• Save
SecTor 2008 - Security Heretic: We're Doing It Wrong
Upcoming SlideShare
Loading in...5
×
 

SecTor 2008 - Security Heretic: We're Doing It Wrong

on

  • 685 views

Security Heretic: We're Doing It Wrong - James Arlen...

Security Heretic: We're Doing It Wrong - James Arlen

Information and Computer Security is a multi-million dollar business. I am part of that business. And it's wrong. An industry that was started with the highest of ideals, the most pure of motives has deteriorated into a crass, commercial race-to-the-bottom. Or at least it feels that way most of the time. In this presentation, a security heretic will outline a very personal journey through the meat-grinder of the information security industry and will ask you to join in this interactive discussion and walk through some critical self-analysis, some harsh criticism, some ludicrous stories, and hopefully exact the answers you need as you work through your own crises of faith in your career in Information and Computer Security.

Statistics

Views

Total Views
685
Views on SlideShare
682
Embed Views
3

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 3

http://www.slideshare.net 2
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SecTor 2008 - Security Heretic: We're Doing It Wrong SecTor 2008 - Security Heretic: We're Doing It Wrong Presentation Transcript

    • Security Heretic: We’re Doing It Wrong James Arlen aka Myrcurial SecTor 2008 October 8, 2008
    • Hi. 2008-10-08 Security Heretic: We're Doing It Wrong 2
    • Great title huh? 2008-10-08 Security Heretic: We're Doing It Wrong 3
    • Disclaimer: I am actively employed in the Infosec industry, but not authorized to speak on behalf of my employer. 2008-10-08 Security Heretic: We're Doing It Wrong 4
    • Disclaimer: I am actively* employed in the Infosec industry, but not authorized to speak on behalf of my employer. * (I hope…) 2008-10-08 Security Heretic: We're Doing It Wrong 5
    • Disclaimer (2): I am going to say some startling things. There are no sacred entities when the heretic starts ranting. 2008-10-08 Security Heretic: We're Doing It Wrong 6
    • Disclaimer (3): If you are easily offended, you might want to get yourself a cool compress or some sort of smelling salts, it’s going to be a stressful hour. 2008-10-08 Security Heretic: We're Doing It Wrong 7
    • Heretic Her"e*tic, n. [L. haereticus, Gr. ? able to choose, heretical, fr. ? to take, choose: cf. F. h['e]r['e]tique. See Heresy.] 1. One who holds to a heresy; one who believes some doctrine contrary to the established faith or prevailing religion. Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc. 2008-10-08 Security Heretic: We're Doing It Wrong 8
    • I’m tired of looking silly. 2008-10-08 Security Heretic: We're Doing It Wrong 9
    • 2008-10-08 Security Heretic: We're Doing It Wrong 10
    • Really tired. 2008-10-08 Security Heretic: We're Doing It Wrong 11
    • Security “Industry” = 2008-10-08 Security Heretic: We're Doing It Wrong 12
    • We can change that. 2008-10-08 Security Heretic: We're Doing It Wrong 13
    • We can change that. We can fix that. 2008-10-08 Security Heretic: We're Doing It Wrong 14
    • We can change that. We can fix that. But it’s going to really irritate people. 2008-10-08 Security Heretic: We're Doing It Wrong 15
    • We can change that. We can fix that. But it’s going to really irritate people. In a good way. 2008-10-08 Security Heretic: We're Doing It Wrong 16
    • The Past 2008-10-08 Security Heretic: We're Doing It Wrong 17
    • "Those that fail to learn from history, are doomed to repeat it." - Winston Churchill 2008-10-08 Security Heretic: We're Doing It Wrong 18
    • Information Security » Confidentiality » Integrity » Availability 2008-10-08 Security Heretic: We're Doing It Wrong 19
    • Julius Caesar: Mr. Confidentiality 2008-10-08 Security Heretic: We're Doing It Wrong 20
    • Sumer: Integrity 2008-10-08 Security Heretic: We're Doing It Wrong 21
    • Jewish Scribes: Availability 2008-10-08 Security Heretic: We're Doing It Wrong 22
    • » Guilds » Seals » Obfuscation » Physical security 2008-10-08 Security Heretic: We're Doing It Wrong 23
    • Computer Security 2008-10-08 Security Heretic: We're Doing It Wrong 24
    • » Theories » 1970s » Multics » US Military » Cambridge University » Research Microkernels 2008-10-08 Security Heretic: We're Doing It Wrong 25
    • The Religion 2008-10-08 Security Heretic: We're Doing It Wrong 26
    • Religion Re*li"gion (r[-e]*l[i^]j"[u^]n), n. [F., from L. religio; cf. religens pious, revering the gods, Gr. 'ale`gein to heed, have a care. Cf. Neglect.] 4. Strictness of fidelity in conforming to any practice, as if it were an enjoined rule of conduct. [R.] Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc. 2008-10-08 Security Heretic: We're Doing It Wrong 27
    • Best Practices 2008-10-08 Security Heretic: We're Doing It Wrong 28
    • Common Practices 2008-10-08 Security Heretic: We're Doing It Wrong 29
    • Habitual Responses 2008-10-08 Security Heretic: We're Doing It Wrong 30
    • Insanity: doing the same thing over and over again and expecting different results. - Albert Einstein 2008-10-08 Security Heretic: We're Doing It Wrong 31
