Automating The Shit Out Of Security

Presented at THOTCON 0x4 (2013), April 26, 2013, 2 p.m. (50 minutes).

Doing defense is hard. Time and budget are both limited resources . On top of that, many (most!) organizations are getting owned, not because the miscreants are talented, but because we aren't doing the basics very well. And why not? Because doing the basics if really really repetitive and boring. It's just not sexy so most people don't want to work on it. Repetitive tasks are not only boring, but are also error prone which makes the situation even worse. So let's automate the shit out of the boring stuff so we can focus on the complex and sexy stuff. Or as Ian Amit says, let's make defense sexy. I'll show you some cool ways to let computers do the stuff they are good at so we humans can do the stuff we are good at. Not only will there be sexy defense, but also (as is traditional) baked goods as well.


Presenters:

  • David Mortman
    David Mortman is the Chief Security Architect for enStratus and a Contributing Analyst at Securosis. Most recently he was the Director of Security and Operations for C3, LLC. Formerly the Chief Information Security Officer for Siebel Systems, Inc., David and his team were responsible for Siebel's worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and is leading up Siebel's product security and privacy efforts. Previously, Mr. Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, Mortman was a Security Engineer for Swiss Bank. Mr. Mortman is a regular speaker at RSA, Blackhat and Defcon. In the past year, he has presented at RSA, Secure360, Sector, Blackhat, Defcon and BruCon. Mr. Mortman sits on a variety of advisory boards including Qualys, Lookout and Virtuosi amongst others. He holds a BS in Chemistry from the University of Chicago.

Similar Presentations: