” battles come (they won’t be exploits, they’ll be like actual military combat), it’ll come on like a tidal wave, when we’re breathing a sigh of relief about repelling the next “wanna cry” variant…  it won’t be prepare for breach, it’ll be like watching two trains colliding head on, in slow motion, knowing that your family is on that train.

It will be a continuous "...relentless strike..." the Military doesn't refer to it as the "...forward edge of the battle space...(a.k.a., "meat grinder") for no reason!

There will be winners, losers and survivors…Haves and never will haves, no more have nots.

We should either be actively looking for a vendor who is preparing an AI based Attack/Defend capability or passively putting feelers out.  This will be like purchasing insurance, you hope you’ll never need it, but your eternally grateful that when you need it, you had it.

Come to think of it, why would you even trust the vendor selling you AI capabilities?  Where is the upside / profit in selling you something that will, in an autonomous manner, constantly be improving itself?  This fly's in the face of each and every current technology solution provider vendor on the planet.

Just my .02 cents worth.

Monday, May 7, 2018

...let the seller be honest...



Some key take aways from the Cambridge Analytica "event"... 

Cambridge bought data from Facebook, the onus is on Facebook to only sell what their customers/privacy agreements allow. 

Ask yourself, who is benefiting from this public blow-back? 

Cambridge's leadership team needs a communications capability transplant, give Rob Weinhold over at the Fallston Group a call, stat! 

Many entities are looking at what was brought to light about Cambridge as an indicator of a much larger problem/concern related to consumer data protection, that is a good thing. This is not so much a Cambridge problem as an industry problem. 

Want an easy, visual sense of real-time 3rd party data sharing?  

Install "Lightbeam" in your Firefox browser, let it run and watch the 3rd party data exchanges (since 12 APR 2018 I've visited 285 sites and they've shared my data with thousands of other sites), many of these sites, I've "opted out" of data sharing, tracking, etc....but the "sharing" continues none the less. 

Granted no one seems to like what Cambridge (and other company's) do or are doing with our data, but, when you opted in by not reading the privacy agreement, this is what you get. 

Caveat Emptor -- the principle that the buyer alone is responsible for checking the quality and suitability of goods before a purchase is made, sage advice.

Chris Wylie of Cambridge Analytica 

Thursday, May 3, 2018

...things that just plain work! Port Knocking...



Some times, something just does the job, so well that you have to ask yourself, "...why change..."?  

For me, the time tested methodology of "...port knocking..." is one such capability.  It just plain works! 

As a young soldier and most recently as an experienced business person and tax payer, I have to ask, why does the US Air Force hate the A-10 so much? 

Never has there been a better, more battle tested, ground support capability at such a marvelous price point? Oh wait... ground support is not a "Top Gun" kind of thing, but the most essential capability on any battlefield. 

Perhaps public outrage should reach the proportion of the Ground Troops Helmet controversy, championed by "Team Wendy"?   Your soldiers demand your support! 

Get on board America and give yourself a much needed tax cut!  Call your Congress person and tell them that America's finest DESERVE America's finest!

Team Wendy!

Air Force "slow rolling" to kill the A-10


...on being bought and sold like a slave...



Some key take away's from the Cambridge Analytica "event"...

As a consumer, don't allow yourself to be misled, this is a classic, "...shiny object..." media slight of hand con.  Ask yourself, who is benefiting from this?  

Cambridge bought data from Facebook, the onus is on Facebook to only sell what their customers/privacy agreements allow.

Cambridge's leadership team needs a communications transplant, give Rob Weinhold over at the Fallston Group a call, stat!

Many entities are looking at what was brought to light about Cambridge as an indicator of a much larger problem/concern related to consumer data protection, that is a good thing.

This is not so much a Cambridge problem as an industry problem. 

Install "Lightbeam" in your Firefox browser, let it run and watch the 3rd party data exchanges (since 12 APR 2018 I've visited 285 sites and they've shared my data with thousands of otehr sites), many of these sites, I've "opted out" of data sharing, tracking, etc....but the "sharing" continues none the less.

Granted no one seems to like what Cambridge (and other company's) do or are doing, but, When you opted in by not reading the privacy agreement, this is what you get.

Caveat Emptor -- the principle that the buyer alone is responsible for checking the quality and suitability of goods before a purchase is made, sage advice.

The Fallston Group - make the call!