Dailydave mailing list archives
Re: Offense, Defense (& hard things)
From: Waqas Ali <waqas.bsquare () gmail com>
Date: Mon, 13 Apr 2015 19:24:43 +0500
Great talk. The things you mentioned are indeed hard but some of the most obvious ones can't be solved through technical means ("box with blinking lights" is a case in point). Our agenda for IS has been set by vendors from the beginning. Initially it was AV, then they shifted to IDS/IPS, then again to the endpoint security and now there are "inline AVs" as you put it. This back and forth game is going for so long since it profits the vendor and most of the time a few people within the Enterprise. The really smart folks are always Technical and don't make it too far up the organogram within a common organization. The shortage of resources you mentioned, IMHO academia is a big culprit here. The people they churn out each year are more of philosophers than computer scientists (quote stolen from one of NSA's slides). Every profession needs on the job training but in case of IS the training required is so long by the time they are ready, one of their colleagues have moved to other places. The problem of offensive-centric talks and "wow" factor will remain with us I think. It is not our exclusive problem. Unfortunately people are always fascinated by attacks and not so much by defense. For example, Gerard_Piqué won't be as famous as Christiano Ronaldo even though the former played a more important role in winning the world cup for Spain. I don't think we can get rid of this mentality any time soon. In short, a brilliant talk. Thanks a lot for all the efforts you are putting to make things a little clear for the lost souls like me. On Thu, Apr 9, 2015 at 11:31 PM, Haroon Meer <haroon () thinkst com> wrote:
Hi all This bounced about a bit on the twitters, but someone suggested I share it here: At Troopers15 I did a spot of navel-gazing under the title: "the hard thing about the hard things" The talk touches on some problems that we think slip under the radar (and some problems that we think are worth aiming at). Amongst other things, it aims to encourage more people to try their hands at playing Defense. The video of the talk is on YouTube here: https://www.youtube.com/watch?v=rarpym8JJXQ With slides available on our site here: http://thinkst.com/stuff/troopers15/thinkst-troopers-2015-no-notes.pdf Thoughts, comments, feedback (and muzzled ferrets?) are always welcome. /mh Ps. The talk leans heavily on quotes from smarter folks like Halvar, Dan Geer, Dino Dai Zovi & Brian Snow (so at least some parts of it are guaranteed to be worth listening to!) __ Haroon Meer http://thinkst.com/pgp/haroon.txt _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Offense, Defense (& hard things) Haroon Meer (Apr 13)
- Re: Offense, Defense (& hard things) Andreas Lindh (Apr 13)
- Re: Offense, Defense (& hard things) Waqas Ali (Apr 13)