Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Is security even important?" and other clickba...

Bea Hughes
September 29, 2018

"Is security even important?" and other clickbait titles

Bsides Toronto talk on whether security is actually important to business, or not.

Bea Hughes

September 29, 2018
Tweet

More Decks by Bea Hughes

Other Decks in Technology

Transcript

  1. Who's this clown? [^2] • Security Engineer at Stripe. •

    Infrastructure security at Etsy. • Infra stuff at Puppet (Labs). • Once wore shorts and skateshoes to Montreal in winter, because they're very smart. @benjammingh for Besides To 2018 2
  2. "Of course it is you idiot, I paid $2,695 for

    an RSA 4cket" @benjammingh for Besides To 2018 4
  3. Cybersecurity Market Reaches $75 Billion In 2015; Expected To Reach

    $170 Billion By 2020 @benjammingh for Besides To 2018 5
  4. • Cybersecurity Ventures predicts global cybersecurity spending will exceed $1

    trillion from 2017 to 2021 • Gartner forecasts global enterprise security spending will grow 8% to $96.3 billion I could go on... @benjammingh for Besides To 2018 7
  5. The people in security actually making money who aren't giant

    vendors @benjammingh for Besides To 2018 8
  6. • Cybercrime Damages $6 Trillion By 2021 • Global ransomware

    damage costs are predicted to exceed $5 billion in 2017 • "Ransomware: Are health systems opening bitcoin wallets?" • Verizon Data Breach InvesKgaKons Report, in case you've been living under a rock • ThreatbuP's bePer version from 2016 @benjammingh for Besides To 2018 11
  7. "The security of your data, the func3onality of your servers,

    and your confidence in Linode are extremely important to all of us." -Linode completely owned - 2016 @benjammingh for Besides To 2018 13
  8. "Earning your trust through the opera1on of a secure service

    will always be our highest priority." - Slack's breach report - 2015 @benjammingh for Besides To 2018 14
  9. "Your trust is a top priority for Target" - Message

    from Target CEO about being hella owned @benjammingh for Besides To 2018 15
  10. Uber will pay $148M to US states to se5le claims

    from 2016 breach @benjammingh for Besides To 2018 19
  11. Uber net worth: $5.9b Uber net worth - $148M: $5.752b

    @benjammingh for Besides To 2018 20
  12. Fired Uber cybersecurity chief Joe Sullivan was just hired to

    run security at start-up Cloudflare @benjammingh for Besides To 2018 23
  13. "[Intel] is off to an excellent start in the first

    half of the year and expects 2018 to be another record year" @benjammingh for Besides To 2018 27
  14. So.... No implica*ons for one of the largest and most

    ingrained vulnerabili*es in compu*ng, affec*ng pre9y much every device nearly ever made. In fact, they made more money, as they probably sold some more chips. @benjammingh for Besides To 2018 28
  15. Timing of $24 million stock sale by Intel CEO draws

    scru=ny Also note: “Security is job number one for Intel and our industry,” — Brian Krzanich @benjammingh for Besides To 2018 30
  16. "These processors are buggy as hell, and some of these

    bugs .... will ASSUREDLY be exploitable" — Theo "the people's pirate" de Raadt @benjammingh for Besides To 2018 31
  17. "Sony administrators reportedly shut down much of its worldwide network

    and disabled VPN connec;ons and Wi-Fi access in an effort to control the intrusion" "the company had told him their email systems were down and they had been told to go home because the company's networks had been hacked" This isn't even the biggest Sony breach there's been. @benjammingh for Besides To 2018 36
  18. How data breaches affect stock market share prices • "In

    the long term, share prices con4nue to rise on average" • "Larger breaches had less of an impact on share price than smaller breaches" • "The sensi4vity of breached data had a less clear impact on share price in the long term" @benjammingh for Besides To 2018 37
  19. "No security report in an M&A has ever stopped the

    sale, it's just lowered the price" — Rich Smith, 2015...ish? probably @benjammingh for Besides To 2018 40
  20. Security is a part of that, it is not all

    of that @benjammingh for Besides To 2018 44
  21. Your job is not to make everything 100% secure As

    then it would be impossible to do anything @benjammingh for Besides To 2018 47
  22. Your job is balance the risk trade- offs between your

    company being secure, and moving fast @benjammingh for Besides To 2018 48
  23. Alex Stamos • Le$ Yahoo! 2015 because of them working

    with NSA or FBI • Le$ Facebook 2018 due to, well, a lot @benjammingh for Besides To 2018 51
  24. Alex Stamos "The security team generally pushed for more disclosure

    about how na8on states had misused the site, but the legal and policy teams have priori8zed business impera8ves, said the people briefed on the ma<er." @benjammingh for Besides To 2018 52
  25. Alex Stamos So even the CSO at the top companies

    in the world, the ones who pioneer amazing security products (osquery, End to end encryp=on in WhatsApp) is not above compromise as a business unit. @benjammingh for Besides To 2018 53
  26. Ben, what doth this mean? This isn't a tale of

    them and us, this is sta2ng your job is help the business to its goals. @benjammingh for Besides To 2018 54
  27. Ben, what doth this mean? This again is not saying

    that security is unimportant or ignored, just not the be all and end all. @benjammingh for Besides To 2018 55
  28. Ben, what doth this mean? Security can be the centre

    of your world, it's not the centre of capitalism. @benjammingh for Besides To 2018 56
  29. Ben, what doth this mean? This is a good thing!

    @benjammingh for Besides To 2018 57
  30. Ben, what doth this mean? If /Dev(Sec)?Ops/ has taught us

    anything its talking and working together IS BETTER. @benjammingh for Besides To 2018 58
  31. Ben, what doth this mean? This is just a natural

    extension of this. @benjammingh for Besides To 2018 59
  32. We're done, thank the maker! Go forth and work with

    your teams and your company, not against them! @benjammingh for Besides To 2018 60
  33. • Twidder: @benjammingh • LinkedIn: lnkdin.me/p/benyeah • SpeakerDeck: speakerdeck.com/barnbarn •

    Stripe: Careers <--- Engineering blog @benjammingh for Besides To 2018 61