1. The Cavalry Is Us Protecting The Public Good

2. THE CAVALRY IS US PROTECTING THE PUBLIC GOOD Nicholas J. PercocoJoshua Corman @c7five@joshcorman

3. NICHOLAS J. PERCOCO  Director, Information Protection  KPMG LLP  Advanced Threat Defense, Security Research  THOTCON founder, Ran SpiderLabs

4. JOSHUA CORMAN  Director, Security Intelligence  Akamai Father, Husband, Citizen  Adversaries, DevOps, Internet of Things  Rugged Software, “Building a Better Anonymous”

5. AGENDA  Why are we here?  Where have we been?  Where are we going?  How can you get involved?

6. WHY ARE WE HERE? Chapter 1

7. THE BEAUTY OF ROCK BOTTOM

8. NICK’S DREAMS

9. JOSH’S SHARKS

11. CC : From: http://www.flickr.com/photos/maiabee/2760312781/

12. WE GAVE A TALK

13. IMPORTANT THINGS  Body  Mind  Soul

14. HUMAN LIFE VS. DIGITAL LIFE http://blog.cognitivedissidents.com/2011/10/24/a-replaceability-continuum/

15. Countermeasures Situational Awareness Operational Excellence Defensible Infrastructure

16. LifeRightsCritInfrIPPIICCN Counter- measures Situational Awareness Operational Excellence Defensible Infrastructure REPLACEABILITY

17. WHICH BROWSER IS MOST SECURE?

18. WHICH MOBILE IS MOST SECURE?

19. WHICH CAR IS MOST SECURE?

20. WHICH INSULIN PUMP IS MOST SECURE?

21. WHICH THING IS MOST SECURE?

22. SOMEONE WILL COME TO THE RESCUE BEFORE IT’S TOO LATE

23. THE CAVALRY ISN’T COMING

24. IT’S UP TO US

25. CONVERGING UPON…  Focusing on security that affects personal lives  Getting outside the echo chamber  Teaming w/ stake holders in the public  Technically literate ambassadors of our trade  Making the issues accessible  Getting results!

26. WHERE HAVE WE BEEN? Chapter 2

27. TIMELINE 8/13 BSidesLV DEF CON 21 9/13 DerbyCon Congress 10/13 LASCON 11/13 TEDx AppSecUSA 12/13 BlueHat 1/14 ShmooCon?

28. TIMELINE 8/13 BSidesLV DEF CON 21 9/13 DerbyCon Congress 10/13 LASCON 11/13 TEDx AppSecUSA 12/13 BlueHat 1/14 ShmooCon?

29. JOURNEY(S)  Hobby->Profession->Lives (2)  Personal Rock Bottom->Find Others (<10)  Building the Guild->Shared Concerns/Identity (100)  Discovery->Missions/Goals/Plans (300)  Execution->Teaming with Concern Citizens (1000s)

30. DERBYCON 2013: FIRST MEETING  Sept 28 + 29  100+ hackers  Enough flipcharts  …and deodorant  Thanks, Dave Kennedy!

31. DERBYCON 2013: FACILITATORS/SMES  Andrea Matwyshyn (Legal)*  Adam Brand (Structure)  Beau Woods (Approach)  Chort0 (Guild)  Craig Smith (Auto)  Emily Pience  Jay Radcliffe (Medical)  Josh Corman  Katie Moussouris (k8em0)  Space Rogue (Media) * Guest Speaker

32. DERBYCON 2013: AGENDA  What conditions exist that we don’t like?  What are the causes of the conditions?  What should be done to eliminate the causes?

33. DERBYCON 2013: AREAS  Medical  Auto  Law  Media

34. DERBYCON 2013: OUTCOMES  Knowledge sharing about what is going on  Tons of new ideas on how to solve problems  More agreement than differences

35. LINKS TO VIDEOS/PODCASTS  BSIDES LV 2013 - http://bit.ly/16YbpC1http://bit.ly/16YbpC1  DEF CON 21 -  DERBYCON 2013 - http://bit.ly/1fYUCVIhttp://bit.ly/1fYUCVI  LASCON 2013 -  LOOPCAST Ep 88- http://bit.ly/1a41cpkhttp://bit.ly/1a41cpk  SOUTHERN FRIED SECURITY Ep 115 - http://bit.ly/1amYdbChttp://bit.ly/1amYdbC  PAULDOTCOM Ep 352 - http://bit.ly/1fzaqgPhttp://bit.ly/1fzaqgP  TEDx Sharks/Security/IoT - http://bit.ly/1bBB6JRhttp://bit.ly/1bBB6JR

36. WHERE ARE WE GOING? Chapter 3

37. ORGANIZE, FOR ACTION  American Bar Association  American Medical Association  What do we have to be?

38. COULD WE, SHOULD WE  Do good through targeted research  Get the right message out (media teaming)  Change or prevent bad cyber security laws  Education and Awareness

39. THIS WILL NEVER WORK  We are techies Not safety people, not PR people, not lawyers  Screw them We told them, but they wouldn’t listen  The problems are too large The war was lost a long time ago

40. FINDING COMMON GROUND?  WHAT?  WHEN?  HOW?  Chances of Success/Failure

41. STILL TO WORK ON 1.Identity Mission – What we exist to do (started at Derby) Values – What we believe Nature – What form we will take/what our core work is 2.Vision What we want to achieve and by when What we intend to look like in X years 3.Plan What we need to do and by when

42. HOW DO YOU GET INVOLVED? Chapter 4

43. UPCOMING EVENTS  December: Microsoft BlueHat  January: ShmooCon / OWASP AppSec CA  March: RSA Conference 2014 (?)  April: THOTCON 0x5 / SOURCE Boston (?)  Also, many BSides globally  August: Adjacent to Black Hat / DEF CON

44. WE NEED YOU  Experience with medical device, auto industries  Media wrangling expertise  Lobbying/Policy experience  Organizational/Visual skills  … or just passion to help

45. HOW TO GET INVOLVED - OWASP  Breakers  Builders  Citizens  Parents/Guardians  Community Leaders/Bloggers/Podcasters/etc

46. IDEAS, COMMENTS, HELP  @iamthecavalry  Google Group: http://bit.ly/thecavalry

47. NEVER DOUBT THAT A SMALL GROUP OF THOUGHTFUL, COMMITTED CITIZENS CAN CHANGE THE WORLD; IT’S THE ONLY THING THAT EVER HAS. - MARGARET MEAD (AN AMERICAN CULTURAL ANTHROPOLOGIST)

48. SECURITY OF CONSEQUENCE Fin