This document provides an overview of Saumil Shah's career in cybersecurity spanning over 21 years. It discusses the evolution of technology and cybersecurity threats from the year 2000 to the present. Key points covered include the shift from hardware-based attacks to more modern software and network-based attacks that follow money and target things like financial information, social networks, and critical infrastructure. The document argues for a shift towards more user-centric and risk-based approaches to security that empower users and build systems with security and trustworthiness as core features.

1. NETSQUARE
< THE DECADE BEHIND..
AND THE
decade ahead >
saumil shah - ceo, net-square

2. NETSQUARE
NSCONCLAVE2020
#REPUBLICDAY
सारे जहाँ से अ)छा

3. NETSQUARE
#RepublicDaY2K

4. NETSQUARE
# whoami - Saumil Shah
THE ACCIDENTAL ENTREPRENEUR
• 21 years in Infosec.
• M.S. Computer Science
Purdue University.
• LinkedIn: saumilshah
• Twitter: @therealsaumil

5. NETSQUARE
YEAR 2000
Pentium 3 ~ 800MHz / 256M Ram / 20GB
PCMCIA expansion, No USB
Mobile Charges
₹14 / minute
64Kbps 1:4
"compressed broadband"
The Dawn of WEB HACKING
Hardware Used:
Person to Person Communication: Internet Connectivity:
Emerging Trends in Cybersecurity:

6. NETSQUARE
EVOLUTION &
MOORE'S LAW
"THE NUMBER OF
COMPONENTS PER
INTEGRATED
CIRCUIT SHALL
DOUBLE EVERY
COUPLE OF YEARS"

7. NETSQUARE
Virginia Tech System X: Nov 2003
1100 PowerMac G5's
12 TFLOPS
#3 Supercomputer in the world,
November 2003
> 10 TFLOPS for < $10M
Dr. Srinidhi Varadarajan

8. NETSQUARE
NVIDIA AGX Xavier: Nov 2019

9. NETSQUARE
5 Minutes of Music
50MB 3.5MB
44.1KHz, Stereo 44.1KHz, Stereo

10. NETSQUARE
Evolution's Outcomes

11. NETSQUARE
2007

12. NETSQUARE
Again…Evolution

13. NETSQUARE
The Evolution of Attacks: 2001-19

14. NETSQUARE
Servers Applications Desktops
Browsers Pockets Minds
How Have Targets Shifted?

15. NETSQUARE
IP:Port
Applications
on HTTP
Broadband
Networks
HTML5
Wireless
Connectivity
Social
Networks
Target Enablers

16. NETSQUARE
Attacks Follow The Money
Defacement
and DDoS
ID Theft and
Phishing
Financial
Fraud
Targeted
APT
Ransomware
Cambridge
Analytica

17. NETSQUARE
Evolution Quiz:

18. NETSQUARE

19. NETSQUARE
FIREWALLS
IDS/IPS
ANTIVIRUS
WAF
DLP, EPS
DEP, ASLR
SANDBOX
EVOLUTION OF
DEFENSE 2001-19
DIFFERENT....
Reactive Approach
Block the Bad Things
and be Secure again

20. NETSQUARE
FIREWALLS
IDS/IPS
ANTIVIRUS
WAF
DLP, EPS
DEP, ASLR
SANDBOX
ONE-WAY ATTACK
FRAGROUTER
OBFUSCATION
CHAR ENCODING
DNS EXFIL
ROP, INFOLEAK
JAILBREAK
DIFFERENT.... BUT SAME SAME

21. NETSQUARE
Organizations have
plenty volunteers to add
layers of complexity…
…but few none for
attack surface reduction
and reducing privileged
code.
THOMAS DULLIEN,
"Why we are not building a
defendable Internet" BH ASIA 2O17

22. NETSQUARE
Security = "RISK REDUCTION"
Rules
Signatures
Updates
Machine Learning

23. NETSQUARE

24. NETSQUARE
Microsoft 2001

25. NETSQUARE
From: Bill Gates
Sent: Tuesday, January 15, 2002 5:22 PM
Subject: Trustworthy computing
Every few years I have sent out a memo
talking about the highest priority for
Microsoft. Two years ago, it was the
kickoff of our .NET strategy. Before
that, it was several memos about the
importance of the Internet to our future
and the ways we could make the Internet
truly useful for people.
Over the last year it has become clear
that ensuring .NET is a platform for
Trustworthy Computing is more important
than any other part of our work. If we
don't do this, people simply won't be
willing -- or able -- to take advantage
of all the other great work we do.
Trustworthy Computing is the highest
priority for all the work we are doing.
We must lead the industry to a whole new
level of Trustworthiness in computing.

26. NETSQUARE

27. NETSQUARE
2005: Ciscogate – Michael Lynn
https://www.schneier.com/blog/archives/2005/07/cisco_harasses.html

28. NETSQUARE 2009
CAN
SEC
WEST
Photo credit: Garrett Gee

29. NETSQUARE
Evolution of the Internet
Physical
Data Link
IP
TCP / UDP
Session
Presentation
Application INTEROPERABILITY
DECENTRALISED

30. NETSQUARE
Evolution of the Internet
HTTP
WEB 1.0
WEB 2.0
CLOUDSocial N/W
A.I.
SKYNET
HTTP IS THE
DATAGRAM OF THE
APPLICATION LAYER
THE MATRIX
VIRTUALISATION
MOORE'S LAW
BOSTON DYNAMICS
F.A.A.N.G.

