How to Treat Your Hacker (and Responsible Vulnerability Disclosure)

Presented at BSidesLV 2019, Aug. 7, 2019, 10 a.m. (55 minutes)

Imagine:

Someone just called your organization's switchboard (the only phone number they could find) and declared they had discovered what they think is a serious security problem in your product or service. They said they are planning to publish the information soon, but wanted to call you first.

What would your organization do with such advanced notice?

Presenters:

• Monta Elkins
  Monta Elkins is "Hacker-in-Chief" for FoxGuard Solutions, an ICS patch information provider. A security researcher/consultant and U.S. patent grantee, he is considered by many of his friends to be the Chuck Norris of ICS Cybersecurity. Monta has been a speaker at more security conferences than even his enormous ego can remember including: DEFCON, CS3STHLM, BSIDES, GE Digital Energy, ICSJWG, Toshiba ICS, GridSecCon, ICS CyberSecurity, UTC Telecom, SANS ICS Summit and was named Cybersecurity Professional of the Year by EnergySec. In his spare time, Monta creates the totally-safe-for-work ""Coke and Strippers"" electronic projects YouTube channel https://tinyurl.com/y6vpmbw4 Monta is the author of "Defense Against the Dark Arts" hands-on hacker tools and techniques classes, and a Certified SANS instructor. He is also a guest lecturer for colleges, universities and elsewhere. As a small child, he entertained himself by memorizing Pi - backwards.

Similar Presentations:

• GrrCON 2013 / BOHICA: Your users, your problem.
• GrrCON 2013 / Are your security devices secure? Are they defensible?
• THOTCON 0x3 (2012) / How I fucked your grandma