I’m not in Vegas this year so I get my infosec vicarious pleasures by reading articles like this…:
Next week, security practitioners from across the globe will make their summer pilgrimage to Las Vegas for Black Hat, DEF CON, and other security gatherings. As in years past, there will be no shortage of surprises:
- Attendees, press, vendors, and analysts will clamor for insight on a tactic or technique that will break what was once thought unbreakable.
- A geopolitical event will cast a shadow over the week like the Edward Snowden and DIRNSA keynote did in 2014.
- A vendor will have the most over-the-top party (my bet, Rapid7).
- The funniest T-shirt will capture the spirit of this year’s get-together.
- Attendees will be mesmerized by the latest hacking demo or “drop the mic” vulnerability announcement.
What’s more — and most important — attendees for one week can forget the less exciting, mundane, and more challenging tasks that await them back at home. Tasks such as patch management, identity management, and other basics that most affect the security health of an organization and about which security leaders have the most influence.
Why is focusing on the external and sensational far more compelling than the internal and controllable? The answer is what I describe as “breach fixation.” […]