In Search of Security Shangri-la

Monday, October 28, 2019 - 9:45 am10:30 am

Rich Smith, Duo Security

Abstract: 

Security has never been a hotter topic in the mainstream than it is now, from data breaches impacting entire populations, through state sponsored adversaries destabilizing geopolitical norms, to Mr. Robot - the global appetite for "the cyber" seems insatiable. In a world run by software where we can no longer ignore the importance of security and privacy, why are organisations still struggling to effectively include security into their wider technology processes? Ask developers and ops engineers and you will quickly hear how painful security teams are to work with as well as how security’s requirements and approaches are often slow to evolve to new ways technology is used to drive business value.

As someone who has worked in the security industry for almost 20 years, I agree with them.

In this talk I’ll share my journey from hacker to practitioner, how I denounced the Church of No, and some of the lessons I’ve learnt in the hopes they will help us all take a small step towards the devsecops utopia we have been promised for so long is just around the corner.

The search for security Shangri-La is ongoing but the more of us who are looking the better progress we’ll make.

Rich Smith, Duo Security

Rich Smith is the Head of Duo Labs (now part of Cisco), supporting the advanced security research agenda for Duo Security. Prior to joining Duo, Rich was Director of Security at Etsy, co-founder of Icelandic red team startup, Syndis, and has held roles on security teams at Immunity, Kyrus, Morgan Stanley, and HP Labs.

Rich has worked professionally in the security space since the late 90’s in roles ranging across security research, building security organizations, security consulting, penetration testing, red teaming, exploit development, and attack tooling development. More recently, Rich co-authored a new book for O’Reilly titled Agile Application Security: Enabling Security in a Continuous Delivery Pipeline.

He has worked in both the public and private sectors in the U.S., Europe, and Scandinavia, and currently spends most of his time bouncing between Detroit, Reykjavik and New York City.

BibTeX
@conference {240898,
author = {Rich Smith},
title = {In Search of Security Shangri-la},
year = {2019},
address = {Portland, OR},
publisher = {USENIX Association},
month = oct
}

Presentation Video