The phrase low-hanging fruit is an apt metaphor to explain how security market growth and cybercrime success have mirrored each other. For early humans, it made sense to go for maximum calories with the least effort. As with most things in security, traditional logic doesn't always apply.
We got the budget we asked for. We got the shiny products. We got the training. We got the staff. We got breached.
Something is clearly still missing in security.
This won't be a vendor-bashing, anti-products talk. In fact, I'll argue that products are the least of the problem. In nearly ever breach I've analyzed, the target had all the products and people they needed to prevent, detect, and stop the attack.
What's missing is more nuanced. While it isn't low hanging fruit, it isn't rocket science either. What's missing isn't even unique to security - other disciplines and industries figured it out long ago (usually the hard way, after a lot of accidental deaths).
We’ve made a lot of progress over the 20+ years I’ve been involved in the industry, but to make the next leap in maturity, we have to shift our focus a bit. This talk will argue we need to shift some of our focus to things like resilient processes, more feedback loops, and improving response through team practice.
Adrian is a successful generalist with over two decades of experience hacking, fixing, breaking, building, and teaching in InfoSec. He’s always trying to see the big picture and figure out the best security strategies. Despite all these years in the industry, he is still optimistic... Read More →
Friday October 28, 2022 9:00am - 10:00am CDT
Red Oak Ballroom2525 W Anderson Ln #365, Austin, TX 78757, USA
