Version Tomorrow is the first day of the rest of your life
lecture: We don’t need no security!
Of course we will need security - but maybe not in the way we've 'always' done it. In this session we will explore whether a lot of what we consider to be part of security’s tasks, actually requires a separate organisation.
#NetworkSecurity #PhysicalSecurity #DeviceSecurity
Is having a designated CISO and team maybe the cause of some of our current problems?
Is this perceived divide between us and the business maybe caused by the fact that we are indeed divided into separate teams?
Is our focus on breaking things instead of offering solutions the reason why we only get consulted the day before go-live?
Can we be more successful (both in terms of business and in terms of actual security) if we stop pretending what we do is very special and look for ways to just do the right thing bottom up - can we achieve elegant, scalable and ultimately invisible security?
This session will draw on experiences and insights from other disciplines, like human-centered design, safety research and psychology but will also focus on technical ‘under the hood’ aspects of security. Drawing from these fields, I aim to outline what I think security should do to stay relevant and future-proof.
- BruCON - security through design
- Black Hat - security through design
- DevON summit - security is dead