"Is security even important?" and other clickbait titles

C7bf554286ede7cb2786b5b19649c19b?s=47 Bea Hughes
September 29, 2018

"Is security even important?" and other clickbait titles

Bsides Toronto talk on whether security is actually important to business, or not.

C7bf554286ede7cb2786b5b19649c19b?s=128

Bea Hughes

September 29, 2018
Tweet

Transcript

  1. Besides To. (these will be up at SpeakerDeck.com/barnbarn a8er the

    show) @benjammingh for Besides To 2018 1
  2. Who's this clown? [^2] • Security Engineer at Stripe. •

    Infrastructure security at Etsy. • Infra stuff at Puppet (Labs). • Once wore shorts and skateshoes to Montreal in winter, because they're very smart. @benjammingh for Besides To 2018 2
  3. “IS SECURITY EVEN IMPORTANT?" AND OTHER CLICKBAIT TITLES @benjammingh for

    Besides To 2018 3
  4. "Of course it is you idiot, I paid $2,695 for

    an RSA 4cket" @benjammingh for Besides To 2018 4
  5. Cybersecurity Market Reaches $75 Billion In 2015; Expected To Reach

    $170 Billion By 2020 @benjammingh for Besides To 2018 5
  6. Again, real Freedom Dollars. @benjammingh for Besides To 2018 6

  7. • Cybersecurity Ventures predicts global cybersecurity spending will exceed $1

    trillion from 2017 to 2021 • Gartner forecasts global enterprise security spending will grow 8% to $96.3 billion I could go on... @benjammingh for Besides To 2018 7
  8. The people in security actually making money who aren't giant

    vendors @benjammingh for Besides To 2018 8
  9. The criminals! @benjammingh for Besides To 2018 9

  10. @benjammingh for Besides To 2018 10

  11. • Cybercrime Damages $6 Trillion By 2021 • Global ransomware

    damage costs are predicted to exceed $5 billion in 2017 • "Ransomware: Are health systems opening bitcoin wallets?" • Verizon Data Breach InvesKgaKons Report, in case you've been living under a rock • ThreatbuP's bePer version from 2016 @benjammingh for Besides To 2018 11
  12. So [cyber] security is a very serious business @benjammingh for

    Besides To 2018 12
  13. "The security of your data, the func3onality of your servers,

    and your confidence in Linode are extremely important to all of us." -Linode completely owned - 2016 @benjammingh for Besides To 2018 13
  14. "Earning your trust through the opera1on of a secure service

    will always be our highest priority." - Slack's breach report - 2015 @benjammingh for Besides To 2018 14
  15. "Your trust is a top priority for Target" - Message

    from Target CEO about being hella owned @benjammingh for Besides To 2018 15
  16. "Security is (our|a) (top|number one) priority at $company" @benjammingh for

    Besides To 2018 16
  17. How serious? @benjammingh for Besides To 2018 17

  18. Uber serious! @benjammingh for Besides To 2018 18

  19. Uber will pay $148M to US states to se5le claims

    from 2016 breach @benjammingh for Besides To 2018 19
  20. Uber net worth: $5.9b Uber net worth - $148M: $5.752b

    @benjammingh for Besides To 2018 20
  21. @benjammingh for Besides To 2018 21

  22. Did Uber throw its CSO under the bus? @benjammingh for

    Besides To 2018 22
  23. Fired Uber cybersecurity chief Joe Sullivan was just hired to

    run security at start-up Cloudflare @benjammingh for Besides To 2018 23
  24. Intel @benjammingh for Besides To 2018 24

  25. @benjammingh for Besides To 2018 25

  26. @benjammingh for Besides To 2018 26

  27. "[Intel] is off to an excellent start in the first

    half of the year and expects 2018 to be another record year" @benjammingh for Besides To 2018 27
  28. So.... No implica*ons for one of the largest and most

    ingrained vulnerabili*es in compu*ng, affec*ng pre9y much every device nearly ever made. In fact, they made more money, as they probably sold some more chips. @benjammingh for Besides To 2018 28
  29. Intel CEO Brian Krzanich Resigns... @benjammingh for Besides To 2018

