addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramlinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

That’s Me in the Corner… Information Security and Other Fairy Tales

The year was 1995 and I was relatively new to information security, in fact back then it was only part of my job along with setting up network gear, web design, and general system administration. I worked in a small ISP and web design company and wore many hats. I remember this incident clearly because even though at that time I was a Usenet veteran and a member of many mailing lists, I don’t think I’ve ever been flamed so badly previously or maybe even since. However I had joined an infosec mailing list and had the audacity to say something along the lines of: I don’t understand, if you want to, for example, secure DNS wouldn’t you have to have a good technical knowledge of how the DNS system, named, bind and everything that goes into DNS works?

For the next week I had all manner of angry e-mails and back and forth telling me what little understanding I had, how naïve my views were, how if one just knew basic principals of security they could be applied to everything and how the details didn’t matter. Wow, I figured, I have a lot to learn about security. Its now 18 years later, I’ve been doing this stuff for over 20 years now, and the one thing I’ve learned since then was just how right I was in the first place.

In the past 20 years I’ve cringed at thousands of bad decisions made by those that don’t know quite enough to do their job effectively. I’ve fought wars with those that think they have understanding of certain concepts, but do not. I’ve seen how this lack of technical understanding leads to terrible risk assessments. Likewise I’ve seen people with somewhat decent technical skills that have no ability to communicate risk to their peers or to their superiors.

This talk will illustrate examples of bad risk assessment, the problems it creates, the money it wastes, and hopefully provide some workable solutions to replacing horrid common practices with good ones.

About Rob
Rob Havelt is a 20 year information security industry veteran. He is a founding member of Trustwave’s SpiderLabs. Formerly a bourbon-fueled absurdist, raconteur, and man about town, currently a sardonic workaholic occasionally seeking meaning in the finer things in life...

Join or login to comment.

  • Tony

    Fantastic talk, top flight speaker, incredible participation from the group.

    January 18, 2014

  • nicolai s. check this out if you haven't seen any of this or are following current and developing trends in footprinting

    January 18, 2014

  • Al

    Great crowd, presentation was good, speaker was awesome!

    January 17, 2014

  • Gregorie T.

    It was great!

    January 17, 2014

  • Ryan B.

    Thanks to Rob! That was awesome

    January 17, 2014

  • Karen H.

    I thought it was great. I enjoyed hearing Rob and his stories, and his perspective on professionalism in security was refreshing.

    2 · January 17, 2014

  • Dion R.

    Sorry, I won't be able to make it. I didn't realize I was Samsung Meetup is going to be this Thursday, damn.

    January 13, 2014

  • nicolai s.

    I can't wait till this happens

    January 13, 2014

  • Matthew U.

    Sorry, forgot I had a rehearsal that night. Please keep me posted on other meetings.

    January 8, 2014

  • Jason S.

    My lack of a 9 to 5 career and the subsequent acceptance of a security position at a music venue for survival interferes frequently with attending cool gathering such as this one. Suppose I could inaccurately blame the Tomorrow Never Knows festival.

    December 28, 2013

    • Jason S.

      Rarely do I pick up a 2600, but I did a cursory scan of your article cause I know you. The topic has always interested me. I have never dealt in cloak and dagger cyber tricks, but when cargo of such methods could include illegal images or for the incredibly savvy an executable virus I take notice. There is an IEEE Spectrum issue from a couple years ago that discusses detection methods devised at some university. Later and a big PEACE of 22/7.

      December 29, 2013

    • Hal W.

      I guess I can say that I am published now. I'm kinda proud. Maybe I should write a book, even fiction.

      January 6, 2014

  • David A.

    I've been asked to present at the Samsung Developers Night on the same evening, so wont be able to make it :(. Why do the good meetup always have to clash?

    1 · January 5, 2014

  • nicolai s.

    Yup I'll be there

    November 18, 2013

Our Sponsors

  • Workbridge

    Free beer and pizza and a place to meet in The Loop

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy