Duck and (Re)Cover - The missing link in the security evolution

Presented at BSidesLV 2019, Aug. 6, 2019, 11:30 a.m. (55 minutes)

I talk about the disturbing notpetya outbreak that hit and crippled (almost) all of the conglomerate A. P.Moller Maersk. I will address the many challenges and lessons learned encountered from both the business perspective and its information technology.

Then transition over to my 20+ year infosec journey using the Maersk war story as my base to go to Birdseye view and through those optics explain how and why I see us as having failed as an information security community and industry.

"Are you a security hobbyist or a security professional?" My opinion is most are security hobbyists and in my opinion in there lies the problem and but also parts of the solution. As a collective we very rarely venture outside our information security silo.

I will show how we can change from being self-indulgent and a tiny bit narcissistic to making us succeed in business arena. We speak security and risk with a very little or no business accent. We must learn to speak business with little or no IT accent. We must stop taking certifications and instead get business degrees. We must take the fight to the business and fight the battle on a business playing field.

Presenters:

• Peter Lidell
  Peter is an accomplished information security and risk management professional that for the past 20+ years has excelled in both the information security domain and the business domain. He has worked as an information security and risk management business leader in a variety of industries among others Maritime, Oil and Gas, Banking, Insurance and Food and Beverage. Peter is an expert practitioner of the discipline of collaboration across an organization to achieve desired goals. He has defined and executed (IT) information security and risk management strategies in some of the biggest and most complex global organizations and has always done so through the optics of the business strategy and with an inclusive holistic business approach.

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Business Developement: The best non-four letter dirty word in infosec.
• Black Hat USA 2013 / Practical Pentesting of ERPs and Business Applications
• Black Hat USA 2010 / Security is Not a Four Letter Word