    29
  30. Timing of $24 million stock sale by Intel CEO draws

    scru=ny Also note: “Security is job number one for Intel and our industry,” — Brian Krzanich @benjammingh for Besides To 2018 30
  31. "These processors are buggy as hell, and some of these

    bugs .... will ASSUREDLY be exploitable" — Theo "the people's pirate" de Raadt @benjammingh for Besides To 2018 31
  32. Intel CEO Brian Krzanich Resigns... ... over rela)onship with employee

    @benjammingh for Besides To 2018 32
  33. Sony (Pictures) @benjammingh for Besides To 2018 33

  34. Sony Pictures got a bit owned @benjammingh for Besides To

    2018 34
  35. @benjammingh for Besides To 2018 35

  36. "Sony administrators reportedly shut down much of its worldwide network

    and disabled VPN connec;ons and Wi-Fi access in an effort to control the intrusion" "the company had told him their email systems were down and they had been told to go home because the company's networks had been hacked" This isn't even the biggest Sony breach there's been. @benjammingh for Besides To 2018 36
  37. How data breaches affect stock market share prices • "In

    the long term, share prices con4nue to rise on average" • "Larger breaches had less of an impact on share price than smaller breaches" • "The sensi4vity of breached data had a less clear impact on share price in the long term" @benjammingh for Besides To 2018 37
  38. @benjammingh for Besides To 2018 38

  39. Other, different, examples @benjammingh for Besides To 2018 39

  40. "No security report in an M&A has ever stopped the

    sale, it's just lowered the price" — Rich Smith, 2015...ish? probably @benjammingh for Besides To 2018 40
  41. "So what are you saying Benjamin?" @benjammingh for Besides To

    2018 41
  42. Security is unlikely the most important thing your company does

    @benjammingh for Besides To 2018 42
  43. Shipping/selling product is probably more important @benjammingh for Besides To

    2018 43
  44. Security is a part of that, it is not all

    of that @benjammingh for Besides To 2018 44
  45. Security informs and advises the business @benjammingh for Besides To

    2018 45
  46. Security as a business unit, IS a compromise @benjammingh for

    Besides To 2018 46
  47. Your job is not to make everything 100% secure As

    then it would be impossible to do anything @benjammingh for Besides To 2018 47
  48. Your job is balance the risk trade- offs between your

    company being secure, and moving fast @benjammingh for Besides To 2018 48
  49. Examples: Alex Stamos @benjammingh for Besides To 2018 49

  50. Examples: Alex Stamos @benjammingh for Besides To 2018 50

  51. Alex Stamos • Le$ Yahoo! 2015 because of them working

    with NSA or FBI • Le$ Facebook 2018 due to, well, a lot @benjammingh for Besides To 2018 51
  52. Alex Stamos "The security team generally pushed for more disclosure

    about how na8on states had misused the site, but the legal and policy teams have priori8zed business impera8ves, said the people briefed on the ma<er." @benjammingh for Besides To 2018 52
  53. Alex Stamos So even the CSO at the top companies

    in the world, the ones who pioneer amazing security products (osquery, End to end encryp=on in WhatsApp) is not above compromise as a business unit. @benjammingh for Besides To 2018 53
  54. Ben, what doth this mean? This isn't a tale of

    them and us, this is sta2ng your job is help the business to its goals. @benjammingh for Besides To 2018 54
  55. Ben, what doth this mean? This again is not saying

    that security is unimportant or ignored, just not the be all and end all. @benjammingh for Besides To 2018 55
  56. Ben, what doth this mean? Security can be the centre

    of your world, it's not the centre of capitalism. @benjammingh for Besides To 2018 56
  57. Ben, what doth this mean? This is a good thing!

    @benjammingh for Besides To 2018 57
  58. Ben, what doth this mean? If /Dev(Sec)?Ops/ has taught us

    anything its talking and working together IS BETTER. @benjammingh for Besides To 2018 58
  59. Ben, what doth this mean? This is just a natural

    extension of this. @benjammingh for Besides To 2018 59
  60. We're done, thank the maker! Go forth and work with

    your teams and your company, not against them! @benjammingh for Besides To 2018 60
  61. • Twidder: @benjammingh • LinkedIn: lnkdin.me/p/benyeah • SpeakerDeck: speakerdeck.com/barnbarn •

    Stripe: Careers <--- Engineering blog @benjammingh for Besides To 2018 61