Blackhat 2017 Day 1 – The Keynote

on
Day one begins with the keynote speech.  The night before there were a multitude of parties and luckily through my coworkers I was able to attend one thrown by Kaspersky (which I pronounced Kaspery and that confused them quite a bit).  I’m a guy that gets “hangry” and the breakfast provided by the conference was muffins and a mixed berry parfait.  Oh, what would I give for an egg, cheese, and some sort of meat biscuit.  The keynote speaker is Alex Stamos, CSO for Facebook.  I bet you he’s gotten as many Full House references as I have gotten Last of the Mohicans.  



The key note was in the Mandalay Bay Arena, which I had never been in before.  The arena looks like a mid-sized college basketball stadium.  At the time I wondered how this compared to the event (Insight) NetApp puts on in the Mandalay Bay conference center as well.  Blackhat is bigger.

The founder of Blackhat took the stage and framed the problem of “Secure by Default” vs. “On by Default” that everyone faces daily.  The CEO of Qualys introduced Alex.  Alex listed 3 problems with the Blackhat/security community.

1)    The main focus is on complexity, but that’s only a small portion of the pyramid.  There’s no focus on the harm of activity.  Essentially, if the technology is cool from a theoretical perspective, but it being used to smuggle kids – where is the responsibility of the community?
2)    The security community likes to punish imperfect solutions in an imperfect world.  There should be a focus on empathy.  More than likely a person that found a vulnerability wouldn’t be able to do better with the given constraints of the developer.
3)    The security community does not engage world effectively.  Information isn’t broken down to the point where it’s intelligible to the average person.


He also mentioned a concept that I’ve seen pop up in my day-to-day: security nihilism.  Security nihilism is the thought if the security solution is not perfect, why do anything at all? I agree that we should strive for good enough.  We should understand the attack surface and the spell out the holes we intend to plug.


Overall, a great speech.

Comments

Post a Comment