Successfully reported this slideshow.
Your SlideShare is downloading. ×

It's the people, stupid.

Sep. 22, 2016
4 likes 2,468 views
Upcoming SlideShare
Crazy Like A Fox - #Infosec Ideas That Just Might Work
Crazy Like A Fox - #Infosec Ideas That Just Might Work
Loading in …3
×

Check these out next

Menoovr
menoovr
Where in the publishing world are libraries?
Katie Dunneback
State of the Internet Operating System: Web2 expo10
Tim O'Reilly
Where 2.0 Perch Product Launch Presentation
perryevans
webfonts & @font-face :: in brief
Paul Irish
Epub in the wild
liz_castro
Strata Conference 2014 NYC with Twitter
Taewook Eom
Using WordPress for Digital Workflows and More
Kirk Biglione
1 of 70
1 of 70

It's the people, stupid.

Sep. 22, 2016
4 likes 2,468 views

Download to read offline

Technology

A talk given at Velocity New York 2016.
Transcript and additional links will be posted to https://www.netmeister.org/blog/its-the-people.html

A talk given at Velocity New York 2016.
Transcript and additional links will be posted to https://www.netmeister.org/blog/its-the-people.html

Technology

Recommended

More Related Content

Viewers also liked

Menoovr
menoovr
Where in the publishing world are libraries?
Katie Dunneback
State of the Internet Operating System: Web2 expo10
Tim O'Reilly
Where 2.0 Perch Product Launch Presentation
perryevans
webfonts & @font-face :: in brief
Paul Irish
Epub in the wild
liz_castro
Strata Conference 2014 NYC with Twitter
Taewook Eom
Using WordPress for Digital Workflows and More
Kirk Biglione
Better Bash - Unit and Integration Testing
C.J. Jameson
jQuery Mobile: For Fun and Profit
Daniel Cousineau
(Short version) Building a Mobile, Social, Location-Based Game in 5 Weeks
Jennie Lees
Kobo: What Do eBook Customers Really, Really Want? (Tools of Change 2011)
MTamblyn
Mobilising the world's Natural History - Open Data + Citizen Science
Margaret Gold
Social Gold: The Design of FarmVille and Other Social Games (Web2Expo 2010)
Amitt Mahajan
Smaller, Flatter, Smarter
Web 2.0 Expo
Data Science and Smart Systems: Creating the Digital Brain
VMware Tanzu
Web 2.0 Expo Speech: Open Leadership
Charlene Li
Hadoop's Impact on the Future of Data Management | Amr Awadallah
Cloudera, Inc.
Tyranny of the SLA
J. Paul Reed
Locked Out in London (and tweeting about it) - version with my notes
Sylvain Carle

More from Jan Schaumann

The Razors Edge - Cutting your TLS Baggage
Jan Schaumann
Protecting Data in Untrusted Locations
Jan Schaumann
Headless Host Scanning
Jan Schaumann
Safely Drinking from the Data Waterhose
Jan Schaumann
PGP for Smarties
Jan Schaumann
Fancy pants
Jan Schaumann
Ipv6 basics
Jan Schaumann
L3DSR - Overcoming Layer 2 Limitations of Direct Server Return Load Balancing
Jan Schaumann
Building better tools
Jan Schaumann
Useless use of *
Jan Schaumann
DST @ Yahoo!
Jan Schaumann

Featured

Irresistible content for immovable prospects
Velocity Partners
How To Build Amazing Products Through Customer Feedback
Product School
Bridging the Gap Between Data Science & Engineer: Building High-Performance T...
ryanorban
Intro to user centered design
Rebecca Destello
How to Master Difficult Conversations at Work – Leader’s Guide
Piktochart
How to Land that First Customer
Floown
How to think like a startup
Loic Le Meur
What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden

Related Books

Free with a 30 day trial from Scribd

See all
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
Free
No Filter: The Inside Story of Instagram Sarah Frier
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
Free
Ninety Percent of Everything: Inside Shipping, the Invisible Industry That Puts Clothes on Your Back, Gas in Your Car, and Food on Your Plate Rose George
Free
Carrying the Fire: 50th Anniversary Edition Michael Collins
Free
How to Survive a Robot Uprising: Tips on Defending Yourself Against the Coming Rebellion Daniel H. Wilson
Free
How to Lie with Maps, Third Edition Mark Monmonier
Free

Related Audiobooks

Free with a 30 day trial from Scribd

See all
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
Free
Cloudmoney: Cash, Cards, Crypto, and the War for Our Wallets Brett Scott
Free
The Science of Time Travel: The Secrets Behind Time Machines, Time Loops, Alternate Realities, and More! Elizabeth Howell
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
Free
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
Free
A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage
Free
The Metaverse: And How It Will Revolutionize Everything Matthew Ball
Free
Driven: The Race to Create the Autonomous Car Alex Davies
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
Free
The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner
Free
Liftoff: Elon Musk and the Desperate Early Days That Launched SpaceX Eric Berger
Free
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
Free

It's the people, stupid.

