Ric Messier

Security 3.0: Looking out for the silent stakeholders

Date: This event took place live on September 28 2016

Presented by: Ric Messier

Duration: Approximately 60 minutes.

Questions? Please send email to




This webcast is no longer available to view.

Description:

Information security has long focused on looking out for the needs of the business. In the Internet age, however, businesses regularly put consumers at risk by not adequately protecting their information. Times are changing, and focusing security policies around limiting liability for the company isn't adequate. While there has been very limited liability for a business if the personal information of the consumer, the silent stakeholder, is stolen, that will soon change; the Federal Trade Commission now has the power to pursue companies that are not adequately protecting consumer information. Businesses need to adjust their perception of what they are protecting and why. Ric Messier explores the concept of risk in relation to information assets. By the end of this webcast, you'll be able to appropriately determine protections for assets that are most at risk.

Topics include:

  • Security 2.0: Policy and compliance
  • Metrics
  • Security 3.0: Understanding the landscape
  • Modern adversaries
  • Monetizing the victim
  • Data protection
  • Data loss prevention
  • Ethical obligations

About Ric Messier

Ric Messier (GCIH, GSEC, CEH, CISSP) had his first experience on a global network called the BITNET in the early 1980s. Since that time, he has been deeply involved in networking from small enterprises up to the largest Internet Service Providers. He has also got hooked on security at the same time as his experience on the BITNET, after unexpectedly exploiting a hole in a mail program on an IBM mainframe. Ric has also spent several years working on Voice Over IP solutions both at the network and the application level. His first experience with a forensic investigation was in the late 1990s and he has been involved periodically with investigations and incident response teams since then. While working at Genuity, a Tier 1 ISP in the late 1990s and early 2000s, he had regular interaction with law enforcement on their investigations. Ric was the security lead for a team of professionals working on a next generation data center at Genuity. He also lead a team developing a managed intrusion detection system offering at Genuity. After Genuity was acquired by Level 3 Communications, he provided security expertise to the implementation and use of session border controllers in their VoIP network. He spent several years performing penetration tests on the products of a leading VoIP products vendor. Ric is currently the Program Director for online Cybersecurity programs at Champlain College. In 2009, he opened his own consulting company, WasHere Consulting, Inc, and has been doing penetration testing, Web application testing, security assessments and other networking and security consulting work. This includes developing a network architecture for a large regional bank to support efforts to maintain FFIEC compliance as well as assisting with PCI assessments for other clients. He has also worked with law firms on patent research for legal efforts to monetize the patents. Recently, Ric has been teaching undergraduate and graduate classes on networking, security, programming and operating systems for Champlain College and Brandeis University. Ric has been published in Hakin9 Magazine and PenTesting Magazine, including articles on using security tools to secure environments against attack. His first book on the GIAC Security Essentials certification was published in 2013 and a book on Collaboration With Cloud Computing was published in April, 2014. He is currently working on his second book for Syngress on operating systems forensics. Currently, Ric is Program Director for Cyber Security & Digital Investigations in the Continuing Professional Studies division at Champlain College where he helps to ensure the educational offerings are keeping up with the latest trends and best practices in the security community. He also writes a blog on digital forensics and security with examples of the practical use of tools and techniques.