That Was Close! Learning CyberSecurity Lessons From Near Misses

Adam Shostack

There's an old joke: "Half my advertising budget is wasted! I wish I knew which half!" Working on defense, it sometimes feels like the advertising folks are lucky. In security, it's hard to explain why some controls are more important than others. That's because we lack evidence for the effectiveness of those controls. This talk presents a concrete road forward after of several years of looking into 'how can we learn more, faster?' so we can get better at defense? 

Speakers Bio: Adam is a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped found the CVE and many other things. He's currently helping a variety of organizations improve their security, and advising and mentoring startups as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security, and the co-author of The New School of Information Security.