The Cavalry Is Us
of 48
/48
Embed Size (px)
description
The Cavalry Is Us. Protecting The Public Good. The Cavalry is us Protecting the public good. Nicholas J. PercocoJoshua Corman @c7five@ joshcorman. Nicholas J. Percoco. Director, Information Protection KPMG LLP Advanced Threat Defense, Security Research - PowerPoint PPT Presentation
Transcript of The Cavalry Is Us
The Cavalry Is Us
Protecting The Public Good
THE CAVALRY IS US
PROTECTING THE PUBLIC GOOD
Nicholas J. Percoco Joshua Corman @c7five @joshcorman
NICHOLAS J. PERCOCO
Director, Information Protection
KPMG LLP
Advanced Threat Defense, Security Research
THOTCON founder, Ran SpiderLabs
JOSHUA CORMAN
Director, Security Intelligence
Akamai Father, Husband, Citizen
Adversaries, DevOps, Internet of Things
Rugged Software, “Building a Better Anonymous”
AGENDA
Why are we here?
Where have we been?
Where are we going?
How can you get involved?
WHY ARE WE HERE?
Chapter 1
THE BEAUTY OF ROCK BOTTOM
NICK’S DREAMS
JOSH’S SHARKS
CC : From: http://www.flickr.com/photos/maiabee/2760312781/
WE GAVE A TALK
IMPORTANT THINGS
Body
Mind
Soul
HUMAN LIFE VS. DIGITAL LIFE
http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum
/
Countermeasure
s
Situational Awareness
Operational Excellence
Defensible Infrastructure
Life RightsCritInf
r IP PII CCN
Counter-measures
SituationalAwareness
OperationalExcellence
DefensibleInfrastructure
REPLACEABILITY
WHICH BROWSER IS MOST SECURE?
WHICH MOBILE IS MOST SECURE?
WHICH CAR IS MOST SECURE?
WHICH INSULIN PUMP IS MOST SECURE?
WHICH THING IS MOST SECURE?
SO MEON E WIL L CO ME TO THE R ESCUE BEFOR E IT ’S TO O L ATE
THE CAVALRY ISN’T COMING
IT’S UP TO US
CONVERGING UPON…
Focusing on security that affects personal lives
Getting outside the echo chamber
Teaming w/ stake holders in the public
Technically literate ambassadors of our trade
Making the issues accessible
Getting results!
WHERE HAVE WE BEEN?
Chapter 2
TIMELINE
8/13BSidesLVDEF CON
21
9/13DerbyConCongress
10/13LASCON
11/13TEDx
AppSecUSA
12/13BlueHat
1/14ShmooCon
?
TIMELINE
8/13BSidesLVDEF CON
21
9/13DerbyConCongress
10/13LASCON
11/13TEDx
AppSecUSA
12/13BlueHat
1/14ShmooCon
?
JOURNEY(S)
Hobby->Profession->Lives (2)
Personal Rock Bottom->Find Others (<10)
Building the Guild->Shared Concerns/Identity (100)
Discovery->Missions/Goals/Plans (300)
Execution->Teaming with Concern Citizens (1000s)
DERBYCON 2013: FIRST MEETING
Sept 28 + 29
100+ hackers
Enough flipcharts
…and deodorant
Thanks, Dave Kennedy!
DERBYCON 2013: FACILITATORS/SMES
Andrea Matwyshyn (Legal)*
Adam Brand (Structure)
Beau Woods (Approach)
Chort0 (Guild)
Craig Smith (Auto)
Emily Pience
Jay Radcliffe (Medical)
Josh Corman
Katie Moussouris (k8em0)
Space Rogue (Media)
* Guest Speaker
DERBYCON 2013: AGENDA
What conditions exist that we don’t like?
What are the causes of the conditions?
What should be done to eliminate the causes?
DERBYCON 2013: AREAS
Medical
Auto
Law
Media
DERBYCON 2013: OUTCOMES
Knowledge sharing about what is going on
Tons of new ideas on how to solve problems
More agreement than differences
LINKS TO VIDEOS/PODCASTS
BSIDES LV 2013 - http://bit.ly/16YbpC1
DEF CON 21 -
DERBYCON 2013 - http://bit.ly/1fYUCVI
LASCON 2013 -
LOOPCAST Ep 88- http://bit.ly/1a41cpk
SOUTHERN FRIED SECURITY Ep 115 - http://bit.ly/1amYdbC
PAULDOTCOM Ep 352 - http://bit.ly/1fzaqgP
TEDx Sharks/Security/IoT - http://bit.ly/1bBB6JR
WHERE ARE WE GOING?
Chapter 3
ORGANIZE, FOR ACTION
American Bar Association
American Medical Association
What do we have to be?
COULD WE, SHOULD WE
Do good through targeted research
Get the right message out (media teaming)
Change or prevent bad cyber security laws
Education and Awareness
THIS WILL NEVER WORK
We are techies• Not safety people, not PR people, not
lawyers
Screw them• We told them, but they wouldn’t listen
The problems are too large• The war was lost a long time ago
FINDING COMMON GROUND?
WHAT?
WHEN?
HOW?
Chances of Success/Failure
STILL TO WORK ON
1.Identity• Mission – What we exist to do (started at
Derby)• Values – What we believe• Nature – What form we will take/what our core
work is
2.Vision• What we want to achieve and by when• What we intend to look like in X years
3.Plan• What we need to do and by when
HOW DO YOU GET INVOLVED?
Chapter 4
UPCOMING EVENTS
December: Microsoft BlueHat
January: ShmooCon / OWASP AppSec CA
March: RSA Conference 2014 (?)
April: THOTCON 0x5 / SOURCE Boston (?)
Also, many BSides globally
August: Adjacent to Black Hat / DEF CON
WE NEED YOU
Experience with medical device, auto industries
Media wrangling expertise
Lobbying/Policy experience
Organizational/Visual skills
… or just passion to help
HOW TO GET INVOLVED - OWASP
Breakers
Builders
Citizens
Parents/Guardians
Community Leaders/Bloggers/Podcasters/etc
IDEAS, COMMENTS, HELP
@iamthecavalry
Google Group:• http://bit.ly/thecavalry
NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL,
COMMITTED CITIZENS CAN CHANGE THE WORLD; IT’S THE
ONLY THING THAT EVER HAS.
- MARGARET MEAD( A N A M E R I C A N C U LT U R A L A N T H R O P O L O G I S T )
SECURITY OF CONSEQUENCE
Fin
