Security BSides Orlando is taking place on April 5th and 6th, so we are taking this opportunity in the run-up to the event to showcase a few of the fantastic sessions they have scheduled.
Security BSides Orlando is a community driven event seeking to bring together anyone with a passion for making, breaking or protecting, and they welcome newbies, experts and anyone in between.
First up was a session by Lee V. Mangold (@LeeMangold) titled Open Source Security: Security Poverty and the Small Enterprise, which will examine security challenges faced by small businesses which have minimal security budgets. Next up is a session by Alex Hutton (@AlexHutton) titled Alex Dreams of Risk, where he explains how he has begun to embrace the Japanese philosophy of “shokunin kishitsu,” best described as the striving for true “craftsmanship.”
Hutton, Director of Operations Risk & Governance for Zions Bancorporation, is a big fan of trying to better understand security and risk through metrics and models, and was formerly the principal for Research & Intelligence with the Verizon Business RISK Team where he helped produce the Verizon Data Breach Investigation report, the PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services.
Hutton likes risk and security so much that he spends his spare time working on projects and writing about the subject, including making contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and working with the Open Group Security Forum.
He is also a founding member of the Society of Information Risk Analysts where he blogs for their website and records a podcast for the membership, as well as blogging at the New School of Information Security Blog. Some of his earlier thoughts on risk can be found at the Riskanalys.is blog.
His talk was inspired by a documentary called Jiro Dreams of Sushi, and he adapted some of the wisdom the film bestowed to examine how we can as professionals battle the threat of burnout in infosec.
“Burnout is real. Feelings of discontent are real. Feelings of resentment towards management and the businesses we’re employed by are real. This presentation is the tale of a GenX slacker and how he quit blaming the world, turned inward, and found meaning in craftsmanship thanks to an 80 year old sushi chef,” Hutton said. “It has lessons for all of us as we seek to understand our feelings and create something that truly matters – ourselves.”
Hutton gave the talk at BSidesLV last year, and it really transcended the predictable notions of staying fresh, relevant, and seeking new challenges in order to avoid burnout, and instead touched on issues that demonstrate how the security field is reaching a level of maturity that other disciplines have enjoyed for ages, allowing us to attain a level of mastery in how we approach our careers in security.
“In casual conversations, I find many of my friends and peers to be in a place of dissatisfaction – with their careers, their work, their general predicament,” Hutton said. “So happy self-help quips and inspirational posters aren’t going to quickly turn these sorts of situations around in a meaningful manner.”
Hutton says it’s the idea of being in love with perfection in our work that can really provide some positive changes and relief from feelings of burnout, given the right frame of mind.
“The way of a craftsman – seeking perfection in art, developing both the intelligent hand and the playful mind. this can help bring some positive change to some people in our industry,” Hutton said. “So information security professionals would be most impacted by this session, though generally anyone might find inspiration in the message.”
Hutton says his sincere hope is that the audience will see their vocation in a different light after the talk, pursuing that level of excellence in their work which is truly at the level of craftsmanship.
“The landmines addressed in this talk really are those that we create for ourselves, but then forget where they lay,” Hutton continued. “Hopefully, a broader cultural change towards craftsmanship will be inspired by the session.”
- Rising Stars and Hidden Gems: The Hackers
- Rising Stars and Hidden Gems: The Educators
- Rising Stars and Hidden Gems: The Defenders
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock