IOActive Business Development Manager, Jessica Weiland, will present at this year’s BSides Harrisburg taking place on April 25 in Harrisburg, PA. Jessica’s talk, “Shut the Front Door: Forming Attack Profiles from Risky Hiring Practices,” focuses on the amount of information that is exposed when doing job postings while hiring. You can find the abstract to the talk below.
ABSTRACT:
This presentation is a novel way to look at the “open windows” that job listings provide to cyber criminals to profile a business from an attack perspective. From open windows to creaky back doors, a conversation needs to be had about the do’s and don’ts of what our teams include as we search for new talent to join our teams.
I have spent enough time using companies job postings to do my own version of OSINT, to create a cyber blueprint that reveals where there might be gaps or vulnerabilities in a company’s tech stack, where there are resource gaps, & how your program might be immature and primed for someone to slip past your defenses and take up residency in your systems.
In my presentation we will look at job postings across US businesses, examine the doors, windows, and disabled security systems (do they have a dog? is it a Chihuahua or a Doberman) that the data suggests, and use it to profile the company and the level of risk that the posting reveals. We will also open the conversation to “how we do better” without loosing the technical hiring requirements.