We don’t need no security!

Presented at Still Hacking Anyway (SHA2017), Aug. 6, 2017, 7:10 p.m. (60 minutes)

Of course we will need security - but maybe not in the way we've 'always' done it. In this session we will explore whether a lot of what we consider to be part of security’s tasks, actually requires a separate organisation. #NetworkSecurity #PhysicalSecurity #DeviceSecurity Is having a designated CISO and team maybe the cause of some of our current problems? Is this perceived divide between us and the business maybe caused by the fact that we are indeed divided into separate teams? Is our focus on breaking things instead of offering solutions the reason why we only get consulted the day before go-live? Can we be more successful (both in terms of business and in terms of actual security) if we stop pretending what we do is very special and look for ways to just do the right thing bottom up - can we achieve elegant, scalable and ultimately invisible security? This session will draw on experiences and insights from other disciplines, like human-centered design, safety research and psychology but will also focus on technical ‘under the hood’ aspects of security. Drawing from these fields, I aim to outline what I think security should do to stay relevant and future-proof.

Presenters:

• Jelle Niemantsverdriet   as Jelle Niemantsverdriet (@jelle_n)
  Jelle Niemantsverdriet (currently Director Cyber Risk Services at Deloitte) is fascinated by the intersection of cybersecurity and other disciplines like human-centered design, safety research, marketing and data science. Having investigated some of the largest data breaches in the world, he has a pretty unique view of what happens when things go wrong in cybersecurity - both from a deep technical and a boardroom perspective. He aims to use that insight to build better and more secure teams, tools and businesses and strongly believes that can only be done by positioning the security organisation as a forward-looking, enabling, data-driven, fast-moving team instead of the traditional 'department of NO'. He is an experienced public speaker - recognised for using lively and non-standard presentation content and style - and has regularly commented on cybersecurity issues for both written media and radio/television. He is CISSP and CISM certified and holds an MSc in Artificial Intelligence and an MBA from the University of Chicago – Booth School of Business. Originally from the Netherlands, he has lived for 7 years in the United Kingdom and has worked extensively across the Americas, Europe, the Middle East and in Asia

Links:

• https://program.sha2017.org/events/217.html

Similar Presentations:

• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??
• BruCON 0x08 (2016) / Security through design - Making security better by designing for people
• Black Hat USA 2016 / Security Through Design - Making Security Better by Designing for People