Everything they told me about security was wrong

DerbyCon 2.0 - The Reunion

Presented by: Paul Asadoorian (pauldotcom), John Strand
Date: Sunday September 30, 2012
Time: 10:00 - 10:50
Location: Track 1
Track: Break Me

If you were to believe the vendors and the trade shows, you would think everything was “OK” with IT security. You would think AV works. You would think “plug and play” IDS was effective. You would think that Data Loss Prevention would prevent data loss. Why then, is it, that very large organizations are still getting compromised? Organizations with very large budgets and staff, still get compromised in advanced and persistent ways. Something is very wrong in this industry.

Lets find out what is wrong and how we can fix it.

In this presentation we will cover many of the common misconceptions about computer security.

Below are just a few misconceptions we will destroy with harsh words and live demos:

  1. AV will keep malware off of my system
  2. Firewalls will keep the attackers out
  3. If my system is patched, I cannot be hacked
  4. Apple computers are far safer than Windows
  5. Linux is more secure than Windows.
  6. My users are dumb

Paul Asadoorian

Paul Asadoorian is currently the “Product Evangelist” for Tenable Network Security, where he showcases vulnerability scanning and management through blogs, podcasts and videos. Paul is also the founder of PaulDotCom, an organization centered around the award winning “PaulDotCom Security Weekly” podcast that brings listeners the latest in security news, vulnerabilities, research and interviews with the security industry’s finest. Paul has a background in penetration testing, intrusion detection, and is the co-author of “WRT54G Ultimate Hacking”, a book dedicated to hacking Linksys routers.

John Strand

John Strand co-hosts PaulDotCom Security Weekly, the world’s largest computer security podcast. He also is also the owner of Black Hills Information Security, specializing in penetration testing and security architecture services. He is a Senior Instructor with the SANS Institute. He has presented for the FBI, NASA, the NSA, and at DefCon. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing and drinks Coors Light while carrying a stick and a marshmallow.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats