Myths and Lies in Infosec – Adrian Sanabria – ASW #228
Most of the myths and lies in InfoSec take hold because they seem correct or sound logical. Similar cognitive biases make it possible for even the most preposterous conspiracy theories to become commonly accepted in some groups.
This is a talk about the importance of critical thinking and checking sources in InfoSec. Our industry is relatively new and constantly changing. Too often, we operate more off faith and hope than fact or results. Exhausted and overworked defenders often don't have the time to seek direct evidence for claims, question sources, or test theories for themselves.
Resources
- https://www.usenix.org/conference/enigma2023/presentation/sanabria
- https://www.usenix.org/sites/default/files/conference/protected-files/enigma2023slidessanabria.pdf
- https://yourbias.is
- Discuss: What Makes a Good Breach Response? - ESW #303: https://www.youtube.com/watch?v=5RpZiVu3xEs
Announcements
Follow us on Twitter for livestream reminders, highlighted clips, memes, and more! You can find us at SecWeekly.
Guest
Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.
