Re: BlackHat and Defcon 2023

[Dominique Brezinski via Dailydave <dailydave () lists aitelfoundation org>]

On Tue, Aug 15, 2023 at 7:22 AM Matt Suiche via Dailydave <
dailydave () lists aitelfoundation org> wrote:

> The definition of "technical work" appears to vary widely across various
> clusters of our industry, including within those self-specifically
> categorized as "technical clusters." When I engage with younger
> individuals, I frequently encourage them to consider a career as a software
> engineer, where they will have the opportunity to create tools and products
> rather than merely using someone else's creations. While this may seem
> obvious, the increasing noise in the industry makes it feel, year by year,
> as though the culture is shifting towards mastering "products" rather than
> developing "skills."
>
> Ironically in the 90s many people that worked as security engineers were
simply configuring routers, firewalls, and security software. There was a
noticeable point where it became clear to really have an impact as a
security engineer required software development--whether it was creating
tools, reviewing code, or building security into products/services. And
following that many of the mastering "product" jobs disappeared in
security. Like fashion, it seems what is old becomes new again. That is
disappointing, since so many of us see exploration and creation as core
attributes of the hacker, and it feels like without hardware and software
development front and center we stray away. Sure, is finding
unintended/unknown paths through a neural network hacking? Indeed. But we
run the risk of losing understanding of the deepest layers of hardware and
software if all focus shifts to "products." Maybe this is just the
beginning of a new domain? The exploration has to start on the surface, and
eventually it will follow the holes down into the core of the matrix
(operations)?

Dom


> Well... It was fun while it lasted, thank you all for playing.
> --
> Best Regards,
> Matt Suiche
>
> *This transmission is intended only for the use of the addressee and may
> contain information that is privileged, confidential and exempt from
> disclosure under applicable law. If you are not the intended recipient, you
> are hereby notified that any dissemination, distribution or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, please notify us immediately.*
>
>
> On Mon, Aug 14, 2023 at 8:03 PM Dave Aitel via Dailydave <
> dailydave () lists aitelfoundation org> wrote:
>
> > The Vegas security conferences used to feel like diving into a river.
> > While yes, you networked and made deals and talked about exploits, you also
> > felt for currents and tried to get a prediction of what the future held. A
> > lot of this was what the talks were about. But you went to booths to see
> > what was selling, or what people thought was selling, at least.
> >
> > But it doesn't matter anymore what the talks are about. The talks are
> > about everything. There's a million of them and they cover every possible
> > topic under the sun. And the big corpo booths are all the same. People want
> > to sell you XDR, and what that means for them is a per-seat or per-IP
> > charge. When there's no differentiation in billing, there's no
> > differentiation in product.
> >
> > That doesn't mean there aren't a million smaller start-ups with tiny
> > cubicles in the booth-space, like pebbles on a beach. Hunting through them
> > is like searching for shells - for every Thinkst Canary there's a hundred
> > newly AI-enabled compliance engines.
> >
> > DefCon and Blackhat in some ways used to be more international as well -
> > but a lot of the more interesting speakers can't get visas anymore or
> > aren't allowed to talk publicly by their home countries.
> >
> > If you've been in this business for a while, you have a dreadful fear of
> > being in your own bubble. To not swim forward is to suffocate. This is what
> > drove you to sit in the front row of as many talks as possible at these two
> > huge conferences, hung over, dehydrated, confused by foreign terminology in
> > a difficult accent.
> >
> > But now you can't dive in to make forward progress. Vegas is even more of
> > a forbidding dystopia, overloaded with crowds so heavy it can no longer
> > feed them or even provide a contiguous space for the ameba-like host to
> > gather. Talks echo and muddle in cavernous rooms with the general acoustics
> > of a high school gymnasium. You are left with snapshots and fragmented
> > memories instead of a whole picture.
> >
> > For me, one such moment was a Senate Staffer, full of enthusiasm, crowing
> > about how smart the other people working on policy and walking the halls of
> > Congress were - experts and geniuses at healthcare, for example! But if our
> > cyber security policy matches our success at a health system we are doomed.
> >
> > I brought my kids this year and it helps to be able to see through the
> > chaos with new eyes. What's "cool" I asked? in the most boomery way
> > possible. Because I know Jailbreaking an AI to say bad things is not it,
> > even though it had all the political spotlights in the world focused on
> > examining the "issue".
> >
> > The more crowded the field gets, the less immersion you have. Instead of
> > diving in you are holding your palm against the surface of the water,
> > hoping to sense the primordial tube worms at the sea vents feeding on raw
> > data leagues below you. "Take me to the beginning, again" you say to them,
> > through whatever connection you can muster.
> >
> > -dave
> >
> > _______________________________________________
> > Dailydave mailing list -- dailydave () lists aitelfoundation org
> > To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
> _______________________________________________
> Dailydave mailing list -- dailydave () lists aitelfoundation org
> To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org