It's your favorite reporter in the field, Patrick Hellen, reporting back with some more updates from our speaking tracks at the UNITED Summit.
Dave Kennedy, the founder of TrustedSec, gave an entertaining presentation called Going on the Offensive - Proactive Measures in Security your Company. Just like HD's earlier presentation, we had our staff artist plot out the entire speech, which you can see attached here at right.
When I say entertaining, the previous talk track was a debate session that Dave also participated in, and if the audience did not agree with your point, you had to drink scotch. Dave, if you read this, i'm impressed at your ability to stay focused, on track, and to keep the room engaged.
The topic itself, a proactive approach to infosec problems, is not new of course but Dave's point is that neither is our approach to security. We generally find our security teams in a bind, in that they're stuck trying to secure problems from 2 years ago, with no downside for the hackers themselves. In today's world, it's apparently far more profitable to be a hacker than it is to be a drug dealer. He presented a stat that in 2011, the profits that drug trafficking took in was 372 billion, with all the risks of death and jail time. Also in 2011, hacking uncovered 678 Billion in stolen money/information, with almost zero chance of being killed, and far less severe criminal sentencing.
He also made the point that we see more and more breaches occurring, and more and more money being spent on security, and yet still more breaches occurring and yet still more money being spent on security. In his case, the attack vector he's going to take to get in to and take over a system?
The users of course.
Social Engineering = something you can train against, but not something you can really purchase your way out of.
He did touch on several more subjects, including the risk of Cloud computing and his very frank opinions on APT, and how security professionals should keep things simple, all of which you can take a look at when we post the slides and information from all of our talk tracks here on SecurityStreet in the near future.
Next up, Beer tasting. I want to make sure I'm on time for that event.