    • 2008-10-08 Security Heretic: We're Doing It Wrong 32
    • 2008-10-08 Security Heretic: We're Doing It Wrong 33
    • Proselytize Pros"e*ly*tize, v. t. [imp. & p. p. proselytized; p. pr. & vb. n. Proselytizing.] To convert to some religion, system, opinion, or the like; to bring, or cause to come, over; to proselyte. Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc. 2008-10-08 Security Heretic: We're Doing It Wrong 34
    • 2008-10-08 Security Heretic: We're Doing It Wrong 35
    • 2008-10-08 Security Heretic: We're Doing It Wrong 36
    • 2008-10-08 Security Heretic: We're Doing It Wrong 37
    • 2008-10-08 Security Heretic: We're Doing It Wrong 38
    • 2008-10-08 Security Heretic: We're Doing It Wrong 39
    • 2008-10-08 Security Heretic: We're Doing It Wrong 40
    • 2008-10-08 Security Heretic: We're Doing It Wrong 41
    • How many CPE hours will you gain for questioning your religion? 2008-10-08 Security Heretic: We're Doing It Wrong 42
    • 2008-10-08 Security Heretic: We're Doing It Wrong 43
    • 2008-10-08 Security Heretic: We're Doing It Wrong 44
    • Actually, I’m claiming this presentation as CPE hours. You should too. 2008-10-08 Security Heretic: We're Doing It Wrong 45
    • Sshhhhh… Maybe they won’t notice the topic. 2008-10-08 Security Heretic: We're Doing It Wrong 46
    • The Vendors 2008-10-08 Security Heretic: We're Doing It Wrong 47
    • Professional Services 2008-10-08 Security Heretic: We're Doing It Wrong 48
    • Hardware and Software 2008-10-08 Security Heretic: We're Doing It Wrong 49
    • Pundits and the Media 2008-10-08 Security Heretic: We're Doing It Wrong 50
    • The Dogma 2008-10-08 Security Heretic: We're Doing It Wrong 51
    • Dogma Dog"ma, n.; pl. E. Dogmas, L. Dogmata. [L. dogma, Gr. ?, pl. ?, fr. ? to think, seem, appear; akin to L. decet it is becoming. Cf. Decent.] 3. A doctrinal notion asserted without regard to evidence or truth; an arbitrary dictum. Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc. 2008-10-08 Security Heretic: We're Doing It Wrong 52
    • The iPod Data Thief 2008-10-08 Security Heretic: We're Doing It Wrong 53
    • The Complex Password 2008-10-08 Security Heretic: We're Doing It Wrong 54
    • “Blood on the Walls” Metrics 2008-10-08 Security Heretic: We're Doing It Wrong 55
    • The answer is “No” 2008-10-08 Security Heretic: We're Doing It Wrong 56
    • No Personal Use 2008-10-08 Security Heretic: We're Doing It Wrong 57
    • I’m only responsible for logical security 2008-10-08 Security Heretic: We're Doing It Wrong 58
    • The Renaissance 2008-10-08 Security Heretic: We're Doing It Wrong 59
    • Individual Contributions 2008-10-08 Security Heretic: We're Doing It Wrong 60
    • Research and Development 2008-10-08 Security Heretic: We're Doing It Wrong 61
    • Synthesis Syn"the*sis, n.; pl. Syntheses. [L., a mixture, properly, a putting together, Gr. ?, fr. ? to place or put together; sy`n with + ? to place. See Thesis.] 3. (Logic) The combination of separate elements of thought into a whole, as of simple into complex conceptions, species into genera, individual propositions into systems; -- the opposite of analysis. Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc. 2008-10-08 Security Heretic: We're Doing It Wrong 62
    • Enlightenment 2008-10-08 Security Heretic: We're Doing It Wrong 63
    • The Ninety-Five Theses 2008-10-08 Security Heretic: We're Doing It Wrong 64
    • The Twelve Step Program 2008-10-08 Security Heretic: We're Doing It Wrong 65
    • Reduced to 9 steps for irony. 2008-10-08 Security Heretic: We're Doing It Wrong 66
    • 1. Admitting the problem. 2008-10-08 Security Heretic: We're Doing It Wrong 67
    • 2. Admitting our complicity. 2008-10-08 Security Heretic: We're Doing It Wrong 68
    • 3. Reasserting ethics. 2008-10-08 Security Heretic: We're Doing It Wrong 69
    • 4. Regaining our self-respect. 2008-10-08 Security Heretic: We're Doing It Wrong 70
    • 5. Finding a new path. 2008-10-08 Security Heretic: We're Doing It Wrong 71
    • 6. Eating our own dog-food. 2008-10-08 Security Heretic: We're Doing It Wrong 72
    • 7. Re-discovering passion. 2008-10-08 Security Heretic: We're Doing It Wrong 73
    • 8. Communicating for success. 2008-10-08 Security Heretic: We're Doing It Wrong 74
    • 9. Owning the suck. 2008-10-08 Security Heretic: We're Doing It Wrong 75
    • NOT: Pwning teh 5uC|<0rz. 2008-10-08 Security Heretic: We're Doing It Wrong 76
    • That’s a different talk altogether. 2008-10-08 Security Heretic: We're Doing It Wrong 77
    • Q&A followup: myrcurial@100percentgeek.net 2008-10-08 Security Heretic: We're Doing It Wrong 78
    • Credits, Links and Notices. Me: http://myrcurial.com and http://www.linkedin.com/in/jamesarlen and sometimes http://liquidmatrix.org/blog Thanks: My Family, Friends, and the SecTor Advisory Committee. Sources: notations and copies of materials are embedded within “notes” of the PPT file. Inspiration: coffee, omelets made by my lovely wife, Strattera, Club Mate, Information Society, NIN, altruism. Constructed with: Asus eeePC 701, Firefox, Powerpoint, angst. http://creativecommons.org/licenses/by-nc-sa/2.5/ca/ 2008-10-08 Security Heretic: We're Doing It Wrong 79