Siggi Bjarnason is a seasoned, experienced, and dedicated cybersecurity professional with decades in professional computer experience and online expertise that dates back to the early 1990s. Born in Iceland, Siggi spent much of his adult life in Seattle, Washington, where he was located near the development of a ground-breaking form of technology that would revolutionize not only the tech industry but the world as we know it.
In the early 1980s, while still a teenager, Siggi began to explore the industry just as a hobby - and by the mid-1990s he had turned that hobby into a profession. You could say that he was a pioneer in the birth of the internet when he worked as a network engineer for Microsoft during its infancy. Siggi has been online communicating and exploring since the mid-1980s, even though the first public web browser wouldn't hit the internet until 1994.
Siggi spent much of his years in the industry in various IT positions, working as a data center technician and network engineer for large internet service providers. Also, his technical abilities extend far beyond simple network engineering. Today, he is well-versed in the areas of automation, tooling, scripting, and even vendor and product selection.
Most recently, his career has been immersed in the area of cybersecurity. In 2017 while working for T-Mobile US he switched from network engineering to Cybersecurity focusing on vulnerability management in an environment with several hundred thousands nodes.
Area of Expertise
Vulnerability Management: A how-to
In this talk I will help you identify what a vulnerability management program is and what separates the good ones from the bad ones. I will go over how policies, procedures, culture, and even organizational structure plays a pivotal role in this. How this isn’t about any specific tool or periodic pen test, and how vulnerability scanning, and pen tests are actually the last thing you want to do. I will explain how asset and configuration management (CMDB) along with risk and threat modeling are way more important than any scanning tool. How you can have a way stronger security posture with a solid CMDB and no scanning tool, than you can with a scanning tool and a crappy or no CMDB. I will go over how to catalog your vulnerabilities with just a solid CMDB and some homegrown scripting. Most importantly I will discuss why the CVSS base numeric score isn’t always a good indicator of what is critical to your organization and how to figure out what is important to your org. I will also explain why doing a pen test when you are haven’t fully cataloged your vulnerabilities and remedied what is important to your organization is actually counterproductive.