»14 Easy Lessons for Thinking About Complex Adversarial Systems«
2018-10-17, 13:00–13:20, Europe

This talk will share a set of tools for thinking about complex adversarial systems (and define why that's a useful frame for all security folks), plus give pointers for where to find more useful ways of thinking.

You can approach security work as a series of one-off technical problems, either as an attacker or a defender. While this is fine for finding bugs, it's not very useful for either securing or attacking an organization at scale, and it tends to fail when you have to interact with humans. Everyone who works in security finds patterns in their work, and scaling up or orchestrating those patterns is a big part of how we make progress, even if it's just scripting the exact same tasks we'd do manually. We often focus on the practical and the low-level, though, and don't spend enough time looking at those patterns. In this talk, I'll share a few easy lessons on how to think about our practice that should be useful for security folks from any discipline.