Hackers of India

LOCKNOTE:THE HAND THAT STRIKES, ALSO BLOCKS

By  Saumil Shah  on 21 Apr 2023 @ Hitb Sec Conf


Presentation Material

Abstract

“We are not so different, you and I. We’ve both spent our lives looking for the weaknesses in one anothers’ systems.”

– George Smiley, Tinker, Tailor, Soldier, Spy

For over two decades, working as an cybersecurity entrepreneur, researcher and instructor, I have heard over and over again that attacks and defense are two sides of the same coin. But what does it really mean in application? What happens when sophisticated attacks collide with sophisticated defenses? Who wins?

This is talk is aimed at a wide audience in cybersecurity – from the strategists to the practitioners. We will discuss Evolution, Attacks, Defense and PEBKAC. What factors shall affect the posture of trustworthiness and safety in the digital world in the next two years to come depend largely on the road we have followed over the past two decades. This talk looks above and beyond, albeit optimistically, about realigning some of the conventional approaches, slowly but strategically shifting mindsets of stakeholders and consumers alike, to bring about a more proactive approach to security.

Come with an open mind, and stay back to participate in an engaging Q&A session at the end.

AI Generated Summarymay contain errors

The speaker is reflecting on their experience in the security industry, in Amsterdam, , and how they’ve been doing things the same way for years. They emphasize the importance of investing in people’s capabilities rather than just products, and being mindful of technical debt.

They also advise small businesses to get up to speed with security by renting services, (e.g., cloud services), being vigilant about transactions, and responding quickly to any issues that arise.

Additionally, they highlight the role of open source software in facilitating a shift in mindset about security. While adoption of open source is great for rapid improvement, it’s essential to remember that open source software isn’t inherently more secure than closed-source software and should be treated with the same level of scrutiny.

To get out of this Catch-22, they recommend auditing, fuzzing, testing, and improving open source software to ensure its security quality.