I’ve argued for some time that information security is in a growing state of cognitive crisis…
Demand outweighs supply
Because so many organizations need experience, they are unable to appropriately invest in entry-level jobs and devote the necessary time for internal training.
That’s an HR and hiring manager issue, right? --brbr No. --bboettcher
Information cannot be validated or trusted
There are few authoritative sources of knowledge about critical components and procedures.
Large systemic issues persist with no ability to tackle them in a large, mobilized, or strategic manner.
The industry is unable to organize or widely combat the biggest issues they face.
Groups of individuals, everyone thinking they have the ‘right answer’, just like linux flavors --brbr
How do we solve it?
https://www.maximumfun.org/shows/sawbones - sawbones podcast (amanda mentioned)
We use them all the time? Gotta simplify the complex...
Distribution and the Bell Curve
The Scientific Method
13 Organ Systems
4 Vital Signs
10 Point Pain scale
Defense in Depth
Companies dumping existing models and embracing something else
The problem is that we’re model hungry and we’ll rapidly use and abuse any reasonable model that presents itself. Ultimately, we want good models because we want a robust toolbox. But, not everything is a job for a hammer and we don’t need fourteen circular saws.
What makes a good model?
Begins by asking a question… (what is the weather going to look like tomorrow? --brbr)
What defines the sandwich? (kind of like “https://en.wikipedia.org/wiki/Theory_of_forms” --brbr)
Discuss the Rural Tech Fund https://twitter.com/RuralTechFund
Practical Threat Hunting - https://twitter.com/chrissanders88/status/1133388347194454018
Practical Packet Analysis - https://nostarch.com/packetanalysis3
More references on Chris’ site https://chrissanders.org/2019/05/infosec-mental-models/
Cult of the dead cow - June
Tribe of Hackers - July
The Mastermind - August
The Cuckoo’s Egg - September
Check out our Store on Teepub! https://brakesec.com/store
Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email email@example.com
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
Comments, Questions, Feedback: firstname.lastname@example.org
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec