Just wanted to put out a quick post that to say that I’ll be attending PumpCon this weekend up in Philly. If anyone is up for meeting up, getting some drinks, or just arguing the intricacies of infosec, just hit me up on Twitter at @grecs. I always enjoy meeting new people so please don’t be shy … come up and introduce yourself!
For those interested I’m honored to have been selected to present there. I don’t know when exactly but here’s my talk info for those that are interested. It’s basically a rant on how security policies can actually make things worse.
“Disruptive Security Chaos … for Good”
Typically as organizations become more successful they often leave behind the agile and innovative methods that got them there and become more bureaucratic to protect the success they’ve achieved. Often this protection involves the implementation of strict policies meant to control the otherwise uncontrollable in a desperate attempt obtain conformity. One of these policies usually addresses organizational IT solutions such as standard workstation or laptops as well as an agreed upon statement of how those resources should be used. As “hacking” has become more prominent organizational leadership has updated these IT policies to include statements limiting experimentation of this practice on the internal network even for curiosity purposes. Is this the right approach? Does it really make the internal network more secure?
Today’s post pic is from PumpCon.org. See ya!