Chris Roberts (@sidragon1), currently the Chief Security Strategist at Attivo Networks, really stood out last year at All Day DevOps. You really just have to watch his session, below, to truly appreciate his unique point-of-view.
He summarizes by saying that developers need to evolve. Developers must live, breathe, and think DevSecOps because we can’t count on humans to protect us.
Chris underscores that in 2017, 2-3 billion records were lost in security incidents. This, even after tens of billions of dollars were spent by private entities on cybersecurity. Moreover, that doesn’t count the cybersecurity spending by governments!
As he says: “The beauty of humans is that for all that we err, we also have an equal capacity to evolve. We humans are both the problem AND the solution.”
With 5.5 billion connected people in the world, after you take out the people who use “123456” as a password and all of the “sheeple,” you get a small number who actually get security. Chris estimates that it is about 9% of the United States population.
Now, consider this small group of security-minded people with these facts:
- We are adding more and more complex technology
- We are handing technology to a broader population that doesn’t understand or care about security
- We are integrating technology into our homes, offices, bodies, cars, and lives
- We don’t have enough qualified people to manage the current list of issues, let alone anticipate and prepare for the future
- We don’t have good eyes on (any!) of our own environments
Chris concludes, “we are *&!!&#% unless we evolve!”
He launches into next generation areas that need to adequately prepare for security by using DevSecOps principles. Examples include: nanotechnology; technology that eliminates passwords (because we become the password); and, actual artificial intelligence. (Read more...)