Locknote: Conclusions and Key Takeaways from Day 1

The Locknote presentation discussed the pressing issues facing the InfoSec community, particularly the responsibility for solving supply chain issues. The conversation also touched on the need for better communication and design for users, as well as the potential for automation to assist in threat hunting.

• The responsibility for solving supply chain issues is unclear, with some suggesting it lies with platform developers and others arguing it is the responsibility of those closest to the build environment.
• Automation can assist in threat hunting and help security teams focus on areas that matter.
• Better communication and design are needed to improve user experiences and prevent blame being placed on users.
• The complexity of the internet and the many potential vulnerabilities mean that any one issue could lead to a major security breach.
• Offense is often seen as more exciting than defense, but simple vulnerabilities like cross-site scripting and input sanitization can still cause major problems.

The conversation touched on the fact that blaming users for making the wrong trust decisions is not helpful, as it is often due to poor communication and design. An anecdote was shared about heart surgeons not knowing how to change the oil in their car, not because they are stupid, but because they are not mechanics. Similarly, users may not understand the complexities of cybersecurity and need better support and guidance.

Join members of the Black Hat Review Board for an insightful conversation on the most pressing issues facing the InfoSec community. This Locknote will feature a candid discussion on the key takeaways from day one and how these trends will impact future InfoSec strategies.