I hope the summer has been as eventful for you as it has been for me. We’ve just closed out what has been jokingly described as Security Summer Camp (SSC). This major unified Las Vegas meet-up is the confluence of three major ‘cyber’ security events: Black Hat, DefCon, and BSidesLV. Aside from the RSA Conference in early spring, SSC is the “who’s-who” of cyber security personnel and hot topics.
Sadly, client requirements prevented my attendance this year, but I tried to keep up with the goings-on through social media, blogs, skype, and calls. In addition to being informed of technical talks and keynotes, I also got tweets and photos of the shenanigans that inevitably occur around and during such events. In some ways, DefCon, the “hackers” conference, is starting to share some startling similarities with ComicCon.
The emphasis at SSC has been “hacking”. That’s a word I have assiduously avoided using as much as possible since it first came into vogue in the early 1980s. It’s a term fraught with potential misunderstanding. There were attempts in the last century to better refine the term by narrowing its meaning. Terms were coined such as black hats, white hates, phreakers, and crackers to try to clarify activities and mindsets. Now, the term ‘hacker’ is back, stronger than ever.
Activities at SSC have broadened to reflect the personas and proclivities of the founders. There are sessions for lock-picking, mobile phone hacking, and digital protocols. Some presentations include the use of alcohol shots and Nerf guns. There are sidebars forged around sexual identity and social issues.
During the proceedings, it was announced there will be another attempt at making a movie about all this “hacking”. You would have thought after War Games (1983) and Swordfish (2001), the Hollywood crowd would realize how dull this subject can be. That’s why car chases, gunfights, and hostage-taking are always key to the plot. I’ve noticed that whenever the techno-nerds in the television show “24” jump on a computer, the laptop doesn’t force them to stop and update their Java installation or Adobe applications. No, sir they do not. They touch the keyboard, and there’s an instant overhead, 3D view of Jack Bauer racing though a building.
I find it a bit odd that these conferences and the term “hacking” are often used by the media to define our business. I agree there is a critical requirement for vulnerability researchers, penetration testers, incident responders, digital forensic investigators, and threat analysts: the primary career paths of “hackers”. However, our profession is also in dire need of chief information security officers, security policy analysts, security architects, implementation specialists, digital compliance experts, corporate identity managers, and cyber legal advisors. Pro tip: most of the latter jobs pay much better than the former any way!