After 15 years of building security products, I decided to join the front lines of the fight by taking a real-world job running product management & engineering, for a team that was building a new cash/debit[credit-rails] payments platform. My first day on the job we discovered we were being attacked by an organized crime ring. For roughly every $150k stolen - it meant we had to lay someone off - further reducing our ability to be effective. Tense moments. We also had no Infosec/Cybersecurity staff, nor any type of Infosec or Anti-Fraud software/systems. We only had a Windows-based “Compliance System” that looked like it was written in the late 90s. In spite of that we managed to cut our losses to zero dollars for almost six months! The next 13 months were a bloody battle that ended with me losing my job. If you like real world cybersecurity; want to learn how we built an anti-fraud system from scratch; or simply like schadenfreude - join me for a laugh and a few super-obvious lessons in statistics. :)
Arian is an 18+ year Infosec veteran who has worked as a Builder, Breaker, and Defender. He has built both enterprise financial and security software, and helped catch bad guys. He is fairly certain the majority of his success is due to luck - and the privilege of being surrounded by really smart people. Arian has pontificated in books and papers on software security and breaking software, and blathered at conferences around the world on techniques & technologies for both Red and Blue Teams. He also pads his presentations with bad jokes. Early employee of FishNet, WhiteHat, RiskIQ; also worked at several #Fintech companies you’ve never heard of, and taught my wife to phish kidnappers.