Level Up Your Security Mindset

Conference:  BlackHat EU 2018



The presentation discusses the challenges faced by security professionals in protecting organizations against cyber threats and the need to align security missions with business goals.
  • The increasing size and scope of technology poses a threat to security professionals
  • Security professionals need to align their mission with the business units they serve
  • Offensive capabilities alone cannot protect an organization
  • The skills gap in the cybersecurity community is a global problem that needs to be addressed
  • Diversity in team backgrounds and skillsets can help solve the skills gap
  • Internships can provide a source of new ideas untainted by company politics
  • Security professionals need to provide business education to their teams
The speaker emphasizes the need for security professionals to align their mission with the business units they serve. Security is often viewed as a cost center rather than a profit center, and therefore, security professionals need to work with other business units to make money for the company. The speaker warns against security nihilism, which argues that if a system is not super secure against unrealistic attacks, it should not exist. However, making things more difficult for attackers has value, as it can cost them money to send spam or force them to burn an o day to gain access to data. Balancing risk is crucial in protecting organizations against cyber threats.


We live in a world of constant change, so why is it the people who obsess about the latest and greatest are often the most resistant to change? Is security incompatible with modern environments in which it serves? On the other hand, just sprinkle some "quantum machine learning blockchain" on all our problems and everything is magically solved. Where is the balance? Relying on traditional gates, complex solutions, and worst case scenarios leave security as the anchor dragging behind the boat instead of the reinforced hull we are supposed to be. If we are going to be successful, it's going to take a significant upgrade to our mindset applying the right mixture of collaboration, innovation, and technology driven by real risk, not the worst case scenarios we have traditionally prepared for. We can't be the people who work behind the scenes and say "no" to everything. Changing our mindset and approach allows us to adapt along with the pace of business and gives us the right solution for the right situation.



Post a comment

Related work

Authors: Doron Podoleanu, Daniel Rouhana, Emma Dickenson

Conference:  Defcon 31
Authors: Matthew Harris Student, Medford Vocational Technical High School, Noah Gibson, Scott Campbell, Zachary Bertocchi

Conference:  Defcon 26