Building Bridges: Forcing Hackers And Business To Hug It Out presented at SOURCE Barcelona 2010

by Chris Nickerson (Lares), Andrew Hay (The 451 Group),

Tags: Security Others Business


Summary : Hackers and business decision makers rarely see eye-to-eye. There has historically been a great chasm separating the views of business decision makers who pay the bills and the in-the-trenches security practitioners who perform the work. This epic battle has taken a toll on the security of many environments as businesses focus on operations and "hackers" focus on the symptomatic issues directly in front of them. This talk serves to open the dialogue between both groups in an attempt to find some common ground and understanding. Beginning with raising the "hackers" awareness to business concerns and how business guides the path to security, we hope to bring a fresh perspective on how to position their concerns. This alone may build a bridge and allow them to receive the support they have always craved. After we address this daunting task, we will turn light to the business aspect. In this section, we will give the business professionals a unique view into the mind of a security professional. Yes, the ones who throw a fit because a screen shot of some black and green screen with text on it is "bad." We will give you a behind the scene connection explaining why they are reacting the way they are and how having that emotion is a massive benefit to the business (and not just a cost). At the end of the day, the business and the hacker have the same goals; we all want to secure the business. We may have different drivers and motivators but a common goal exists. We will extend the olive branch to both sides and hope that this talk will inspire others to do the same.

Chris Nickerson: Chris Nickerson is a (CISSP) whose main area of expertise is focused on Red Team Testing and Infosec Testing. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Sr. Security Architect and Compliance Manager at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activities of actual Red Team tests and active assessments. Chris is also the co host of the Exotic liability Podcast.

Andrew Hay: Andrew Hay is a Senior Security Analyst with The 451 Group's Enterprise Security Practice. He is a veteran information security practitioner with more than 10 years of experience related to endpoint security, log management, vulnerability assessment, penetration testing, forensics, incident response and enterprise security information management (ESIM).