1 / 48

The Cavalry Is Us

The Cavalry Is Us. Protecting The Public Good. The Cavalry is us Protecting the public good. Nicholas J. Percoco Joshua Corman @c7five @ joshcorman. Nicholas J. Percoco. Director, Information Protection KPMG LLP Advanced Threat Defense, Security Research

tanith
Download Presentation

The Cavalry Is Us

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Cavalry Is Us Protecting The Public Good

  2. The Cavalry is usProtecting the public good Nicholas J. Percoco Joshua Corman @c7five @joshcorman

  3. Nicholas J. Percoco • Director, Information Protection • KPMG LLP • Advanced Threat Defense, Security Research • THOTCON founder, Ran SpiderLabs

  4. Joshua Corman • Director, Security Intelligence • Akamai Father, Husband, Citizen • Adversaries, DevOps, Internet of Things • Rugged Software, “Building a Better Anonymous”

  5. Agenda • Why are we here? • Where have we been? • Where are we going? • How can you get involved?

  6. Chapter 1 Why are we Here?

  7. The beauty of Rock Bottom

  8. Nick’s Dreams

  9. Josh’s Sharks

  10. CC : From: http://www.flickr.com/photos/maiabee/2760312781/

  11. We gave a TALK

  12. Important Things • Body • Mind • Soul

  13. Human Life Vs. Digital Life http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/

  14. REPLACEABILITY

  15. Which Browser Is Most Secure?

  16. Which MOBILE Is Most Secure?

  17. Which Car Is Most Secure?

  18. Which Insulin pump Is Most Secure?

  19. Which THING Is Most Secure?

  20. Someone will come to the Rescue before it’s Too Late

  21. The Cavalry Isn’t Coming

  22. IT’s Up To Us

  23. Converging upon… • Focusing on security that affects personal lives • Getting outside the echo chamber • Teaming w/ stake holders in the public • Technically literate ambassadors of our trade • Making the issues accessible • Getting results!

  24. Chapter 2 Where have we been?

  25. TIMELINE 8/13 BSidesLV DEF CON 21 9/13 DerbyCon Congress 10/13 LASCON 11/13 TEDx AppSecUSA 12/13 BlueHat 1/14 ShmooCon?

  26. TIMELINE 8/13 BSidesLV DEF CON 21 9/13 DerbyCon Congress 10/13 LASCON 11/13 TEDx AppSecUSA 12/13 BlueHat 1/14 ShmooCon?

  27. Journey(S) • Hobby->Profession->Lives (2) • Personal Rock Bottom->Find Others (<10) • Building the Guild->Shared Concerns/Identity (100) • Discovery->Missions/Goals/Plans (300) • Execution->Teaming with Concern Citizens (1000s)

  28. Derbycon 2013: First Meeting • Sept 28 + 29 • 100+ hackers • Enough flipcharts • …and deodorant • Thanks, Dave Kennedy!

  29. Derbycon 2013: Facilitators/SMEs • Andrea Matwyshyn (Legal)* • Adam Brand (Structure) • Beau Woods (Approach) • Chort0 (Guild) • Craig Smith (Auto) • Emily Pience • Jay Radcliffe (Medical) • Josh Corman • Katie Moussouris (k8em0) • Space Rogue (Media) * Guest Speaker

  30. Derbycon 2013: Agenda • What conditions exist that we don’t like? • What are the causes of the conditions? • What should be done to eliminate the causes?

  31. Derbycon 2013: AREAS • Medical • Auto • Law • Media

  32. Derbycon 2013: Outcomes • Knowledge sharing about what is going on • Tons of new ideas on how to solve problems • More agreement than differences

  33. Links to Videos/PODCASTS • BSIDES LV 2013 - http://bit.ly/16YbpC1 • DEF CON 21 - • DERBYCON 2013 - http://bit.ly/1fYUCVI • LASCON 2013 - • LOOPCAST Ep 88- http://bit.ly/1a41cpk • SOUTHERN FRIED SECURITY Ep 115 - http://bit.ly/1amYdbC • PAULDOTCOM Ep 352 - http://bit.ly/1fzaqgP • TEDx Sharks/Security/IoT - http://bit.ly/1bBB6JR

  34. Chapter 3 Where are we going?

  35. Organize, For Action • American Bar Association • American Medical Association • What do we have to be?

  36. Could We, SHOULD WE • Do good through targeted research • Get the right message out (media teaming) • Change or prevent bad cyber security laws • Education and Awareness

  37. This Will Never Work • We are techies • Not safety people, not PR people, not lawyers • Screw them • We told them, but they wouldn’t listen • The problems are too large • The war was lost a long time ago

  38. finding common ground? • WHAT? • WHEN? • HOW? • Chances of Success/Failure

  39. Still to Work on • Identity • Mission – What we exist to do (started at Derby) • Values – What we believe • Nature – What form we will take/what our core work is • Vision • What we want to achieve and by when • What we intend to look like in X years • Plan • What we need to do and by when

  40. Chapter 4 How do you get involved?

  41. UPCOMING EVENTS • December: Microsoft BlueHat • January: ShmooCon / OWASP AppSec CA • March: RSA Conference 2014 (?) • April: THOTCON 0x5 / SOURCE Boston (?) • Also, many BSides globally • August: Adjacent to Black Hat / DEF CON

  42. We Need You • Experience with medical device, auto industries • Media wrangling expertise • Lobbying/Policy experience • Organizational/Visual skills • … or just passion to help

  43. How to Get involved - OWASP • Breakers • Builders • Citizens • Parents/Guardians • Community Leaders/Bloggers/Podcasters/etc

  44. Ideas, comments, Help • @iamthecavalry • Google Group: • http://bit.ly/thecavalry

  45. Never Doubt that a Small group of thoughtful, committed citizens can change the world; It’s the Only thing that ever has.- Margaret MEAD(an American cultural anthropologist)

  46. Fin Security of Consequence

More Related