How hackers changed the security industry and how we need to keep changing it.
From BruCON 2017
Before hackers got involved in cybersecurity the industry was focused on products and compliance. Security was security features: firewalls, authentication, encryption. Little thought was given to vulnerabilities that allowed the bypassing of those features. Hackers came along with the idea that you use offensive techniques to simulate how an attacker would discover vulnerabilities in a networks, a system, or an application. Offensive skills have been on the rise ever since and now the best way to secure something it to try and break it yourself before the attacker does. At the L0pht Chris lived the arc from the underground, to consumer advocates, to speaking at the U.S. Senate, to forming a 200 employee security consultancy, to schooling Microsoft and changing how people build software. Hackers needed to make trouble to effect positive change and we need to keep making trouble or we will never get a more secure world.