Thinking Differently About Security
Mary Ann Davidson at AppSec USA 2013
Almost all security professionals have one or more headshaking security stories caused by everything from sloppy design to execrable coding to insanely asymmetric risk assumption. Technical acumen is not enough if we want to improve actual security (instead of improving our job security): we need to think about, and talk about, security differently. This means absorbing the language, constructs and lessons of other disciplines from economics (systemic risk) to military history and tactics (force multipliers). It means understanding the limits of technology, that there are "unknown unknowns" and that humans are all too fallible (and there's no upgrade coming). Lastly, it requires the techno-proficient among us to learn to de-geek our speak so that we can express security concerns in terms that decision makers and policy makers can understand: "barbarians are at the gate" is so much more understandable and actionable than "there's a manifestation of a theoretic weakness in the Visigoth detection protocol."
Speaker
Mary Ann Davidson
Chief Security Officer, Oracle Corporation
Mary Ann Davidson is the Chief Security Officer at Oracle Corporation, responsible for Oracle Software Security Assurance. She represents Oracle on the Board of Directors of the Information Technology Information Sharing and Analysis Center (IT-ISAC), and serves on the international board of the Information Systems Security Association (ISSA). She has been named one ofInformation Security's top five "Women of Vision," is a Federal 100 award recipient from Federal Computer Week.
Speaker
Mary Ann Davidson
Chief Security Officer, Oracle Corporation
Mary Ann Davidson is the Chief Security Officer at Oracle Corporation, responsible for Oracle Software Security Assurance. She represents Oracle on the Board of Directors of the Information Technology Information Sharing and Analysis Center (IT-ISAC), and serves on the international board of the Information Systems Security Association (ISSA). She has been named one ofInformation Security's top five "Women of Vision," is a Federal 100 award recipient from Federal Computer Week.