<div dir="ltr">Great talk. The things you mentioned are indeed hard but some of the most obvious ones can't be solved through technical means ("box with blinking lights" is a case in point).<div><br></div><div>Our agenda for IS has been set by vendors from the beginning. Initially it was AV, then they shifted to IDS/IPS, then again to the endpoint security and now there are "inline AVs" as you put it. This back and forth game is going for so long since it profits the vendor and most of the time a few people within the Enterprise. The really smart folks are always Technical and don't make it too far up the organogram within a common organization.</div><div><br></div><div>The shortage of resources you mentioned, IMHO academia is a big culprit here. The people they churn out each year are more of philosophers than computer scientists (quote stolen from one of NSA's slides). Every profession needs on the job training but in case of IS the training required is so long by the time they are ready, one of their colleagues have moved to other places.</div><div><br></div><div>The problem of offensive-centric talks and "wow" factor will remain with us I think. It is not our exclusive problem. Unfortunately people are always fascinated by attacks and not so much by defense. For example, Gerard_Piqué won't be as famous as Christiano Ronaldo even though the former played a more important role in winning the world cup for Spain. I don't think we can get rid of this mentality any time soon.</div><div><br></div><div>In short, a brilliant talk. Thanks a lot for all the efforts you are putting to make things a little clear for the lost souls like me.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 9, 2015 at 11:31 PM, Haroon Meer <span dir="ltr"><<a href="mailto:haroon@thinkst.com" target="_blank">haroon@thinkst.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Hi all</div><div><br></div><div>This bounced about a bit on the twitters, but someone suggested I share it here: At Troopers15 I did a spot of navel-gazing under the title: "the hard thing about the hard things"</div><div><br></div><div>The talk touches on some problems that we think slip under the radar (and some problems that we think are worth aiming at). Amongst other things, it aims to encourage more people to try their hands at playing Defense.</div><div><br></div><div>The video of the talk is on YouTube here:</div><div><a href="https://www.youtube.com/watch?v=rarpym8JJXQ" target="_blank">https://www.youtube.com/watch?v=rarpym8JJXQ</a></div><div><br></div><div>With slides available on our site here:</div><div><a href="http://thinkst.com/stuff/troopers15/thinkst-troopers-2015-no-notes.pdf" target="_blank">http://thinkst.com/stuff/troopers15/thinkst-troopers-2015-no-notes.pdf</a></div><div><br></div><div>Thoughts, comments, feedback (and muzzled ferrets?) are always welcome.</div><div><br></div><div>/mh</div><div><br></div><div>Ps. The talk leans heavily on quotes from smarter folks like Halvar, Dan Geer, Dino Dai Zovi & Brian Snow (so at least some parts of it are guaranteed to be worth listening to!)</div><div><br>__<span class="HOEnZb"><font color="#888888"><div>Haroon Meer</div><div><a href="http://thinkst.com/pgp/haroon.txt" target="_blank">http://thinkst.com/pgp/haroon.txt</a></div></font></span></div></div><br>_______________________________________________<br>
Dailydave mailing list<br>
<a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br>
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br>
<br></blockquote></div><br></div>