  1. 1. It’s  the  people,  stupid.   @jschauma  Jan  Schaumann  
  2. 2. @jschauma  Velocity  NY  2016  
  3. 3. @jschauma  Velocity  NY  2016  
  4. 4. @jschauma  Velocity  NY  2016  
  5. 5. @jschauma  Velocity  NY  2016  
  6. 6. @jschauma  Velocity  NY  2016  
  7. 7. @jschauma  Velocity  NY  2016  
  8. 8. ServerUserless  Systems   @jschauma  Velocity  NY  2016  
  9. 9. Useless  Systems   @jschauma  Velocity  NY  2016  
  10. 10. @jschauma  Velocity  NY  2016  
  11. 11. Change  vs.  more  of  the  same.   The  people,  stupid.   Don’t  forget  malware.   @jschauma  Velocity  NY  2016  
  12. 12. Developers   @jschauma   •  That  can’t  happen.   •  That  doesn’t  happen  on   my  machine.   •  That  shouldn’t  happen.   •  Why  does  that  happen?   •  Oh,  I  see.   •  How  did  that  ever  work?  
  13. 13. Developers   SRE   @jschauma   •  That  never  worked.   •  Must  be  the  network.  
  14. 14. Developers   SysAdmins   @jschauma   •  It’s  not  the  network.   •  Probably  a  bug  in  the  OS.   •  Oh,  ok.  DNS.   •  Don’t  monkey  around  with  /etc/hosts.   SRE  
  15. 15. Developers   SysAdmins   BOFH   @jschauma   •  An  African  or  European  swallow?   •  You  don’t  know  what  you’re  doing.   SRE  
  16. 16. Developers   SysAdmins   BOFH   Infosec   @jschauma   •  That’s  not  how  you  do  this.   •  Nobody  knows  what  they’re  doing.   SRE  
  17. 17. Developers   SysAdmins   BOFH   Infosec   New  Yorkers   @jschauma   •  What?  I  don’t  care,  keep  walking.  Don’t  talk  to  me.   •  Seriously,  don’t  stop  in  the  middle  of  the  street.              I  will  cut  you.   SRE  
  18. 18. Developers   SysAdmins   BOFH   Infosec   New  Yorkers   New  York  Infosec  SysAdmin   @jschauma   SRE  
  19. 19. @jschauma  Velocity  NY  2016  
  20. 20. @jschauma  Velocity  NY  2016  
  21. 21. @jschauma  Velocity  NY  2016  
  22. 22. @jschauma  Velocity  NY  2016  
  23. 23. @jschauma  
  24. 24. @jschauma  Velocity  NY  2016  
  25. 25. @jschauma  
  26. 26. @jschauma  Velocity  NY  2016  
  27. 27. @jschauma  Velocity  NY  2016  
  28. 28. @jschauma  
  29. 29. @jschauma  Velocity  NY  2016  
  30. 30. @jschauma  Velocity  NY  2016  
  31. 31. @jschauma  Velocity  NY  2016   How  not  to  be  seen  
  32. 32. @jschauma   Changing  other  people’s  habits  is  a   wicked  problem.   Velocity  NY  2016  
  33. 33. @jschauma   Prod   Corp   Long-­‐lived  SSH  ConnecCons   Velocity  NY  2016  
  34. 34. @jschauma   Firewall  /  ACLs  /   idled(8)  …   Velocity  NY  2016  
  35. 35. @jschauma   Reverse  SSH  tunnel   Privkeys  on  prod   cron(8)  iniCated  callbacks   …   Velocity  NY  2016  
  36. 36. @jschauma  Velocity  NY  2016  
  37. 37. @jschauma  Velocity  NY  2016  
  38. 38. @jschauma  hLps://is.gd/80zCWX  Velocity  NY  2016  
  39. 39. @jschauma   Why  we  take  our  shoes  off  at  the  airport.   Velocity  NY  2016  
  40. 40. @jschauma   NSA-­‐proofing  TLS   cipher  spec  LiSle  Bobby  Tables   Secrets  on  GitHub   XSS   #Infosec:  Silicon  Valley’s  TSA   Velocity  NY  2016  
  41. 41. Security  is  not  a  value.   @jschauma  Velocity  NY  2016  
  42. 42. Nobody  cares  about  security.   @jschauma  Velocity  NY  2016  
  43. 43. Nobody  cares  about  security.   That  is  neither  incompetence  nor   malice,  it’s  pragmaSsm.   @jschauma  Velocity  NY  2016  
