Cyber Security

Recently, I was asked to present to mobile operators in Malaysia on the topic of IPv6 security. As Malaysia is currently considering regulatory requirements to move to IPv6 some of the operators are struggling with being able to understand the security implications of moving to this new protocol.

The key aspects of my talk {which I am attach below} basically consider the following:
1. Create and maintain an ISMS
2. Threat Model all solutions options for architectural changes
3. Monitor at 6to4 for signs of suspicious activity
4. Evaluate security vendors for ability to monitor IPV6 traffic
5. Don’t let the vendors push you around. If they want your money they need to add the security features you want.
6. Evaluate all technology prior to deployment including technical assessments of the each device and platform being introduced to the network.
7. Ensure your lab is stocked with attack code and toolkits
8. Train, train, train your staff to be comfortable with v6
9. Understand we are still learning and will be for a while. Don’t be afraid to discuss your issues with your competitors because I can tell you they are experiencing the same issues.

Thanks again to MCMC for inviting me to share my knowledge. I look forward to visiting Kuala Lumpur again soon.


Presentation: IPv6 Security Best Practices – Oct 20_2015_v1

Over the past few months, we have been working with the Chang School at Ryerson to develop a one day seminar on cyber security. The goal is to get more executives and board members comfortable talking about security and ensuring they have strong security strategies regardless of sector. The staff at Ryerson have been great at supporting our ideas and concepts and are helping this course become a reality. From an educational perspective, these are the key aspects that will be discuss during the session:

  1. Principles of a Cyber Security Strategy
  2. A Case Study
  3. Implementing a Risk Management Process
  4. Preparing for a Breach including a drafting a Breach and Cyber Security Playbook

There will be lots of open discussions and examples on these topics and you can pick my brain on these issues specific to your company or sector. I am looking forward to spending the day exchanging, learning and sharing. Bring your questions and problems and I hope to see you on Sept.24th. More details to the course and registration are located here


Faud Khan