Adaptation of the Security Sub-Culture

Presented at DerbyCon 6.0 Recharge (2016), Sept. 23, 2016, 5 p.m. (50 minutes).

Infosec is a lot like punk rock. We’re an odd sub-culture full of odd people driven by oddly intense passion. In response to increasingly sophisticated attacks, and a series of well televised breaches, the infosec industry has been calling for organizations to “change the security culture.” But like other sub-cultures we have issues communicating our ideas to the masses. We have a duty to evangelize for security in a way that doesn’t expect infosec militants but rather naturally grows a security culture from the bottom up. You can’t teach someone to like punk rock. But over time the Sex Pistols’ influence eventually led to Offspring, Green Day and Blink-182, and fans of those successful bands were not typically part of the die-hard punk rock sub-culture. Our culture can, and will, adapt this way. If we want to scale we also need to go pop - but we can’t do it overnight. We will give an introduction to complexity theory and the psychology of belonging to a sub-culture. We will show how you can grow your security team and broaden awareness with these ideas in mind - and organizational change is sure to fail.

Presenters:

Similar Presentations: