The Cavalry Is Us: Protecting the public good

Presented at AppSec USA 2013, Nov. 20, 2013, noon (50 minutes)

Video of session: https://www.youtube.com/watch?v=aXMcLO4dNwQ&list=PLpr-xdpM8wG8ODR2zWs06JkMmlRiLyBXU&index=2 Speaker(s): Joshua Corman and Nicholas Percoco Description: In the Internet of Things, security issues have grown well beyond our day jobs. Our dependence on software is growing faster than our ability to secure it. In our efforts to find the grown-ups who are paying attention to these risks, one painful truth has become clear: The Cavalry Isn¹t Coming. Our fate falls to us or to no one. At BSidesLV and DEF CON 21, a call was made and many of you have answered. At DerbyCon, we begin the work of shaping our futures. Here at AppSec, we have the opportunity to level-up and reframe our role in all of this. As the initiated, we face a clear and present danger in the criminalization of research, to our liberties, and (with our increased dependence on indefensible IT) even to human safety and human life. What was once our hobby became our profession and (when we weren¹t looking) now permeates every aspect of our personal lives, our families, our safetyŠ Now that security issues are mainstream, security illiteracy has lead to very dangerous precedents as many of us are watching our own demise. It is time for some uncomfortable experimentation.   This session will both frame the plans to engage in Legislative, Judicial, Professional, and Media (hearts & minds) channels and to organize and initiate our ³constitutional congress² working sessions.  The time is now. It will not be easy, but it is necessary, and we are up for the challenge.   It¹s high time we make our dent in the universe. For background, please watch the video of the launch of @iamthecavalry : http://bit.ly/16YbpC1 > Join the conversations also at: google group: https://groups.google.com/d/forum/iamthecavalry

Presenters:

  • Nicholas J. Percoco - Director, Information Protection - KPMG
    With more than 16 years of information security experience, Nicholas is a Director in KPMG's Information Protection practice. Prior to KPMG, Percoco led the global SpiderLabs organization for more than a decade that performed more than 2000 computer incident response and forensic investigations globally, ran thousands of ethical hacking and application security tests for clients, and conducted bleeding-edge security research to improve Trustwave's products. Prior to joining Trustwave, Percoco ran security consulting practices at VeriSign, and Internet Security Systems. In 2004, he drafted an application security framework that became known as the Payment Application Best Practices (PABP). In 2008, this framework was adopted as a global standard called Payment Application Data Security Standard (PA-DSS). As a speaker, he has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public (Black Hat, DEFCON, SecTor, and OWASP) and private audiences (Including DHS, US-CERT, Interpol, United States Secret Service) throughout North America, South America, Europe, and Asia. Percoco and his research has been featured by many news organizations including: The Washington Post, eWeek, PC World, CNET, Wired, Hakin9, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times and The Wall Street Journal. In 2011, SC Magazine named Percoco Security Researcher of the Year. In addition, he was inducted into the inaugural class of the Illinois State University College of Applied Science and Technology Academy of Achievement. Percoco is a member of the Dean's Advisory Board for The College of Applied Science & Technology at Illinois State University and a co-creator on the planning committee of THOTCON, a hacking conference held in Chicago each year. He has a Bachelor of Science in Computer Science from Illinois State University.
  • Joshua Corman - Director of Security Intelligence - Akamai Technologies   as Josh Corman
    Joshua Corman is the Director of Security Intelligence for Akamai. Most recently he served as Research Director for Enterprise Security at The 451 Group. Mr. Corman's cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives. A staunch advocate for CISOs, Corman also serves as a Fellow with the Ponemon Institute, on the Faculty for IANS, co-founder of Rugged Software and was a Top Influencer of IT in NetworkWorld. Corman received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire.

Links:

Similar Presentations: