Cyber security for the real world: OpSec

Marc Blackmer

There’s what you learn in books, and what you learn from experience. Sometimes they match up. Other times, not so much. This is why getting as hands-on with real-world examples is a big focus for us. And for our next Worcester event (ORH v2019.1), we’re bringing in a new element to the Treasure Hunt related to opsec.

So, what exactly is opsec?

It’s short for operational security, and like many terms in cyber security, it has a military origin. In the context of cyber security, it basically means not sharing, intentionally or otherwise, what you don’t want the rest of the Internet to know. For example, excited parents sharing photos of their kids’ shiny new driver’s license? Bad opsec. The license has those kids’ home addresses on them, for one. Driver’s license numbers could also be used for identity theft, such as creating a fake license with a kid’s real info to open a student credit card, perhaps.

Now, take a look at this photo that a (fictitious) employee submitted online for a Messy Desk Makeover contest run by a legit (fictitious) company. Just by this one photo, what could you learn about this person? What’s the employee’s name? What training did this employee complete? What could you learn about the employee’s reading habits that you could then use to create a spear phishing attack?


About Marc Blackmer

Marc is the founder of 1NTERRUPT and has been in the IT and cybersecurity fields since 1998. He is a product marketing manager for industry solutions in Cisco Systems' Security Business Group, focusing on cybersecurity for industrial control systems (ICS) and the Internet of Things (IoT). He also blogs on IoT security on behalf of Cisco at www.securityledger.com.
See all posts by Marc Blackmer