gattin' lols

Last Wednesday our friendly neighborhood NAISG group got together, as we are wont to do once a month, and enjoyed a lively roundtable discussion featuring Mike, Chris, Jeff and moderated by Martin. If you’re in Atlanta and interested in security, I highly recommend coming to hang out with us at a meetup. Always great talks, networking and you’re guaranteed at least one free beer. 

BUT I DIGRESS

Being the dunce that I am, it’s tough for me to formulate words, let alone ideas while others are “pontificating” so I figured I’d dump my post script regarding a couple of the questions tossed out here. 

One question Martin asked that made me think was Is Infosec Harder Now? 

I think it’s pretty safe to say infosec is a much different game than it was 10 years ago. Hackers found a way to make money off of attacks which in turn has increased their volume and complexity. The victims are higher profile with more to lose and attacks are more frequent, consistent and harder to detect. The stakes are higher than ever.

BUT

Detection and prevention technology has also increased. We’ve managed to monetize the defense of networks, and as fast as the bad guys can crank out malicious code, researchers are breaking it down and analyzing it. Does the offense still have the upper hand? You bet. But we’ve got experienced leaders now and we’re holding the line for the most part. 

HOWEVER

“Smurf works again!”
-Boris re: IPv6 on ISD Ep. 495

One problem I see occasionally arise with the next gen industry folks (my peer group) is the issue of only being familiar with current baseline that exists. We’ve pushed and protected and gained some ground as an industry, but it’s important to not forget the old attack vectors. We have to be familiar with the legacy attack patterns, what they looks like and how to stop them. It makes no sense to defend from the latest and greatest threats if you’re susceptible to a vulnerability from 1998. Living through the creation of new attacks where you had to scramble to implement defenses on the fly really drills that attack into your head and this is an area where those more experienced in old school trench warfare can help mitigate through training and mentorship. 

TL;DR

Yes, security is harder now, but we’re better at it. And continually training new guys in the old ways while building on modern knowledge will keep that trend going.

Pt. 2 eventually!