Epistemology. How’s that for a $6 word? In a nutshell, epistemology is the philosophical study of belief, truth, and knowledge. As it turns out, sometimes the things that we believe aren’t necessarily true… hard to believe, right? In the infosec community, there are many closely held beliefs; strong passwords are important, users are dumb, you can never be 100% secure, defense in depth is a good thing, infosec is relevant, the conversations that happen twitter are valuable, metrics are useless, and many more. However, understanding the underlying truth can be challenging, especially when our beliefs are so entrenched in our community and the definition of what it means to be a modern day hacker.
This talk will examine some foundational infosec beliefs and how infosec is viewed by others. Through examples and a little logic, I hope to get us a little closer to the truth underlying our industry. Yes it will be ranty, yes there will be diagrams and charts and things. But hopefully this talk will challenge your beliefs about our industry and how we tackle modern day security problems.