Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

She blinded me with science: Understanding misleading, manipulative, and deceptive cybersecurity

Josiah Dykstra (Department of Defense)
2:10pm–2:50pm Tuesday, October 31, 2017

Who is this presentation for?

  • CISOs, security practitioners, developers, cyber researchers, and students

Prerequisite knowledge

  • Familiarity or experience with reporting, marketing, and sales of third-party cybersecurity products

What you'll learn

  • Understand how people can be manipulated by the claims and marketing of cybersecurity products and services
  • Learn techniques to investigate and uncover manipulation before purchasing or adopting any third-party cybersecurity solution

Description

The 1980s pop song “She Blinded Me with Science” plays on the notion of deliberately hiding truth behind real or made-up facts. While there are amazing benefits of good science in everyday cybersecurity, not every scientific claim that you see in the news or from vendors is as reputable as it should be. Every day, people considering security solutions and products are misled, manipulated, or deceived by real and bogus science, wild claims, and marketing trickery.

Drawing on his book Essential Cybersecurity Science, Josiah Dykstra shares questions to ask and new techniques to help you spot and challenge these tactics before you buy or build another security product. Josiah discusses the dangers of manipulative graphics and visualizations that work through mental shortcomings and perception or because of the data they omit. Josiah then turns to recognizing and understanding scientific claims. Only one-third of Americans can “adequately explain what it means to study something scientifically.” Josiah explores the dangers of vendor-sponsored studies, surveys, and spurious (false) correlations. Josiah concludes by presenting clarifying questions for salespeople, researchers, and developers. Whether you’re chatting with colleagues, reading online news, or talking with an exhibitor at a conference, these questions can help you decide for yourself whether the product or results are valid.

Photo of Josiah Dykstra

Josiah Dykstra

Department of Defense

Josiah Dykstra is a senior researcher at the Department of Defense. He is known in the DoD and forensics communities for his work on network security, intrusion detection, malware analysis, digital forensics, and cloud computing. Josiah holds a PhD in computer science from the University of Maryland, Baltimore County, where his research focused on the technical and legal challenges of digital forensics for cloud computing. He is the author of the O’Reilly book Essential Cybersecurity Science. In 2017, he was awarded the Presidential Early Career Award for Scientists and Engineers.