Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes

Presented at Black Hat USA 2018, Aug. 8, 2018, 9 a.m. (60 minutes)

<p><span style="font-weight: 400;" data-mce-style="font-weight: 400;">Working in security is a principled decision. Many of us do this because we want to help make technology more reliable and safer for our friends, our family - for humanity. Your skills got you a job, but your principles and drive got you the skills.</span></p><p><span style="font-weight: 400;" data-mce-style="font-weight: 400;">Turning your ideals into real, concrete outcomes at scale is… daunting. Interconnected networks, billions of lines of ever-evolving code, third party dependencies and legacy requirements, competing priorities, conflicting incentives, snake oil solutions; these are just a few of the challenges that are familiar to security professionals, and that doesn’t even include the social and communication barriers or endless philosophical debates.</span></p><p><span style="font-weight: 400;" data-mce-style="font-weight: 400;">So, how do you actually make technology in complex landscapes safer, at scale?</span></p><p><span style="font-weight: 400;" data-mce-style="font-weight: 400;">This talk offers guiding advice that we as security practitioners and leaders must embrace in order to succeed. Drawing on her experiences leading some of the biggest, ongoing security efforts that aim to make technology safer for all users, Parisa will first share how throwing out the rule book on vulnerability disclosure has been moving giants of the software industry toward measurably faster patching and end-user security. Next, she will share how a grassroots side project grew to shift the majority of the web ecosystem to secure transport, nearly 25 years after the technology was first made available. Finally, she will review the major effort to implement an intern’s publication in one of today’s largest open source projects, and how they persevered for 5+ years of refactoring, avoiding efforts to defund the work along the way. (Coincidentally, this project helped the world’s most popular browser mitigate a new class of hardware vulnerabilities earlier this year!)</span></p>

Presenters:

  • Parisa Tabriz - Director of Engineering, Google
    Parisa Tabriz is a Director of Engineering at Google, currently responsible for making Chrome a secure, stable, and useful tool for browsing the web across all your devices. She also manages the Project Zero security research team, is affectionately known as the Security Princess (her former job title), and has worked on information security at Google for over a decade, starting as a "hired hacker" software engineer for Google's security team. Outside of Google, Parisa has served as a consultant to the White House U.S. Digital Service to enhance security of government technology, lectured at the Harvard Kennedy School, taught minors to hack, and consulted with multiple entertainment writers to help them understand the world of cybersecurity and technology so they can create and depict more accurate, diverse stories. In 2017, she was featured on WIRED’s Next List for her work pushing encryption on the web, and in 2012, she was selected by Forbes as one of the 30 under 30 pioneers in technology. She holds a Masters of Science degree from the University of Illinois (Urbana-Champaign) with published work in privacy enhancing technologies and wireless security.

Links:

Similar Presentations: