Presented at DEF CON 19 (2011)
Aug. 6, 2011, 10 a.m.
"Whoever fights monsters should see to it that in the process he does not become a monster." - Friedrich Nietzsche.
Aaron Barr returns for the first time in what's sure to be a gritty and frank (and heated) panel. How can we conduct ourselves without losing ourselves? How far is too far - or not far enough? IT security has finally gotten the attention of the mainstream media, Pentagon generals and public policy authors in the Beltway, and is now in mortal danger of losing (the rest of) its soul. We've convinced the world that the threat is real - omnipresent and omnipotent. But recent events suggest that in their efforts to combat a faceless enemy, IT security firms and their employees risk becoming indistinguishable from the folks with the Black Hats. The Anonymous attacks and data spilled from both private- and public sector firms raise important questions that this panel will try to answer. among them: how to respond to chaotic actors like Anonymous and LulzSec, what the U.S. gains (and loses) by making "APTs" the new "Commies" and cyber the forefront of the next Cold War and APTs the new commies. Aaron, Josh and Jericho will debate whether we in the security community can fight our "monsters" without sacrificing the civil liberties and the freedoms we enjoy here at home.
Jericho has been poking about the hacker/security scene for 18 years (for real), building valuable skills such as skepticism and alchohol tolerance. As a hacker-turned-security whore, he has a great perspective to offer unsolicited opinion on just about any security topic. A long-time advocate of advancing the field, sometimes by any means necessary, he thinks the idea of 'forward thinking' is quaint (we're supposed to be thinking that way all the time). No degree, no certifications, just the willingness to say things most of the industry is thinking but unwilling to say themselves. He remains a champion of security industry integrity and small misunderstood creatures.
- Research Director, Enterprise Security Practice, The 451 Group
Joshua Corman Research Director, Enterprise Security Practice, The 451 Group - Joshua Corman is the Research Director of the 451 Group's enterprise security practice. Corman has more than a decade of experience with security and networking software, most recently serving as Principal Security Strategist for IBM Internet Security Systems. Corman's research cuts across sectors to the core challenges of the industry, and drives evolutionary strategies toward emerging technologies and shifting economics. Corman is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently lead NetworkWorld magazine to recognize him as a top Influencer of IT for 2009. Corman also serves on the Faculty for IANS and is a staunch advocate for CISOs everywhere. In 2010, Corman also co-founded Rugged www.ruggedsoftware.org - a value based initiative to raise awareness and usher in an era of secure digital infrastructure. Corman received a bachelor's degree in philosophy, Phi Beta Kappa, summa cum laude, from the University of New Hampshire. He lives with his wife and two daughters in New Hampshire.
- Former CEO
Aaron Barr has spent the last 20 years in the intelligence and federal space of the cyber security community in positions ranging from intelligence analyst, UNIX system administrator and technical director. With degrees in Field Biology and computer security, his path would have drastically changed in 1997 had the Navy accepted his request to extend his educational program towards a degree in Mycology. Alas the Navy had no open billets for mushroom experts. He separated from the Navy in 2001 and chartered a course in IT and IT security in the defense industry. An agitator/collaborator, not afraid to express an opinion, but open to adopt better ones, he is enthusiastic and passionate about technology and its positive and negative effects on society, including security. An analyst at heart and by trade, he is focused on security as an intelligence problem.
- Editor, Threatpost.com, Kaspersky Lab
Paul Roberts , Editor, Threatpost.com - Paul is an editor at Threatpost.com, Kaspersky Lab's security news blog. Paul is a thought leader with a decade of experience as a technology reporter and analyst covering information technology security. Before joining Threatpost, Paul was a Senior Analyst in the Enterprise Security Practice at The 451 Group, an industry analyst firm. As a reporter and editor, he has worked for leading technology publications including InfoWorld, eWeek and The IDG News Service. Paul's writing has appeared in The Boston Globe, Salon.com and Fortune Small Business. He has been interviewed on issues relating to technology and security for publications ranging from The Wall Street Journal, to NPR's Marketplace to the Oprah Show. When he's not writing about security, Paul runs the occasional marathon and edits bloggingbelmont.com, a citizen powered blog in Belmont, Massachusetts, where he lives with his wife and three daughters.