The majority of systematic approaches to information security are created by contributors from stable nation states, where the design assumes that the originator is wholesome and true, the playing field is lush and green and the children frolic care-free making daisy-chain bracelets. This talk discusses the realities of corruption, with real-life anecdotes from interviews conducted with real criminals and victims. This talk also explains the challenges and differences between trying to 'do' information security in developed and developing countries, where often corruption can derail security efforts and the people put in place to run the show are working against you. I also discuss typical challenges of working in difficult climates, how this can impact us (as security warriors), with first-hand accounts from those involved and some of the things we can do to combat corruption.
A basic understanding of threat modelling and a slightly dark sense of humour are advantageous in getting the most out of this talk.