Lessons from the Legion

IT/Security Industry Challenges, how can we become better at our game?

For a relatively fast, dense, noisy introduction, please see https://www.youtube-nocookie.com/watch?v=516Z420BgkE from OWASP BeNeLux 2018.

It can seem that the cyber security industry has evolved ways of working, and preferences in solutions and methods, as a series of point solutions that have become accepted traditions / rituals, rather than as a collective effort at forward thinking. A vendor-led industry mainly driven by technical experts may have come up with the best overall strategies to solve the incredibly complex problems of cyber security, but it doesn’t feel that way.

The aim of this track will be to answer the following questions by the end of the week:

• What are current strategies, explicit or implicit, that the industry uses or advocates as a whole?
• What are the underlying assumptions of the current strategies?
• Are those underlying assumptions valid?
• Assuming those strategies are incorrect, what are the correct strategies the industry should be using, to solve the problems it faces?
• What methodologies should be used to create or find, and test, the correct strategies?
• Can we learn from other practitioners in related areas as a useable “hack” to choose effective new strategies rapidly?
• Is this area of study financially or practically viable?