You’ve heard it all before: “The security industry has failed.” “Developers just don’t care.” “They deserved to be breached.” These and many other overused themes are promulgated by security practitioners at conferences, in social media, and worst of all, in their day jobs. Security practitioners, particularly those new to the industry, regurgitate the same counterproductive ideas and behaviors to the extent they have become clichés. This ultimately damages our collective credibility and creates unnecessary barriers to what we are trying to accomplish. We often lack empathy and pragmatism, reverting to stereotypical one-dimensional attitudes rather than focusing on the positive outcomes we are trying to achieve. We are, at times, caricatures of ourselves. In this presentation, we will take a light-hearted look at many of these problematic themes and discuss how we as security professionals can do better.
The slides are not that useful without the narration. Here are a couple of videos.
- Closing keynote, Kaspersky Security Analyst Summit 2017 (a more concise version of this deck, which I like much better):
https://www.youtube.com/watch?v=amEczve2rPk
- Closing keynote, Countermeasure 2016 (this exact deck):
https://www.youtube.com/watch?v=1jQP1FTnd8Q
[I would also like to clarify that none of the tweets/quotes in the slides are used as examples of badness (other than the @BritishGasHelp one maybe). They simply help illustrate a particular theme. And the slides about age at the beginning are just me poking fun at myself for turning 40 -- nothing more nothing less.]