earlier this month i presented at my local infragard chapter.
the title of the presentation was “defense in depth: raising the bar”, and it focused on the NSA’s secure computing iniative, high assurance platform (HAP).
the goal of the presentation was more about talking points, discussion, and ideas about what security will look like tomorrow and where we, as the security community, should be leading our organizations. point blank i would say that HAP is not for everyone, but there are certain aspects that i think we can all learn from.
also, one point that was brought out that i thought was interesting was “this HAP stuff is way too much, who could really use this”? i certainly imagine that comment was heard when defense in depth began to be pushed by the NSA 10 years ago (see “we already have a firewall, why would we need to add X product?”)
it may or may not be the way of the future, but it was an interesting infragard discussion!
here is the presentation:
and here is where i got my information:
also, this is a video about HAP in action. its a bit drawn out, but it does lay out the situation nicely (albeit in a *very* vanilla fashion):