A Fully Trained Jedi You Are Not | A Conversation With Adam Shostack | Black Hat 2022 And DEF CON 30 Las Vegas Event Coverage | Redefining CyberSecurity Podcast With Sean Martin And Marco Ciappelli
JUL 28, 2022
Description Community
About

While many in the InfoSec industry try to be all things to all people, sometimes that just isn't a winning strategy? What is? Let's have a chat with Adam Shostack to find out.

About the session, "A Fully Trained Jedi, You Are Not"

As software organizations try to bring security earlier in the development processes, what can or should regular software or operations engineers know about security? Taking as given that we want them to build secure systems, that demands a shared understanding of the security issues that might come up, and agreement on what that body of knowledge might entail. Without this knowledge, they'll keep building insecure systems. With them, we can have fewer recurring problems that are trivially attackable.

Training everyone at a firm is expensive. Even if the training content is free, people's time is not. If you have 1,000 people, one hour per person is half a person year (before any overhead). So there is enormous pressure to keep it quick, ensure it meets compliance standards like PCI, and … the actual knowledge we should be conveying is almost an afterthought. We need to design knowledge scaffolding and tiered approaches to learning, and this talk offers a structure and tools to get there.

We don't need every developer to be a fully trained Jedi, and we don't have time to train everyone to that level or even as much as we train security champs. So what could we ask everyone to know, and how do we determine what meets that bar?

Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22

____________________________

Guest
Adam Shostack
President at Shostack & Associates
On LinkedIn | https://www.linkedin.com/in/shostack/
On Twitter | https://twitter.com/adamshostack
____________________________

This Episode’s Sponsors

CrowdSec | https://itspm.ag/crowdsec-b1vp
Edgescan | https://itspm.ag/itspegweb

____________________________

Resources

Session | A Fully Trained Jedi, You Are Not: https://www.blackhat.com/us-22/briefings/schedule/#a-fully-trained-jedi-you-are-not-26650

____________________________

For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverage

Are you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
👉 https://itspm.ag/bhdc22sp

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Comments