31. NETSQUARE

32. NETSQUARE

33. NETSQUARE
A Brave New World

34. NETSQUARE
Where Do We Live?
#BREXIT
#US Elections
#CAA
…typing

35. NETSQUARE
PLANET CYBERSPACE
NATURE'S AND PHYSICS' LAWS
DON'T APPLY HERE.
NEITHER DO YOUR GOVERNMENTS'

36. NETSQUARE
Computerization, Discretion, Freedom
Sergey Bratus, Anna Shubina
December 31, 2015
Surveillance of social networking, pervasive user tracking in hopes of reaping
profits promised by “big data”, and ubiquitous failure to secure stockpiled
personal data went from being the concern of the few to making mainstream
media. We’ve learned that what hurts privacy is also likely to hurt freedom. But,
despite all these revelations, the worst and the most pervasive danger of
computerizing our everyday lives has so far avoided public attention: that
computers modify our behaviors related to discretion, professional autonomy, and,
ultimately, moral choice.
Computerization changes every area of human activity it touches, by bringing
new rules and new metrics. With enough of these at work, humans must act with an
eye to not just what they do (or should do) in the actual real-world situations, but also
to how it will look in the computer representation of it—and the latter are never
complete. And when they disagree, one must either spend the extra time and effort
“fighting the system”, bend the rules—or give up.

37. NETSQUARE

38. NETSQUARE

39. NETSQUARE Alberto Brandolini @ziobrando (The Bullshit Asymmetry)

40. NETSQUARE
THIS PERSON DOES NOT EXIST.COM
Social Network Neighbourhood

41. NETSQUARE

42. NETSQUARE
THE EVOLUTION OF
ARTIFICIAL INTELLIGENCE

43. NETSQUARE

44. NETSQUARE
CYBERSPACE BIOLOGY:
CELLS = PIXELS
• HUMAN FACULTIES FOR THREAT DETECTION
FAIL IN CYBERSPACE.
• FOR HUMANS, WHAT IS COMMON SENSE IN
REALITY IS IGNORANCE IN VIRTUALITY.
• FALSE SENSE OF SECURITY AND PRIVACY
THROUGH INEFFECTIVE INFOSEC PRODUCTS.

45. NETSQUARE
ELEMENTS OF A TRUSTWORTHY SYSTEM
TRANSPARENCY
METRICS
RESILIENCE
USERS

46. NETSQUARE
BANK STATEMENTS
Account
Activity
Spending
Record
Account
Reconciliation
Unauthorized
Expenses

47. NETSQUARE
Thomas Dullien
http://addxorrol.blogspot.com/2018/03/a-bank-statement-for-app-activity-and.html
"How could one empower users to account for
their private data, while at the same time helping
platform providers identify malicious software
better?
By providing users with the equivalent of a bank
statement for app/software activity. The way I
imagine it would be roughly as follows:
A separate component of my mobile phone (or
computer) OS keeps detailed track of app activity:
What peripherals are accessed at what times,
what files are accessed, etc."
A BANK STATEMENT FOR
APP/SOFTWARE ACTIVITY

48. NETSQUARE

49. NETSQUARE
PEBKAC

50. NETSQUARE

51. NETSQUARE
ROOT CAUSES OF "LACK OF TRUST"
• THE INTERNET WAS DESIGNED FOR U.S.
MILITARY COMMUNICATIONS. USER IDS
WERE NEVER A PART OF ITS DESIGN.
• ARE YOU ALLOWED TO DRIVE AN
UNREGISTERED CAR ON THE ROAD, AND
WITHOUT A DRIVERS' LICENSE?

52. NETSQUARE
numberofusers
infosec maturity
HOPELESS UNINFORMED PROACTIVE ROCK STARS
IDENTIFY YOUR TARGET USERS...
Always
going to be
an enigma.
If properly guided,
these users are willing
to improve their
usage habits.
The
next
Rock Star
users.
Leave them
alone, and
possibly
learn from them.

53. NETSQUARE
...AND IMPROVE THEIR MATURITYnumberofusers
infosec maturity
HOPELESS UNINFORMED PROACTIVE ROCK STARS

54. NETSQUARE
LET'S TALK ABOUT PASSWORDS

55. NETSQUARE https://xkcd.com/936
WE'VE SUCCESSFULLY TRAINED EVERYONE
TO USE PASSWORDS THAT ARE
HARD FOR HUMANS TO REMEMBER,
BUT EASY FOR COMPUTERS TO GUESS.

56. NETSQUARE
MAKE AUTHENTICATION GREAT AGAIN

57. NETSQUARE
PUT THE USER
IN CONTROL

58. NETSQUARE

59. NETSQUARE

60. NETSQUARE
RESIST
Pass The Parcel
Rules, Signatures,
Updates, Patches
The Next Short-Lived
Security Product
Encumber
Your Users
INFOSEC:
The business of
selling FEAR

61. NETSQUARE
RESONATE
Take Ownership
Build Defendable
Systems
Security and
Trustworthiness
as a core feature
EMPOWER
Your Users
INFOSEC:
The business of
enabling TRUST

62. NETSQUARE
JAI HIND
saumil@net-square.com
@therealsaumil