An Ant in a World of Grasshoppers

Ellen Cram Kowalczyk, Microsoft


Why do products still enter the market with easily-found security issues? Why are people still falling for phishing emails? Why do we still have trouble convincing people to patch their systems? Why do companies and governments keep leaking out important PII? We security experts sometimes think that pointing out the obvious flaws will prevent these issues, but somehow that isn’t always the case. Clearly, we have a disconnect somewhere.

This talk will examine why implementing good security and security practices is so hard, and the tradeoffs that cause people to invest less than we think they should. We will cover how we can close the gap between discovery and action, including real world examples of people adopting useful solutions. We will go through specific methods of how to engage people on security in a way that leads to action. Finally, we will look at the changing threat landscape and the critical areas in need of intervention, and how you can increase security adoption in those around you.

Ellen Cram Kowalczyk, Microsoft

Ellen Cram Kowalczyk is a long time security practitioner with a specialization in human factor security including social engineering. She is currently focused on blue team activities for Microsoft Azure. Previously, she has held various roles in large organizations, including leading the AWS EC2 Security team at Amazon, and the AppSec, Usable Security/Fraud and Abuse teams at Microsoft. She most recently spent a year starting her own company focused on programmatic social engineering solutions. She has spoken at many conferences including RSA and multiple B-Sides. Ellen lives in Seattle with her family and two ridiculous French Bulldogs.

@conference {206489,
author = {Ellen Cram Kowalczyk},
title = {An Ant in a World of Grasshoppers},
year = {2017},
address = {Vancouver, BC},
publisher = {USENIX Association},
month = aug

Presentation Video