Description: Every day security professionals face off against adversaries who do not play by the rules. However, at every turn in life we are taught to never... ever... cheat. Traditional information security education and training programs further compound the problem by forcing students to behave in a flawlessly ethical manner else face expulsion and castigation. In our work we have been teaching people to cheat. As the Kobayashi Maru taught us, it is only by stepping outside the rules of the game that we can truly succeed against no-win scenarios, and today much of information security is a no-win scenario. This talk will cover how to foster creativity and cultivate an adversary mindset through carefully structured classroom cheating exercises. We.ll cover dozens of techniques and show you the best of our students. work from writing answers on ceiling tiles to engraving answers on a watch to creating a false book cover for Little Brother X. We.ll also cover the underlying security principles, lessons, and countermeasures that we learned in the process. You.ll leave the talk with a better appreciation for the importance of cheating.
James Caroland is a Navy Information Warfare Officer, member of the US Cyber Command, and an adjunct Associate Professor in University of Maryland University College.s Cybersecurity Program..
Greg Conti is Director of West Point's Cyber Security Research Center. He is the author of Security Data Visualization (No Starch Press) and Googling Security (Addison- Wesley) as well as over 40 articles and papers covering online privacy, usable security, security data visualization, and cyber warfare. His work can be found at www.gregconti.com.
Tags: securitytube , shmoocon , shmoo con , hacking , hackers , information security , convention , computer security , shmoo 12 , shmoocon 12 , shmoocon-2012 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.