The Cavalry Is Us. Protecting The Public Good. The Cavalry is us Protecting the public good. Nicholas J. PercocoJoshua Corman @c7five@ joshcorman. Nicholas J. Percoco. Director, Information Protection KPMG LLP Advanced Threat Defense, Security Research - PowerPoint PPT Presentation
The Cavalry Isnt Coming
The Cavalry Is UsProtecting The Public GoodThe Cavalry is us
Protecting the public goodNicholas J. PercocoJoshua Corman @c7five@joshcormanNicholas J. Percoco Director, Information Protection KPMG LLP Advanced Threat Defense, Security Research THOTCON founder, Ran SpiderLabs
Joshua Corman Director, Security Intelligence Akamai Father, Husband, Citizen Adversaries, DevOps, Internet of ThingsRugged Software, Building a Better Anonymous
Agenda Why are we here? Where have we been? Where are we going? How can you get involved?
Why are we Here?Chapter 1The beauty of Rock Bottom
Nicks DreamsJoshs Sharks
CC : From: http://www.flickr.com/photos/maiabee/2760312781/
From: http://www.flickr.com/photos/maiabee/2760312781/CC status: share with attributionCredit: Maia Valenzuela
We gave a TALKImportant Things Body Mind SoulHuman Life Vs. Digital Life
Original Model by Joshua Corman
15LifeRightsCritInfrIPPIICCNREPLACEABILITYOriginal Model by Joshua Corman
16Which Browser Is Most Secure?
Which MOBILE Is Most Secure?
Which Car Is Most Secure?
Which Insulin pump Is Most Secure?
20Which THING Is Most Secure?
Someone will come to the Rescue before its Too LateThe Cavalry Isnt ComingITs Up To UsConverging upon Focusing on security that affects personal lives Getting outside the echo chamber Teaming w/ stake holders in the public Technically literate ambassadors of our trade Making the issues accessible Getting results!Where have we been?Chapter 2TIMELINE8/13BSidesLVDEF CON 219/13DerbyConCongress10/13LASCON
Scope is in Blue narrowing from All Body Mind Soul to a manageable Mission/Vision/Goals/Plan27TIMELINE8/13BSidesLVDEF CON 219/13DerbyConCongress10/13LASCON
Scope is in Blue narrowing from All Body Mind Soul to a manageable Mission/Vision/Goals/PlanParticipation/Support is in Purple28Journey(S) Hobby->Profession->Lives (2) Personal Rock Bottom->Find Others (Shared Concerns/Identity (100) Discovery->Missions/Goals/Plans (300) Execution->Teaming with Concern Citizens (1000s)29Derbycon 2013: First Meeting Sept 28 + 29 100+ hackers Enough flipchartsand deodorant Thanks, Dave Kennedy!
Derbycon 2013: Facilitators/SMEsAndrea Matwyshyn (Legal)*Adam Brand (Structure)Beau Woods (Approach)Chort0 (Guild)Craig Smith (Auto)Emily PienceJay Radcliffe (Medical)Josh Corman Katie Moussouris (k8em0)Space Rogue (Media)* Guest Speaker31Derbycon 2013: Agenda What conditions exist that we dont like? What are the causes of the conditions? What should be done to eliminate the causes?Derbycon 2013: AREAS Medical Auto Law Media
33Derbycon 2013: Outcomes Knowledge sharing about what is going on Tons of new ideas on how to solve problems More agreement than differencesLinks to Videos/PODCASTS BSIDES LV 2013 - http://bit.ly/16YbpC1 DEF CON 21 - DERBYCON 2013 - http://bit.ly/1fYUCVI LASCON 2013 - LOOPCAST Ep 88- http://bit.ly/1a41cpk SOUTHERN FRIED SECURITY Ep 115 - http://bit.ly/1amYdbC PAULDOTCOM Ep 352 - http://bit.ly/1fzaqgP TEDx Sharks/Security/IoT - http://bit.ly/1bBB6JR
35Where are we going?Chapter 3Organize, For Action American Bar Association American Medical Association What do we have to be?Could We, SHOULD WE Do good through targeted research Get the right message out (media teaming) Change or prevent bad cyber security laws Education and Awareness
This Will Never Work We are techiesNot safety people, not PR people, not lawyers Screw themWe told them, but they wouldnt listen The problems are too largeThe war was lost a long time agofinding common ground? WHAT? WHEN? HOW? Chances of Success/Failure
Still to Work onIdentityMission What we exist to do (started at Derby)Values What we believeNature What form we will take/what our core work isVisionWhat we want to achieve and by whenWhat we intend to look like in X yearsPlanWhat we need to do and by whenHow do you get involved?Chapter 4UPCOMING EVENTS December: Microsoft BlueHat January: ShmooCon / OWASP AppSec CA March: RSA Conference 2014 (?) April: THOTCON 0x5 / SOURCE Boston (?) Also, many BSides globally August: Adjacent to Black Hat / DEF CONWe Need You Experience with medical device, auto industries Media wrangling expertise Lobbying/Policy experienceOrganizational/Visual skills or just passion to help
How to Get involved - OWASP Breakers Builders Citizens Parents/Guardians Community Leaders/Bloggers/Podcasters/etc
Ideas, comments, Help @iamthecavalry Google Group:http://bit.ly/thecavalry Never Doubt that a Small group of thoughtful, committed citizens can change the world; Its the Only thing that ever has.
- Margaret MEAD(an American cultural anthropologist)Security of ConsequenceFin