  44. 44. @jschauma   People  driven  defense   EffecCve  defense   “sophisCcated”   “military  grade  encrypCon”   “NSA-­‐proof”   “even  more  cyber”   “cyber”   Vendor  Crap  “Security  Appliances”  
  45. 45. @jschauma  Velocity  NY  2016  
  46. 46. @jschauma   Ceci n’est pas un hacker. Velocity  NY  2016  
  47. 47. @jschauma  Velocity  NY  2016  
  48. 48. @jschauma  Velocity  NY  2016  
  49. 49. @jschauma  Velocity  NY  2016  
  50. 50. @jschauma  Velocity  NY  2016  
  51. 51. @jschauma  Velocity  NY  2016  
  52. 52. @jschauma  Velocity  NY  2016  
  53. 53. Safety,  not  (just)  security.   @jschauma  Velocity  NY  2016  
  54. 54. A  system  is  secure  if  it  protects  the   user  when  used  correctly.     A  system  is  safe  if  it  protects  the  user   even  when  used  incorrectly.   @jschauma  Velocity  NY  2016  
  55. 55. @jschauma  Velocity  NY  2016  
  56. 56. @jschauma   If  your  reacSon  is  “well,  not  like  that”,   you  have  a  poka-­‐yoke  problem.     Fix  that.   Velocity  NY  2016  
  57. 57. @jschauma   The  most  convenient  /  intuiSve   way  to  use  your  applicaSon  must  be   the  safest  way  to  use  your  applicaSon.   Velocity  NY  2016  
  58. 58. @jschauma   Users  will  not  change  default  sengs.   Velocity  NY  2016  
  59. 59. @jschauma   Users  will  not  change  default  sengs.   (Unless  a  less  secure  opSon  is  available.)   Velocity  NY  2016  
  60. 60. @jschauma   Failure  must  not  lead  the  user  to   change  their  default  sengs.   Velocity  NY  2016  
  61. 61. @jschauma   Failure  must  not  lead  the  user  to   change  their  default  sengs.     Safety  overrides  must  be  temporary.   Velocity  NY  2016  
  62. 62. @jschauma   Your  applicaSons,  services,  standards,   etc.,  must  age  gracefully.   Velocity  NY  2016  
  63. 63. Poka-­‐yoke  so^ware  &  systems   •  safe  defaults   •  safe  failure  mode   •  automated,  regular,  unaLended  updates   •  puts  usability  ahead  of  ‘security’   •  encourages  desired  behavior   •  builds  /  strengthens  safe  habits   •  follows  the  users’  desire  path   Velocity  NY  2016  
  64. 64. @jschauma  Velocity  NY  2016  
  65. 65. @jschauma  Velocity  NY  2016  
  66. 66. Change  vs.  more  of  the  same   •  avoid  the  downward  spiral  of  cynicism   •  your  users,  developers,  engineers,  …  are  not  stupid;  they’re   trying  to  get  their  job  done   •  focus  on  realisSc  threats,  not  high-­‐profile  security  theater   •  understand  that  your  aLackers  are  moSvated,  dedicated,   human  adversaries   The  people,  stupid.   •  security  is  not  an  end-­‐goal   •  build  safe  applicaSons  &  services   •  understand  your  users’  desire  paths   •  Poka-­‐yoke  Go!   @jschauma  Velocity  NY  2016  
  67. 67. “Fundamentally,   the  problem  isn’t   about  security.  It’s   about  people.”   @jschauma   -­‐  Bill  Clinton  (not  quite)   Thanks!  
  68. 68. Image  ALribuSons   •  Monty  Python,  Paul  Townsend  hLps://flic.kr/p/nVFKH5   •  Serverless,  PolarFlex  Rack  Blanking   hLp://polargy.com/air-­‐flow-­‐accessories/42u-­‐blanking-­‐ panels.php   •  Downward  spiral,  Davo  Sime   hLps://thenounproject.com/term/downward-­‐spiral/ 589704/  hLps://creaSvecommons.org/licenses/by/3.0/us/   •  Mouse,  MarSn  Driver,   hLp://wallpapersafari.com/w/UzqRxW   •  Silly  Walk  Street  Sign,  Kayla  Reed,   hLp://www.avclub.com/arScle/crosswalk-­‐norway-­‐makes-­‐ ciSzens-­‐do-­‐monty-­‐python-­‐si-­‐203164     @jschauma  

×