This is quite possibly the best keynote that i have ever seen. My colleague Tero asked “how many CISOs do you know who could give a talk like this?” and my response was “how many security pros do you know who could?”. The truth is, there isn't a lot of people in security (or otherwise) with insights like this.
One thing that especially caught my attention: at one point, Alex talks about that some companies writing a web app, then buying a WAF to secure the web app, and then hiring a consultant to come in and install and configure the WAF, and after that the web app is "reasonably secure". Here’s the thing; this might be true in the US but in large parts of the rest of the world, that consultant will be a sales engineer-type who is actually a *nix sysadmin and who may be great at Linux but doesn’t now shit about web apps. The reason for this, as most people know, is that security shelf products are often marketed and sold as self-playing pianos, so someone who has “BigIP” or “Imperva” as a LinkedIn skill most likely knows a lot about installing and operating the product, but not a lot about what the product actually does. Bottom line; that web app is not even reasonably secure. (shameless self-promotion: I wrote a post related to that subject a while back: http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-short age) Andreas On 2015-02-09 16:15, "Dave Aitel" <[email protected]> wrote: >https://www.youtube.com/watch?v=-1kZMn1RueI > >Just an unexpectedly GREAT keynote by Alex Stamos. I mean, not that I >thought he would give as crappy keynote, but in fact, good keynotes are >few and far between even when people have it in them. > >Even the Q&A section is great. So go watch it now. He comments a bit on >FireEye, Incident Response, Application Security. > >-dave > > >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
