<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta content="text/html;charset=UTF-8" http-equiv="Content-Type"></head><body ><div style='font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif;'><div>Hey,</div><div><br></div><div>While I (as you know) largely agree with your message, I think it needs to be defined a bit better than just "playing defense". Terms like this sounds a lot like "enterprise security", which I suspect to a lot of people sounds a lot like building firewall clusters and pushing AV signature updates. Not exactly a good way of winning over offensive talent. :)</div><div><br></div><div>Personally, I don't think it's about choosing sides but rather to get both breakers and builders more focused on coming up with mitigations that cover the bigger picture of issues rather than the usual bug-whack-a-mole. The fact that "patch" is still the go-to advice for vulnerability mitigation says a lot of how far we have (not) come in this area.</div><div><br></div><div>My 5 cents.</div><div><br></div><div>Andreas</div><div><br><div></div></div><div><font size="2"><br><br></font></div><div><font size="2">---- On Thu, 09 Apr 2015 20:31:26 +0200 Haroon Meer<<a href="mailto:haroon@thinkst.com" target="_blank">haroon@thinkst.com</a>> wrote ----</font></div><div><font size="2"><br></font></div><blockquote><div dir="auto"><div>Hi all</div><div><br></div><div>This bounced about a bit on the twitters, but someone suggested I share it here: At Troopers15 I did a spot of navel-gazing under the title: "the hard thing about the hard things"</div><div><br></div><div>The talk touches on some problems that we think slip under the radar (and some problems that we think are worth aiming at). Amongst other things, it aims to encourage more people to try their hands at playing Defense.</div><div><br></div><div>The video of the talk is on YouTube here:</div><div><a href="https://www.youtube.com/watch?v=rarpym8JJXQ" target="_blank">https://www.youtube.com/watch?v=rarpym8JJXQ</a></div><div><br></div><div>With slides available on our site here:</div><div><a href="http://thinkst.com/stuff/troopers15/thinkst-troopers-2015-no-notes.pdf" target="_blank">http://thinkst.com/stuff/troopers15/thinkst-troopers-2015-no-notes.pdf</a></div><div><br></div><div>Thoughts, comments, feedback (and muzzled ferrets?) are always welcome.</div><div><br></div><div>/mh</div><div><br></div><div>Ps. The talk leans heavily on quotes from smarter folks like Halvar, Dan Geer, Dino Dai Zovi & Brian Snow (so at least some parts of it are guaranteed to be worth listening to!)</div><div><br>__<div>Haroon Meer</div><div><a href="http://thinkst.com/pgp/haroon.txt" target="_blank">http://thinkst.com/pgp/haroon.txt</a></div></div>_______________________________________________<br>Dailydave mailing list<br><a href="mailto:Dailydave@lists.immunityinc.com" target="_blank">Dailydave@lists.immunityinc.com</a><br><a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br></div></blockquote></div></body></html>