Chris Roberts , currently the Chief Security Strategist at Attivo Networks, really stood out last year at All Day DevOps. You really just have to watch his session, below, to truly appreciate his unique point-of-view.
He summarizes by saying that developers need to evolve. Developers must live, breathe, and think DevSecOps because we can't count on humans to protect us.
Chris underscores that in 2017, 2-3 billion records were lost in security incidents. This, even after tens of billions of dollars were spent by private entities on cybersecurity. Moreover, that doesn't count the cybersecurity spending by governments!
As he says: "The beauty of humans is that for all that we err, we also have an equal capacity to evolve. We humans are both the problem AND the solution."
With 5.5 billion connected people in the world, after you take out the people who use "123456" as a password and all of the "sheeple," you get a small number who actually get security. Chris estimates that it is about 9% of the United States population.
Now, consider this small group of security-minded people with these facts:
We are adding more and more complex technology
We are handing technology to a broader population that doesn't understand or care about security
We are integrating technology into our homes, offices, bodies, cars, and lives
We don't have enough qualified people to manage the current list of issues, let alone anticipate and prepare for the future
We don't have good eyes on (any!) of our own environments
Chris concludes, "we are *&!!&#% unless we evolve!"
He launches into next generation areas that need to adequately prepare for security by using DevSecOps principles. Examples include: nanotechnology; technology that eliminates passwords (because we become the password); and, actual artificial intelligence. He digs into each of these and presents some very interesting ideas, future gazing, and provocative statements on privacy.
Chris also lays into "his industry," noting the cybersecurity industry has:
Failed
Lied
Sold false promises
Continued to Band-Aid rather than fix problems
Profited off the misery of others
Acts like entitled snowflakes
Blames everyone else
Flaunts the mission of security
Treats information as currency and holds it over others
Uses FUD (fear, uncertainty, and doubt) at every turn to maintain the upper hand
But what is one to do? Chris walks through some back-to-basics, summed up with:
Humans - turn it from a security conversation to a safety conversation
Computers - they are everywhere, even where you don't know
Your perimeter - recognize you don't have one
You!
A plea - start and stop a bunch of simple things, like stop buying the hype and thinking there is a free lunch and start paying attention to your users and being proactive instead of reactive.
Get a plan - &#*$&$ is going to happen
When you think "all is quiet on the Western front" - it isn't.
What is the bottom line according to Chris? "I will fail. We will succeed." Individuals will fail; we have to work together.
Chris's presentation, Why The T-Rex Didn't Get Hand Extenders will provoke ideas about what needs to be done to secure our digital future. You can watch his full talk, for free, here.
The third annual All Days DevOps conference was held in October 2018. All 123 sessions are available on demand. Save the date for All Day DevOps 2019, November 6, 2019.