of 48 /48

Click here to load reader

The Cavalry Is Us

  • Author

  • View

  • Download

Embed Size (px)


The Cavalry Is Us. Protecting The Public Good. The Cavalry is us Protecting the public good. Nicholas J. PercocoJoshua Corman @[email protected] joshcorman. Nicholas J. Percoco. Director, Information Protection KPMG LLP Advanced Threat Defense, Security Research - PowerPoint PPT Presentation

Text of The Cavalry Is Us

The Cavalry Isnt Coming

The Cavalry Is UsProtecting The Public GoodThe Cavalry is us

Protecting the public goodNicholas J. PercocoJoshua Corman @[email protected] J. Percoco Director, Information Protection KPMG LLP Advanced Threat Defense, Security Research THOTCON founder, Ran SpiderLabs

Joshua Corman Director, Security Intelligence Akamai Father, Husband, Citizen Adversaries, DevOps, Internet of ThingsRugged Software, Building a Better Anonymous

Agenda Why are we here? Where have we been? Where are we going? How can you get involved?

Why are we Here?Chapter 1The beauty of Rock Bottom

Nicks DreamsJoshs Sharks

CC : From: http://www.flickr.com/photos/maiabee/2760312781/

From: http://www.flickr.com/photos/maiabee/2760312781/CC status: share with attributionCredit: Maia Valenzuela


We gave a TALKImportant Things Body Mind SoulHuman Life Vs. Digital Life


Original Model by Joshua Corman

15LifeRightsCritInfrIPPIICCNREPLACEABILITYOriginal Model by Joshua Corman

16Which Browser Is Most Secure?

Which MOBILE Is Most Secure?

Which Car Is Most Secure?

Which Insulin pump Is Most Secure?

SOURCE: http://www.startribune.com/business/225601262.html

20Which THING Is Most Secure?

Someone will come to the Rescue before its Too LateThe Cavalry Isnt ComingITs Up To UsConverging upon Focusing on security that affects personal lives Getting outside the echo chamber Teaming w/ stake holders in the public Technically literate ambassadors of our trade Making the issues accessible Getting results!Where have we been?Chapter 2TIMELINE8/13BSidesLVDEF CON 219/13DerbyConCongress10/13LASCON



Scope is in Blue narrowing from All Body Mind Soul to a manageable Mission/Vision/Goals/Plan27TIMELINE8/13BSidesLVDEF CON 219/13DerbyConCongress10/13LASCON



Scope is in Blue narrowing from All Body Mind Soul to a manageable Mission/Vision/Goals/PlanParticipation/Support is in Purple28Journey(S) Hobby->Profession->Lives (2) Personal Rock Bottom->Find Others (Shared Concerns/Identity (100) Discovery->Missions/Goals/Plans (300) Execution->Teaming with Concern Citizens (1000s)29Derbycon 2013: First Meeting Sept 28 + 29 100+ hackers Enough flipchartsand deodorant Thanks, Dave Kennedy!

Derbycon 2013: Facilitators/SMEsAndrea Matwyshyn (Legal)*Adam Brand (Structure)Beau Woods (Approach)Chort0 (Guild)Craig Smith (Auto)Emily PienceJay Radcliffe (Medical)Josh Corman Katie Moussouris (k8em0)Space Rogue (Media)* Guest Speaker31Derbycon 2013: Agenda What conditions exist that we dont like? What are the causes of the conditions? What should be done to eliminate the causes?Derbycon 2013: AREAS Medical Auto Law Media

33Derbycon 2013: Outcomes Knowledge sharing about what is going on Tons of new ideas on how to solve problems More agreement than differencesLinks to Videos/PODCASTS BSIDES LV 2013 - http://bit.ly/16YbpC1 DEF CON 21 - DERBYCON 2013 - http://bit.ly/1fYUCVI LASCON 2013 - LOOPCAST Ep 88- http://bit.ly/1a41cpk SOUTHERN FRIED SECURITY Ep 115 - http://bit.ly/1amYdbC PAULDOTCOM Ep 352 - http://bit.ly/1fzaqgP TEDx Sharks/Security/IoT - http://bit.ly/1bBB6JR

35Where are we going?Chapter 3Organize, For Action American Bar Association American Medical Association What do we have to be?Could We, SHOULD WE Do good through targeted research Get the right message out (media teaming) Change or prevent bad cyber security laws Education and Awareness

This Will Never Work We are techiesNot safety people, not PR people, not lawyers Screw themWe told them, but they wouldnt listen The problems are too largeThe war was lost a long time agofinding common ground? WHAT? WHEN? HOW? Chances of Success/Failure

Still to Work onIdentityMission What we exist to do (started at Derby)Values What we believeNature What form we will take/what our core work isVisionWhat we want to achieve and by whenWhat we intend to look like in X yearsPlanWhat we need to do and by whenHow do you get involved?Chapter 4UPCOMING EVENTS December: Microsoft BlueHat January: ShmooCon / OWASP AppSec CA March: RSA Conference 2014 (?) April: THOTCON 0x5 / SOURCE Boston (?) Also, many BSides globally August: Adjacent to Black Hat / DEF CONWe Need You Experience with medical device, auto industries Media wrangling expertise Lobbying/Policy experienceOrganizational/Visual skills or just passion to help

How to Get involved - OWASP Breakers Builders Citizens Parents/Guardians Community Leaders/Bloggers/Podcasters/etc

Ideas, comments, Help @iamthecavalry Google Group:http://bit.ly/thecavalry Never Doubt that a Small group of thoughtful, committed citizens can change the world; Its the Only thing that ever has.

- Margaret MEAD(an American cultural anthropologist)Security of ConsequenceFin