Disclaimer:do not do actual crimedo not encourage others to do actual crime
public service announcement
you are all good people
hackers are bad people
In today’s talk….Good and bad are problematic words and we need to start separating actions from intentions.Embracing bad behaviour can be challenging but you can avoid common pitfalls.Five simple steps that can bring bad behaviour to any organization thus improving security and resilience
What’s so bad about being bad?
Terms like 'good' and 'bad' are extremely simplistic in what is a far more complex situation.
Anything that gives pain is bad and anything that serves pleasure is good
Epicurus, around 307 BC
hedonism to compassion
One should treat others as one would like others to treat oneself
Also known as ‘The Golden Rule’
self portrait
we are all liars, cheats and thievesas long as nobody gets hurt
Experiment…let’s play a little game
Bad != Bad
actions vs. intentions
Breaking things isn’t always about breaking things
Don’t touch that please
I mean it.
don’t make me count to
three
You’ll break it and then
Daddy will be crossone
two
………
three
don’t break the buildthat’s totally different though
right?
What could possibly go wrong?(warning: this section contains cautionary tales and adult themes)
This.Will.Not.End.Well.
We feel cheated if the attack is not sophisticated or elegant
we are all romantics at heart
I blame Hollywood
we are engineerswe love the puzzles
it’s all fun and games until someone gets
blamed
psychopath
spoiler: nothing in this talk or any
talk/book/movie will ‘turn you into a psychopath’
Five steps:Get good at being bad
1. Be objective…keep your eyes on the prize
it’s rarely about the technology
Learn to see invisible things
There are two kinds of thieves in this world: The ones who steal to enrich their lives, and those who steal to define their lives. Don't be the latter.
2. Think like a villain…and make defence personal
You’re not paranoidthey really are out to get you
Make everything personal
Tell bad stories
3. Create a safe place…to create a little chaos in
Create space for destruction
Monitor all the things
you’ll be surprised what you learn
Reward the breakersBut reward the fixers a little bit more
4. Play…like you never read the
rulebook
make time to play
Prepare yourself for play
There is no such thing as:
‘the wrong way to play’
5. Break bad for life…not just for TechEd
Security fails when it
is a special event
continuous noise
Security is suitable for all ages and
abilities
A challenge…a little inspiration to
change
TL;DR versionGood and bad are problematic words and we need to start separating actions from intentions.Embracing bad behaviour can be challenging but you can avoid common pitfalls.Five simple steps that can bring bad behaviour to any organization thus improving security and resilience