Deja vu Security CEO Adam Cecchetti was invited to present the keynote speech at this year's (sold-out!) Hushcon in Seattle. Rich in humorous anecdotes and practical analysis, Test For Echo was well-received by the crowd. If you couldn't make it to the standing-room only event, here's a recap:
Security Is a Snapshot In Time
Building on his years of research and experience in computer security, Adam first discusses the history of how we got here, and what it means to say "security is a snapshot in time." Essentially: the closer you move to systems built long ago, the easier it those systems are to exploit. But the impact, not the exploit, is what makes people care in the Age of the Infinite Scroll.
Ken + testing for echo
Adam then introduces the idea of shared ken - the range of one's knowledge or sight - as a way to discuss impacts: the We is greater than the I. To put it another way: if you are only hearing things you already know, or voices that agree with you, you've already lost - and over time, those losses mount up.
Sharing ken - extending the range of collective vision to reduce blind spots - is the counter. Some big wins resulted from sharing ken: firewalls, encryption, and two-factor authentication.
get to work
In the final third of the keynote / deck, Adam discusses the influence of data as code, the meta game, and secrecy as a transition to the real work: mastering impact and mastering ken. It's not enough to master the graph or the clock - one has to step outside the echo chamber and grow.
The full deck is available here as a PDF.