The Details Don’t Matter

Presented at DerbyCon 1.0 (2011), Sept. 30, 2011, 2 p.m. (50 minutes).

Somewhere between the down in the trenches day to day operations of IT security and the high level, watered down strategies consumed and regurgitated by the CxO community, there lies some ground truths in what’s occurring in the information security universe.

“What’s the best firewall to buy?” and “How to I configure it?” aren’t as important questions as “What does a firewall really buy me given the current threat environment?” Conversely “What percentage of my IT budge is spent on security?” isn’t as important as “Am I spending my money in a manner that protects my assets as effectively as required for my business?” and “How have I adapted from the ‘defend everything’ to ‘accept compromise and worry about detection and mitigation’ mindset?”

It’s easy to get caught up in the weeds of the currently state of infosec. It’s a highly dynamic field and the specific threats and products change daily. However, the ground truth of what’s really going on changes much more slowly. By paying attention to the important truths of IT security, you can focus on the important aspects of securing what you really care about and not get lost in the details that simply waste time and cloud the real problems.


Presenters:

  • Bruce Potter / @gdead as Bruce Potter (gdead)
    Bruce Potter is the CTO and cofounder of Ponte Technologies. Mr. Potter has extensive experience assisting clients who are dealing with advanced threats against their IT infrastructure. Over the last several years, Mr. Potter has lead teams focused on incident response and attack remediation, software development of advanced defensive technologies, and IT security architecture and purchasing strategy. Prior to founding Ponte Technologies, Mr. Potter held several jobs focused on security and network operations including managing advanced security solution devilery for Booz Allen Hamilton managing network and security operations for Network Solutions and CTO for a transaction processing startup in Anchorage, Alaska. Mr. Potter has coauthored a number of books including ” 802.11 Security” and “Mastering FreeBSD and OpenBSD Security” published through O’Reilly. Mr. Potter also regularly writes articles and presents at a wide variety of security conferences. Mr. Potter is the founder of The Shmoo Group of security, crypto, and privacy professionals. Through The Shmoo Group, Mr. Potter assists with a number of open source projects and the yearly ShmooCon security conference held in Washington, DC.

Similar Presentations: