Magical Thinking... and how to thwart it.

Presented at BSidesLV 2017, July 26, 2017, 3 p.m. (25 minutes)

For all the progress we've made - as a community, as an industry, as a discipline - describing the brittleness of our IT infrastructure and 'the shape of the beast' (what is this hacking stuff anyway?), we're not seeing much in the way of obvious returns in two key areas : procurement and policy. We know what's broken; we even mostly know how to fix it. We fight the good fight from the C-suite to Capitol Hill. Yet often we lose. Why? Behind nearly every poor choice in procurement or policy is some species of magical thinking. Not idiocy, not ignorance, not malice, but a logical error in determining causality. These are not complicated fallacies, nor particularly difficult to spot, but they are seductive, they are omnipresent. And, unfortunately, they are often profitable. They are also critical to our understanding of *why* broken things stay broken, and why evidence-based policies are so elusive. Attendees will explore imagined realities informing real policy and procurement decisions; they will additionally have the opportunity to learn and share battle-tested thwarting strategies.

Presenters:

• Mara Tam - Senior Fellow - Center for Advanced Studies on Terrorism (CAST)
  Mara is a Washington DC-based ICT security policy expert. Mara regularly serves as a private sector advisor to executive agencies on information security issues, focussing on the technical and strategic implications of regulatory and policy activity. Prior to her current roles, she was the Director of Government Affairs for HackerOne. Mara's background includes advanced degrees in cultural identity studies and modern history, as well as work in international security, counterinsurgency, and arms control. Her speaking credits include DEF CON, ShmooCon, TROOPERS, The Atlantic Council, the Federal Communications Bar Association, and an alphabet soup of think tanks. She is a proud contributor to FIRST Org's VRDX-SIG, BlackHoodie alumna, and recently-named Senior Fellow at the Center for Advanced Studies on Terrorism.

Links:

• https://bsideslv2017.sched.com/event/BNH2/magical-thinking-and-how-to-thwart-it
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Magical Thinking and how to thwart it - Ma.mp4
• https://infocon.org/cons/Security BSides/BSides Las Vegas/Bsides Las Vegas 2017/Magical Thinking and how to thwart it - Ma.eng.srt (subtitles)
• https://www.youtube.com/watch?v=JB9nVJcfdR8

Similar Presentations:

• DeepSec 2017 „Science First!“ / Hacking The Brain For Fun And Profit
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??
• Nuit du Hack 2015 / How to hack an old toy into a Mars rover