This light talk will try to address the "unaskable" question "will best practices make use more secure?" in a light and entertaining manner. Will a strong password policy result in stronger passwords? When are there too many admins on the system? In good cop/bad cop style Frank Breedijk and Ian Southam will address this topic from the firm believe that IT Security should actually make IT more secure.
As obvious as that statement seems, security measures often do not achieve this goal but sometimes hurt it. E.g. enforcing "very strong" password policies will often result in people not being able to remember their passwords and writing them down, or reverting to passwords like Password01, Password02, etc. In the process the hope to plant the seed for some of the serious self reflection that is required from the IT Security industry.
Frank Breedijk (@Seccubus) is employed as a Security Engineer at Schuberg Philis since 2006. He is responsible for the technical information security of Schuberg Philis Mission Critical outsourcing services. This including, Security Awareness, Vulnerability management, Internal security consultancyand technical audits and Seccubus development. Frank Breedijk has been active in IT Security for over 10 years. Before joining Schuberg Philis he worked as a Security Consultant for INS/BT and Security Officer for Interxion. He managed the European Security Operations Center (SOC) for Unisys' managed security services. During this period Gartner labeled Unisys leader in the magic quadrant for Managed Security Services in Europe. Besides his day job Frank Breedijk develops Seccubus, is an active on Twitter and writes blog entries for CupFighter.net. He has also written magazine articles about Seccubus and security awareness.
Ian Southam has been in IT for over 25 year, in these 25 years he has filled various roles ranging from programmer, director of datacenter development and currently as mission critical engineer at Schuberg Philis where his is responsible for a broad range of mission critical application infrastructures. He mainly enjoys doing the work rather then talk about the work, but in this case he likes to make an exception because these so called "best practices" are getting too much in the way of getting the work done in a secure manner.