Handling Adversarial Working Relationships as a Security Professional presented at ShellCon.io 2020

by Daniel Crowley,

Summary : When you work in information security, not everyone is thankful for the job that you do. Frequently, you’ll have to work and communicate with people who really would prefer you’d just go away.We will enumerate some of the common adversarial scenarios you may find yourself in, such as handling vulnerability disclosure with a hostile vendor, or working for a team that doesn’t want a security test, but got one for regulatory reasons. We will also discuss how to identify that you’re in an adversarial scenario, and either get yourself out of it by correcting misconceptions about you and your work, or work through it, using strategies developed over a decade of penetration testing and vulnerability disclosure experiences.

Daniel Crowley: Daniel does pen testing, research, training, and various other things for Core Security Technologies. In his spare time, he plays around mostly with Web-based technologies and locks. Being an entertainer by nature, Daniel likes combining art with technology and his presentations are designed to inform AND entertain. Daniel was a speaker at Shmoocon VI and won the Gringo Warrior competition at Shmoocon V.