Opening Keynote: Words Have Meanings presented at CircleCityCon 2017

by Dan Tentler,

Summary : Getting your point across is important. Clear communications are essential. Why is the information security industry packed full of buzzwords, catchy phrases, logos for bugs and jargon that doesn't make sense? Information Security is not only a difficult line of work to get into, it's difficult to navigate once inside. Every different vendor has their own "language", different compliance regulatory bodies have jargon as well, which isn't congruent, and most of which is entirely made up, or completely false. Nobody can agree on whether certs matter or not. Charlatans and plagiarists sound exactly like 10-year-weathered veterans. Dozens of security organizations routinely confuse "Red Team Assessments" with "Vulnerability Scans" and "Pen Tests". Words seemingly have no meaning anymore. How can we cope?
Like many other professions, communication is the foundation. If you can communicate effectively, you can make things happen. Conversely, use the wrong words, or mis-speak a few times, and the industry ceases to take you seriously. This is a massive problem if we as the security community intend on helping the public be safer and more secure together - everywhere from their phones, to their workstations, to their smart homes and embedded devices. How are they supposed to believe us if we don't sound like we know what we're talking about? Or if we perpetually contradict ourselves? Why is SQL injection a problem that's 25 years old? Why can nobody agree on if XSS is important or not? Why are "ping" and "sslv3" critical findings?
This presentation will cover some of the pitfalls, landmines, baits, traps, common misconceptions and hazards you can expect to encounter living the infosec life. You will be baited, hunted, attacked, trapped, trolled and victimized. People who have zero experience but can "talk the talk" will put your feet to the fire. You will be called out on contradicting yourself or being a hypocrite. All of this, while you are trying to help. The words you elect to use when communicating about security are directly responsible for your success in making your point. If you are sincerely interested in making a difference, but feel that you just aren't getting through to your audience, this talk is for you.