"Is security even important?" and other clickbait titles

Transcript

1. Besides To. (these will be up at SpeakerDeck.com/barnbarn a8er the

   show) @benjammingh for Besides To 2018 1

2. Who's this clown? [^2] • Security Engineer at Stripe. •

   Infrastructure security at Etsy. • Infra stuff at Puppet (Labs). • Once wore shorts and skateshoes to Montreal in winter, because they're very smart. @benjammingh for Besides To 2018 2

3. “IS SECURITY EVEN IMPORTANT?" AND OTHER CLICKBAIT TITLES @benjammingh for

   Besides To 2018 3

4. "Of course it is you idiot, I paid $2,695 for

   an RSA 4cket" @benjammingh for Besides To 2018 4

5. Cybersecurity Market Reaches $75 Billion In 2015; Expected To Reach

   $170 Billion By 2020 @benjammingh for Besides To 2018 5

6. Again, real Freedom Dollars. @benjammingh for Besides To 2018 6

7. • Cybersecurity Ventures predicts global cybersecurity spending will exceed $1

   trillion from 2017 to 2021 • Gartner forecasts global enterprise security spending will grow 8% to $96.3 billion I could go on... @benjammingh for Besides To 2018 7

8. The people in security actually making money who aren't giant

   vendors @benjammingh for Besides To 2018 8

9. The criminals! @benjammingh for Besides To 2018 9

10. @benjammingh for Besides To 2018 10

11. • Cybercrime Damages $6 Trillion By 2021 • Global ransomware

    damage costs are predicted to exceed $5 billion in 2017 • "Ransomware: Are health systems opening bitcoin wallets?" • Verizon Data Breach InvesKgaKons Report, in case you've been living under a rock • ThreatbuP's bePer version from 2016 @benjammingh for Besides To 2018 11

12. So [cyber] security is a very serious business @benjammingh for

    Besides To 2018 12

13. "The security of your data, the func3onality of your servers,

    and your confidence in Linode are extremely important to all of us." -Linode completely owned - 2016 @benjammingh for Besides To 2018 13

14. "Earning your trust through the opera1on of a secure service

    will always be our highest priority." - Slack's breach report - 2015 @benjammingh for Besides To 2018 14

15. "Your trust is a top priority for Target" - Message

    from Target CEO about being hella owned @benjammingh for Besides To 2018 15

16. "Security is (our|a) (top|number one) priority at $company" @benjammingh for

    Besides To 2018 16

17. How serious? @benjammingh for Besides To 2018 17

18. Uber serious! @benjammingh for Besides To 2018 18

19. Uber will pay $148M to US states to se5le claims

    from 2016 breach @benjammingh for Besides To 2018 19

20. Uber net worth: $5.9b Uber net worth - $148M: $5.752b

    @benjammingh for Besides To 2018 20

21. @benjammingh for Besides To 2018 21

22. Did Uber throw its CSO under the bus? @benjammingh for

    Besides To 2018 22

23. Fired Uber cybersecurity chief Joe Sullivan was just hired to

    run security at start-up Cloudflare @benjammingh for Besides To 2018 23

24. Intel @benjammingh for Besides To 2018 24

25. @benjammingh for Besides To 2018 25

26. @benjammingh for Besides To 2018 26

27. "[Intel] is off to an excellent start in the first

    half of the year and expects 2018 to be another record year" @benjammingh for Besides To 2018 27

28. So.... No implica*ons for one of the largest and most

    ingrained vulnerabili*es in compu*ng, affec*ng pre9y much every device nearly ever made. In fact, they made more money, as they probably sold some more chips. @benjammingh for Besides To 2018 28

29. Intel CEO Brian Krzanich Resigns... @benjammingh for Besides To 2018

    29

30. Timing of $24 million stock sale by Intel CEO draws

    scru=ny Also note: “Security is job number one for Intel and our industry,” — Brian Krzanich @benjammingh for Besides To 2018 30

