September 19–20, 2016: Training
September 20–22, 2016: Tutorials & Conference
New York, NY

It's the people, stupid

Jan Schaumann (The Internet)
2:25pm–3:05pm Thursday, 09/22/2016
DevOps Cognitive systems, Security Nassau Audience level: Intermediate
Average rating: *****
(5.00, 2 ratings)

What you'll learn

  • Explore defenses that take human motivation into account, including empathy, understanding attackers' motivations and goals, and knowing the limitations of technical solutions
  • Description

    Infosec failures are plentiful. Not a day goes by that we don’t face-palm or head-desk at how somebody else just did it wrong. Cryptography is implemented in the wrong way; systems are not updated; developers introduce command-injections or upload their keys to GitHub; and users reliably select the least secure defaults your interface will allow.

    Vendors sell us technical solutions, and we build tools and process data as if the problem could be solved with simple Vulcan logic. We even pretend secure systems could actually exist if only everybody else would listen to us.

    But this hasn’t worked out quite so well for us, has it? Jan Schaumann explains that it’s time we come to terms with the fact we can’t solve the (infosec) world’s problems until we understand how people interact with the systems we build. Information security is, at its heart, a people problem. We need to focus on the human component and understand the choices people (of all traits and in all interactions) make. Jan underlines and illustrates this important lesson and helps you better assess your security posture, as well as how you spend your scarce resources to fix what really matters rather than chase after the latest OpenSSL vulnerability.

    Photo of Jan Schaumann

    Jan Schaumann

    The Internet

    Jan Schaumann is an infrastructure and information security engineer and an adjunct professor of computer science. Jan has over 15 years of experience in both small-scale deployments and enormous high-availability infrastructures serving millions of users. Today he spends most of his time worrying about online privacy and infrastructure security and integrity. You can follow him on Twitter as @jschauma.

    Comments on this page are now closed.

    Comments

    Picture of Jan Schaumann
    09/11/2016 7:02pm EDT

    Interested? Help me prepare by filling out and forwarding this short, anonymous survey about Security Organization Effectiveness and Human Motivations: https://goo.gl/forms/V5hkZFEbTn17jCit1