ANNOUNCEMENTS: INFOSEC CAMPOUT TICKETS ARE STILL ON SALE. Go to https://www.infoseccampout.com for Eventbrite link and more information.     Part 2 of our Discussion with Chris Sanders (@chrissanders88) Topics discussed: Companies dropping existing frameworks for ATT&CK Matrix, why? Rural Technology Fund - What it is, how does it work, Who can help make it more awesome.   https://chrissanders.org/2019/05/infosec-mental-models/   I’ve argued for some time that information security is in a growing state of cognitive crisis…   Demand outweighs supply Because so many organizations need experience, they are unable to appropriately invest in entry-level jobs and devote the necessary time for internal training. That’s an HR and hiring manager issue, right? --brbr  No. --bboettcher   Information cannot be validated or trusted     There are few authoritative sources of knowledge about critical components and procedures.   Large systemic issues persist with no ability to tackle them in a large, mobilized, or strategic manner.     The industry is unable to organize or widely combat the biggest issues they face.     Groups of individuals, everyone thinking they have the ‘right answer’, just like linux flavors --brbr   https://www.fireeye.com/blog/threat-research/2015/06/caching_out_the_val.html https://www.helpnetsecurity.com/2018/07/10/windows-shimcache-threat-hunting/   Dependence on tools: http://traffic.libsyn.com/brakeingsecurity/2016-006-Moxie_vs_Mechanism-dependence_on_tools.mp3   https://en.wikipedia.org/wiki/Cognitive_revolution https://buzzmachine.com/2019/04/25/a-crisis-of-cognition/   How do we solve it?   We must thoroughly understand the processes used to draw conclusions. S.M.A.R.T.? Experts must develop repeatable, teachable methods and techniques. Educators must build and advocate pedagogy that teaches practitioners how to think. https://www.maximumfun.org/shows/sawbones - sawbones podcast (amanda mentioned)   Mental Model?     We use them all the time? Gotta simplify the complex...     Distribution and the Bell Curve     Operant Conditioning https://www.latimes.com/science/la-sci-emotional-stereotypes-about-women-20190530-story.html     The Scientific Method   Applied Models       13 Organ Systems     4 Vital Signs     10 Point Pain scale Defense in Depth OSI model Investigation Process   https://en.wikipedia.org/wiki/Inductive_reasoning   Model Desperation     Companies dumping existing models and embracing something else   The problem is that we’re model hungry and we’ll rapidly use and abuse any reasonable model that presents itself. Ultimately, we want good models because we want a robust toolbox. But, not everything is a job for a hammer and we don’t need fourteen circular saws.   What makes a good model? Simple Useful Imperfect? (wuh?)-brbr   Creating models     Begins by asking a question… (what is the weather going to look like tomorrow? --brbr)         What defines the sandwich? (kind of like “https://en.wikipedia.org/wiki/Theory_of_forms” --brbr)   Discuss the Rural Tech Fund https://twitter.com/RuralTechFund     https://ruraltechfund.org/ Practical Threat Hunting - https://twitter.com/chrissanders88/status/1133388347194454018 Practical Packet Analysis - https://nostarch.com/packetanalysis3     Suggesting books: https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 https://www.amazon.com/Undoing-Project-Friendship-Changed-Minds/dp/0393354776 More references on Chris’ site https://chrissanders.org/2019/05/infosec-mental-models/   Book Club Cult of the dead cow - June Tribe of Hackers - July The Mastermind - August The Cuckoo’s Egg - September   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.