31. "These processors are buggy as hell, and some of these

    bugs .... will ASSUREDLY be exploitable" — Theo "the people's pirate" de Raadt @benjammingh for Besides To 2018 31

32. Intel CEO Brian Krzanich Resigns... ... over rela)onship with employee

    @benjammingh for Besides To 2018 32

33. Sony (Pictures) @benjammingh for Besides To 2018 33

34. Sony Pictures got a bit owned @benjammingh for Besides To

    2018 34

35. @benjammingh for Besides To 2018 35

36. "Sony administrators reportedly shut down much of its worldwide network

    and disabled VPN connec;ons and Wi-Fi access in an effort to control the intrusion" "the company had told him their email systems were down and they had been told to go home because the company's networks had been hacked" This isn't even the biggest Sony breach there's been. @benjammingh for Besides To 2018 36

37. How data breaches affect stock market share prices • "In

    the long term, share prices con4nue to rise on average" • "Larger breaches had less of an impact on share price than smaller breaches" • "The sensi4vity of breached data had a less clear impact on share price in the long term" @benjammingh for Besides To 2018 37

38. @benjammingh for Besides To 2018 38

39. Other, different, examples @benjammingh for Besides To 2018 39

40. "No security report in an M&A has ever stopped the

    sale, it's just lowered the price" — Rich Smith, 2015...ish? probably @benjammingh for Besides To 2018 40

41. "So what are you saying Benjamin?" @benjammingh for Besides To

    2018 41

42. Security is unlikely the most important thing your company does

    @benjammingh for Besides To 2018 42

43. Shipping/selling product is probably more important @benjammingh for Besides To

    2018 43

44. Security is a part of that, it is not all

    of that @benjammingh for Besides To 2018 44

45. Security informs and advises the business @benjammingh for Besides To

    2018 45

46. Security as a business unit, IS a compromise @benjammingh for

    Besides To 2018 46

47. Your job is not to make everything 100% secure As

    then it would be impossible to do anything @benjammingh for Besides To 2018 47

48. Your job is balance the risk trade- offs between your

    company being secure, and moving fast @benjammingh for Besides To 2018 48

49. Examples: Alex Stamos @benjammingh for Besides To 2018 49

50. Examples: Alex Stamos @benjammingh for Besides To 2018 50

51. Alex Stamos • Le$ Yahoo! 2015 because of them working

    with NSA or FBI • Le$ Facebook 2018 due to, well, a lot @benjammingh for Besides To 2018 51

52. Alex Stamos "The security team generally pushed for more disclosure

    about how na8on states had misused the site, but the legal and policy teams have priori8zed business impera8ves, said the people briefed on the ma<er." @benjammingh for Besides To 2018 52

53. Alex Stamos So even the CSO at the top companies

    in the world, the ones who pioneer amazing security products (osquery, End to end encryp=on in WhatsApp) is not above compromise as a business unit. @benjammingh for Besides To 2018 53

54. Ben, what doth this mean? This isn't a tale of

    them and us, this is sta2ng your job is help the business to its goals. @benjammingh for Besides To 2018 54

55. Ben, what doth this mean? This again is not saying

    that security is unimportant or ignored, just not the be all and end all. @benjammingh for Besides To 2018 55

56. Ben, what doth this mean? Security can be the centre

    of your world, it's not the centre of capitalism. @benjammingh for Besides To 2018 56

57. Ben, what doth this mean? This is a good thing!

    @benjammingh for Besides To 2018 57

58. Ben, what doth this mean? If /Dev(Sec)?Ops/ has taught us

    anything its talking and working together IS BETTER. @benjammingh for Besides To 2018 58

59. Ben, what doth this mean? This is just a natural

    extension of this. @benjammingh for Besides To 2018 59

60. We're done, thank the maker! Go forth and work with

    your teams and your company, not against them! @benjammingh for Besides To 2018 60

61. • Twidder: @benjammingh • LinkedIn: lnkdin.me/p/benyeah • SpeakerDeck: speakerdeck.com/barnbarn •

    Stripe: Careers <--- Engineering blog @benjammingh for Besides To 2018 61