Carlo Dapino

#Udemy Course on CISO strategy 

(in draft, waiting publication, June 2024)

#Cyber Security Book

Book author of "Ten Cyber Security Heads-Up"

https://www.amazon.com/gp/product/B082S5CQXK

#CISO 101 - First Year at work

 https://acklost-net.medium.com/ciso-101-lessons-1-first-day-at-work-c6e77f94a7c2

#Cyber #Security Architecture

Title: Technical Threat Matrix

Description: 

I invented a new way to score security architecture controls by attacker vectors, based on ISO/OSI layers

https://acklost.weebly.com/tech-blog/tmm-technical-threat-matrix

my slides about TTM:

• https://www.slideshare.net/CarloDapino/how-to-perform-an-infrastructure-security-gap-analysis

https://www.slideshare.net/CarloDapino/security-architecture-perform-a-gap-analysis

Transcript:

• https://medium.com/@acklost.net/how-to-perform-an-infrastructure-security-gap-analysis-e568cceae4e7

• 
  

#bugbounty #EthicalHacking

https://bugcrowd.com/acklost

https://hackerone.com/acklost

#HackTheBox #EthicalHacking

https://www.hackthebox.eu/profile/29022 

#Cyber #CISO_Advisory

Title: Not your usual 2019 cyber security forecast

Description: 

Cyber Security Strategy conversation about 2019 attack trends

https://www.linkedin.com/pulse/your-usual-2019-cyber-security-forecast-carlo-dapino/

Title: TOP 10 - Cyber Security Strategy Shortfall 2018

Description: 

An article describing the most common Cyber Security Strategy shortfall and mistakes

https://acklost.weebly.com/tech-blog/top-10-cyber-security-strategy-shortfall-2018-acklostnet

#Cyber #SecurityManagement

Title: Cyber Security Integration

Description: 

A security culture based on Risk, created asymmetric views about company security maturity, across different security functions. The paper wants to suggest an integration and re-design, based on a logical approach and well known methodologies, only moving the focus away from the risk model. 

The target of this soft talk is to show how each security function should work in concert with the rest of the organization, providing constant feeds to other security teams.The take-away of the talk should be to stimulate the readers to review collaboration across security functions and automation of input feeds and security team outputs.

https://www.slideshare.net/CarloDapino/cyber-security-integration

#Cyber #SecurityDesign

Title: Security Architecture 'R'evolution 3.0

Description: 

Identify new security architecture challenges and how IT transformation introduce new attack vectors

https://acklost.weebly.com/tech-blog/security-architecture-revolution-30

#Cyber #Compliance #PCI-DSS

Title: PCI v.3.2 Vs. OpenSource

Description: 

Approach to PCI DSS requirements by GNU/GPL open source software

http://acklost.weebly.com/tech-blog/sme_security_project-episode-1-pci-32-vs-opensource

#DFIR #IncidentResponse

Title: Proposal of a DNS TXT zone standard, to list security team contact details

Description:

I proposed a different approach to the security.txt RFC, to secure the incident response team details within a DNS TXT record, instead of a file system file published within the root directory of the webserver, diminishing the risk and enhancing the integrity of the data 

https://www.linkedin.com/feed/update/urn:li:activity:6439980839416713216

#expat #live abroad

Title: How to change country 

Description: 

Practical survival guide to country move challenges

https://medium.com/@acklost.net/how-to-change-country-practical-survival-guide-to-country-move-challenges-a06d3cecb9f3

______________________________________________________________________________________________________________________