Archive

Archive for April, 2015

The 3 Immutable Rules Of Presentations…

April 27th, 2015 2 comments

There are three immutable rules that pertain to presentations*, even more so important if one’s presentation is in front of several thousand people, live:

  1. Never present with kids
  2. Never present with a live demo
  3. Never present with animals

Not doing one outa three ain’t bad 🙂

My 2015 RSA Security Conference keynote was very special to me.  Besides violating two of those three rules, it was a deeply important and even more deeply personal experience.

My non-profit, HacKid, was a participating organization in RSA’s amazing partnership with The Tech Museum of Innovation and the Cyber Security Safety Village.

It was only fitting then, that I used the wonderful community outreach of my employer, Juniper Networks, to do something very different, actionable and useful with my time on stage.

I was lucky enough to find a willing co-pilot to help me talk about the next generation of security riffing off the lyrics of The Who’s “My Generation.”  You’ll have to watch the video to see who.

You can watch the video below or find it directly, here.

Below is a blog that I wrote and cross-posted from Juniper’s website:

If cyber security in the last two-and-a-half decades has taught us anything, it is that it’s painfully obvious that the tools, tactics, techniques and procedures employed by adversaries bent on causing us harm both professionally and personally have outpaced our ability to successfully defend ourselves.

While there has been progress and innovation in the use of technology products as the frontline of defense, there’s a very important aspect often overlooked in the totality of the solution space.

The “people” element has always been mentioned as an area of focus for cyber security. But beyond technology, we have not done enough to ensure that security and privacy are not eroded for the sake of convenience, putting people at greater risk.

When we have attempted to address the “people problem,” we have often relied mostly on awareness (theory). In the face of sophisticated methodologies of abuse and attack – and frankly some very basic ones – we expect people to make the right decision in the face of complex and confusing events (practice). This is a disaster – or breach – waiting to happen.

Over the last few years, a number of initiatives and organizations have been established to address this issue in a meaningful way, but with a twist and caveat: Rather than focus on adults – the developers and professionals of today – these initiatives and organizations have focused on reaching out and educating children, who are literally the “next generation” and frontline of protection against cyber-attacks.

One thing we have learned is, when dealing with children, it’s not enough to just raise awareness about proper cyber security hygiene and behavior. It’s not enough to simply tell them what not to do – that’s too overwhelming and overall, it’s the wrong model. We must build creative and constructive means, in which they are able to actively contribute toward a more secure world by helping build a better one.

Children love to learn and are inherently curious, imaginative and don’t come with predisposed limits on how things have to function. They are built to push limits and we should harness that.

Without a doubt, today’s children are far more technically advanced than in the past – even at the young age of three or four-years-old. To expect them not to do something just because we told them not to – especially when it comes to computers and mobile devices being used to learn, entertain and engage – is simply unrealistic.

The sophistication and capability that today’s kids have for grasping complex topics is amazing. Furthermore, just because they’re children, we shouldn’t assume they’re unaware and incapable of understanding deep issues like security and privacy.

When it’s related to them in a meaningful way, light bulbs go on.

As such, the new focus is to educate children on how things work and in some cases how to break them, so they have a better understanding of why not to do something – and how to fix things that are broken. This is the true definition of “hacking,” learning and finding creative solutions to big, hairy problems. The reality is that if you don’t understand how adversaries attack and break things, it is generally much more difficult (if not impossible) to defend yourself, detect or fix what is broken.

When it comes to children, we should complement their natural and inherent friendliness towards learning something new. We should tap into their creative ingenuity and turn it into something good. All of this provides us a tremendous opportunity to not give up privacy and security for the sake of convenience by simply changing the way we integrate security versus bolting it on.

That said, it is likewise important to discuss and establish boundaries and constructs around “hacking” to ensure that activities are governed appropriately with respect to legality, morality and ethicality.

These conversations and guidelines do a lot toward short-circuiting the normal knee-jerk reaction of what it means to introduce children to “hacking.” We have “hackathons” to allow communities of interest to come together to solve large social problems. We have companies that focus on “hacking” and “hackers” to develop innovative new platforms and services. “Hacking” isn’t always a bad thing… and in many cases when we think about the culture and approach needed to secure our systems and create resilient, rugged and secure code, hacking is an appropriate word.

Juniper Networks Supports Code.org

This is why at this year’s RSA conference, Juniper Networks announced an extension of its grant to Code.org, which will enable the development of new high school computer science course, intended to be advanced placement (AP), to allow students to learn about cyber security and secure coding. Code.org is a non-profit dedicated to expanding participation in computer science by making it available in more schools, because every student in every school should have the opportunity to learn computer science. It is committed to the notion that computer science and computer programming should be part of the core curriculum in education, alongside other science, technology, engineering, and mathematics (STEM) courses, such as biology, physics, chemistry and algebra.

Juniper and the Juniper Networks Foundation Fund are proud to make this commitment and expect it to be the first step in making cyber security a fundamental element of learning to code and learning to code securely. We’re starting at the high school level and hope to spur activity by other businesses and organizations to partner with Code.org and ultimately, develop programs that include kids at the middle school and elementary school level as well.

Your support and help doesn’t have to come via financial grants or funding (although that definitely helps). Your time is just as valuable. If you’re able and interested, volunteer to teach at your kids’ school or help Code.org recruit new teachers in your community to teach Code.org’s courses.

Join Juniper Networks, the Juniper Networks Foundation Fund, and Code.org at www.code.org and help develop and establish the true “next generation” of cyber security.

Mike Mimoso over at ThreatPost did an awesome write-up which you an find here.  Bank InfoSecurity also did a nice interview with me on this and other topics.

Thanks for reading…and for finding your way of contributing.

/Hoff (AKA @Beaker)

*With apologies to W.C. Fields (and H/T to my old friend Bob Antia)

Categories: Uncategorized Tags:

Looking Forward to Catching Up At RSA…

April 18th, 2015 No comments

If Black Hat and DEF CON are Security Summer Camp, then RSA is the Spring Dance.

I think this is my 16th RSA Conference.  I believe I am now eligible for the AARP discount shortly.

Beyond the massive amount of customer, partner, analyst and press stuff I have to do this year, I have some stuff to talk about:

Christofer’s sessions at USA 2015

– See more at: http://www.rsaconference.com/events/us15/speakers/christofer-hoff#sthash.KM7Gknuu.dpuf

Also, I have a keynote talk and panel discussion at the AGC Conference
The coolest part of my involvement this year is with the RSA Cyber Security Safety Village — my non-profit, HacKid, is one of the 6 partners that are exhibiting in Moscone West all week:

In partnership with San Jose’s Tech Museum of Innovation, RSA Conference 2015 will transform Moscone West (level 2) into the Cyber Safety Village, where you will get a sneak preview of The Tech’s upcoming new exhibit—Cyber Detectives! You can also speak with our Village Partners and learn more about the role you can play and how you can make a difference in your own community.

We have an opportunity as a profession to make a significant impact in the lives of kids by keeping them safe online. Find out how you can make a difference. Support RSAC Cyber Safety: Kids by visiting the Cyber Safety Village in Moscone West and taking advantage of the many resources provided by our Village Partners

– See more at: http://www.rsaconference.com/about/rsac-cyber-safety#sthash.8d46dPZv.dpuf

See you there!
Categories: HacKid, Security Conferences Tags: