The InfoSec Theory of Everything

Presented at ToorCon San Diego 17 (2015), Oct. 24, 2015, noon (50 minutes).

The Infosec Theory of Everything is my attempt to describe the key issues we face with being a defender in the current cyber security climate, and whether, by unifying our data sources and rationalising our thoughts into a single model, we’re better equipped to resist the onslaught. In my opinion, this challenge is largely about reconciling both quantitative and qualitative data, irrespective of source, and being able to understand how each element works as well as how those elements interact with each other. This unification is what I see as the primary goal of the InfoSec Theory of Everything. My talk discusses the concept of applying models from physics and mathematics, what this would look like, the issues it would address and whether it’s even worth trying.


Presenters:

  • Lawrence Munro as Lawrence Munro / @Pentesticles
    Lawrence has over eleven years’ experience in IT, with more than nine directly focused on Information Security. He currently heads up SpiderLabs at Trustwave as Director for EMEA and APAC regions. A former Penetration tester specialising in Web Applications, Red Teaming and Social Engineering, Lawrence has also built and grown multiple Security Consultancy practices for the likes of KPMG and HP. He was also responsible for creating KPMG’s Red Teaming practice and has authored multiple simulated attack strategies for multi-national organisations. Lawrence has particular expertise within financial services, having created many strategies for top tier investment banks and integrated security assessment services into larger risk and threat models. Currently, Lawrence is studying part-time at Oxford University and is also regularly involved in the Hacking community, as a Director of B-Sides London. He also owns Hackarmoury.com and blogs at Pentesticles.com.

Similar Presentations: