No Such Thing as a Stupid Question: Why Knowledge Shaming is Making Us Less Secure

Presented at Black Hat Europe 2021, Nov. 11, 2021, 11:20 a.m. (40 minutes)

One only needs to hop on social media in the aftermath of any breach to see the 'hot takes' that abound. It seems many people forget we're all one step away from being in their shoes! So it's little wonder that there is hesitation from many to show any sort of vulnerability (personal, not technical!). Due to the unique nature of many cybersecurity roles, they are naturally insular. When you combine that with a keyboard mob who are ready to ridicule anyone who stumbles, it's no surprise that knowledge sharing in our industry is fundamentally broken.

As someone who is relatively new to infosec, I have this internal battle every time I learn something new (which is often!). I get so excited about sharing it - and then almost immediately begin to doubt myself. In doing my research for this talk, I spoke to some highly-respected figures from the industry and was shocked to hear that they experienced the same issue. The thought then started to snowball - if we, as a collective, are keeping these insights to ourselves, how much better off would we be if there was no fear of retribution?

And so, I began to dig. Who does knowledge sharing well? What are the blockers that prevent us from being more open, and how can we overcome those? And finally, how do we become better at disagreeing?

This is, therefore, a rallying cry. It is a call-to-arms for everyone to take these lessons to heart so we can all do our part to make the industry a better place. I don't say that to be naive or idyllic - I genuinely believe that if we can harness the collective knowledge that we are missing out on currently, we can take an incredible leap forward!


Presenters:

  • Regina Bluman - Security Analyst, Algolia
    Regina Bluman is an infosec convert, previously working in IT Marketing for almost 10 years before leaving the dark side and moving across! She now works as a Security Analyst at Algolia. She is an experienced panelist, guest author, podcast guest, and was recently nominated as 'Technical Employee of the Year', 'Role Model of the Year', 'Rising Star', and 'Woman of the Year' in the CRN Women in Channel Awards. She also volunteers for the Cyber House Party and is part of the Ladies of London Hacking Society. When not working, Regina can often be found still sitting at her computer, working on various hacking labs or CTFs, and when not 'geeking out', she tries to catch as many Welsh rugby and Liverpool football games as she can. Away from a screen, she loves to spend time outside hiking, camping, and snowboarding as often as weather and time allows! Her biography wouldn't be complete without mentioning her beloved mog, Raymond. Raymond was adopted just before the first lockdown in 2020, and features heavily on her Twitter profile!

Links:

Similar Presentations: