Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DevSecCon Boston 2018: How come appsec is still not in the curriculum by Gabor Pek

149 views

Published on

DevSecCon Boston 2018: How come appsec is still not in the curriculum by Gabor Pek

Published in: Technology
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

DevSecCon Boston 2018: How come appsec is still not in the curriculum by Gabor Pek

  1. 1. BOSTON 10-11 SEPT 2018 How come Appsec is still not in the curriculum? Gábor Pék
  2. 2. BOSTON 10-11 SEPT 2018 About me Co-founder of !SpamAndHex (3x DEFCON CTF Finalist team) PhD in virtualization and malware security (CrySyS Lab, BME) Co-founder and CTO at Avatao Intel virtualization hacks (e.g., XSA-59) Research of advanced malware (Duqu, Flame)
  3. 3. BOSTON 10-11 SEPT 2018 Why= The Purpose Apple: “We believe in challenging the status quo and doing this differently” How = The Process Apple: “Our products are beautifully designed and easy to use“ What = The Result Apple: “We make computers” The Golden Circle by Simon Sinek Purpose of traditional educationAppsec in higher education?
  4. 4. BOSTON 10-11 SEPT 2018 WHY to add Appsec to the curriculum? “I believe in a world where security principles interweave technology.”
  5. 5. BOSTON 10-11 SEPT 2018 A study by CloudPassage from 2016
  6. 6. BOSTON 10-11 SEPT 2018 Joe CC BY-SA 2.5 Purpose of traditional education
  7. 7. BOSTON 10-11 SEPT 2018 Courses today
  8. 8. BOSTON 10-11 SEPT 2018 101 - Learn from Uncle Bob
  9. 9. BOSTON 10-11 SEPT 2018 quality bugs 50-70% of security issues are due to bad coding practices Security is a quality issue security vulnerabilities source:
  10. 10. BOSTON 10-11 SEPT 2018 Students fuel our technology
  11. 11. BOSTON 10-11 SEPT 2018 2m cyber professionals missing by 2020
  12. 12. BOSTON 10-11 SEPT 2018 Problem at large Businesses Profit/Value-driven Mainly practical Lack of security experts Universities Principle-driven Mainly theoretical Missing security courses
  13. 13. BOSTON 10-11 SEPT 2018 HOW to do that? “Make Appsec education hands-on and fun”
  14. 14. BOSTON 10-11 SEPT 2018 Software security in an (ideal) organization
  15. 15. BOSTON 10-11 SEPT 2018 Designed for a large number of students Insufficient number of hands-on exercises Lack of personalization Universities aren’t champion programs
  16. 16. BOSTON 10-11 SEPT 2018 Founding CrySyS Student CoreStarting talent management in 2013
  17. 17. BOSTON 10-11 SEPT 2018 CrySyS SecChallenge and !SpamAndHex
  18. 18. BOSTON 10-11 SEPT 2018 Conditions for sustainability
  19. 19. BOSTON 10-11 SEPT 2018 How !SpamAndHex became a top hacker team!SpamAndHex before DEFCON Finals 2015
  20. 20. BOSTON 10-11 SEPT 2018 Measuring Success (on-site Finals) 3x 3x 2x 2x 2x Google CTF Belluminar RuCTF 1x Nuit du Hack 1x
  21. 21. BOSTON 10-11 SEPT 2018 Huge fun to play CTFs around the globe
  22. 22. BOSTON 10-11 SEPT 2018 Giving back to higher education
  23. 23. BOSTON 10-11 SEPT 2018 IT Security @ BME
  24. 24. BOSTON 10-11 SEPT 2018 WHAT should be done? “Hands-on exercises for scalable deep learning”
  25. 25. BOSTON 10-11 SEPT 2018 Why learning exercises?
  26. 26. BOSTON 10-11 SEPT 2018 Appsec in higher education? Solution-driven Practice-oriented Ad-hoc learning Exercises for individuals DevelopersStudents Completion-driven Wanna be practice-oriented Continuous learning (e.g., homeworks, assignments)
  27. 27. BOSTON 10-11 SEPT 2018 Appsec in higher education?Well-designed security exercises Bootstrap beginners Challenging for the talented ones Help on-demand Demonstrate up-to-date problems Interesting & funny Bridge theory and practice
  28. 28. BOSTON 10-11 SEPT 2018
  29. 29. BOSTON 10-11 SEPT 2018 Bring practice back to universities
  30. 30. BOSTON 10-11 SEPT 2018 Start in small and forget the excuses
  31. 31. BOSTON 10-11 SEPT 2018 Thank you! References: 1. Most Top Computer Science Programs Skip Cybersecurity 2. Top US Undergraduate Science Programs Skip Cybersecurity classes 3. L. Buttyán, M. Félegyházi, G. Pék, Mentoring talent in IT security – A case study, Usenix ASE 2016 Austin, Texas, August 2016.

×