For all the progress we've made - as a community, as an industry, as a discipline - describing the brittleness of our IT infrastructure and 'the shape of the beast' (what is this hacking stuff anyway?), we're not seeing much in the way of obvious returns in two key areas : procurement and policy.
We know what's broken; we even mostly know how to fix it. We fight the good fight from the C-suite to Capitol Hill. Yet often we lose. Why?
Behind nearly every poor choice in procurement or policy is some species of magical thinking. Not idiocy, not ignorance, not malice, but a logical error in determining causality. These are not complicated fallacies, nor particularly difficult to spot, but they are seductive, they are omnipresent. And, unfortunately, they are often profitable. They are also critical to our understanding of why broken things stay broken, and why evidence-based policies are so elusive.
Attendees will explore imagined realities informing real policy and procurement decisions; they will additionally have the opportunity to learn and share battle-tested thwarting strategies.
Mara is a Washington DC-based ICT security policy expert. Mara regularly serves as a private sector advisor to executive agencies on information security issues, focussing on the technical and strategic implications of regulatory and policy activity. Prior to her current roles, she was the Director of Government Affairs for HackerOne. Mara’s background includes advanced degrees in cultural identity studies and modern history, as well as work in international security, counterinsurgency, and arms control. Her speaking credits include DEF CON, ShmooCon, TROOPERS, The Atlantic Council, the Federal Communications Bar Association, and an alphabet soup of think tanks. She is a proud contributor to FIRST Org’s VRDX-SIG, BlackHoodie alumna, and recently-named Senior Fellow at the Center for Advanced Studies on Terrorism.