Re: Offense, Defense (& hard things)

[Waqas Ali <waqas.bsquare () gmail com>]

Great talk. The things you mentioned are indeed hard but some of the most
obvious ones can't be solved through technical means ("box with blinking
lights" is a case in point).

Our agenda for IS has been set by vendors from the beginning. Initially it
was AV, then they shifted to IDS/IPS, then again to the endpoint security
and now there are "inline AVs" as you put it. This back and forth game is
going for so long since it profits the vendor and most of the time a few
people within the Enterprise. The really smart folks are always Technical
and don't make it too far up the organogram within a common organization.

The shortage of resources you mentioned, IMHO academia is a big culprit
here. The people they churn out each year are more of philosophers than
computer scientists (quote stolen from one of NSA's slides). Every
profession needs on the job training but in case of IS the training
required is so long by the time they are ready, one of their colleagues
have moved to other places.

The problem of offensive-centric talks and "wow" factor will remain with us
I think. It is not our exclusive problem. Unfortunately people are always
fascinated by attacks and not so much by defense. For example, Gerard_Piqué
won't be as famous as Christiano Ronaldo even though the former played a
more important role in winning the world cup for Spain. I don't think we
can get rid of this mentality any time soon.

In short, a brilliant talk. Thanks a lot for all the efforts you are
putting to make things a little clear for the lost souls like me.

On Thu, Apr 9, 2015 at 11:31 PM, Haroon Meer <haroon () thinkst com> wrote:

> Hi all
>
> This bounced about a bit on the twitters, but someone suggested I share it
> here: At Troopers15 I did a spot of navel-gazing under the title: "the hard
> thing about the hard things"
>
> The talk touches on some problems that we think slip under the radar (and
> some problems that we think are worth aiming at). Amongst other things, it
> aims to encourage more people to try their hands at playing Defense.
>
> The video of the talk is on YouTube here:
> https://www.youtube.com/watch?v=rarpym8JJXQ
>
> With slides available on our site here:
> http://thinkst.com/stuff/troopers15/thinkst-troopers-2015-no-notes.pdf
>
> Thoughts, comments, feedback (and muzzled ferrets?) are always welcome.
>
> /mh
>
> Ps. The talk leans heavily on quotes from smarter folks like Halvar, Dan
> Geer, Dino Dai Zovi & Brian Snow (so at least some parts of it are
> guaranteed to be worth listening to!)
>
> __
> Haroon Meer
> http://thinkst.com/pgp/haroon.txt
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave