Everyone is talking about security at the moment Poodle, Sandworm, Heartbleed etc... But still most companies only invest into security for the sake of being compliant to standard X, framework y or regulation z... Of course compliance is a big issue in regulated markets. But many breaches during the last two years show us that being compliant will make most of the bad guys out there laugh about you and your organization. By analysing some high-profile breaches down to a technical level this speech wants to show how often the hunger for being compliant to certain standards leaves complete organizations expose to attackers. This speech is supposed to be a sermon to return to the roots of security, to forget about fancy tools and buzzwords in security for a while and to understand: Being compliant does not equal being secure, but being secure often equals being compliant!
Johannes Stillig is addicted to IT Security since he is fifteen, but has his first heart attack about TCP/IP when he screwed up the TCP/IP settings of his mum’s Windows 3.11 for Workgroups by accident (a book from the library saved him from house arrest.). He is currently managing red teaming / penetration testing and digital forensic engagement, while he is still enjoying to make his hands dirty using /bin/bash.