Yesterday was by far one of the best days of the entire conference. Now, part of that may be that I was actually able to take in several of the sessions and both of the keynotes were excellent! I also was able to see a presentation from one of my favorite hackers, Jeremiah Grossman. I really think his mission to try to teach as many people as possible the skill he has is admirable. I thoroughly enjoyed his presentation and hope that he continues on his goal to include the possibility of partnering with the Khan Academy (see previous blog on Day 3 -- Amazing non-profit organization!!). If you are on Twitter, strongly recommend following him at @jeremiahg. I am always impressed that he takes the time to answer questions that are sent to him. I am glad I had the opportunity to meet him.
Speaking of Jeremiah's presentation, he made some very interesting points. In relation to all these sensationalized reports about the Internet being brought down by hackers, he said he is more concerned about the Internet staying up than going down. The bad guys need the Internet to do whatever attack they are planning to do. If does go down, he believes that would be a prelude to a physical/kinetic attack. I am most impressed by his "Hack Yourself First" concept. He briefed this at the TedxMaui event in January. I am looking forward to that video becoming available to watch. Big companies like Google, Mozilla, and Facebook pay hackers for cross-scripting bugs. It is far better for you find the vulnerabilities and fix them before the bad guys have the opportunity to exploit them. This is why he is so dedicated to teaching people how to hack.
We need far more trained people in the computer security fields than we currently have. The numbers are factors of ten below what is needed. Several presentations this past week talked about the need to train more people and the need to grow this community. I think it is not just targeting schools and training young people in the these fields but also reaching into the current market and target other skills that would be useful. Art Coviello's example I discussed in my day 1 blog is a perfect example. Our job market is being flooded with young troops leaving the military with great strategic skills but not tactical skills that translate to anything in the civilian world. They are great targets of opportunity. There are just not many resources for them to learn the right the skill to break into this field. I did not start in this field and still strive to grow my technical skills in any way possible. Unfortunately, my Masters program did not provide the training I had hoped it would so now I am looking for any and all opportunities to do that. I believe that people like Sal Khan and Jeremiah could team up to come up with programs for military members to learn these technical skills (and people like me - I left the military and was fortunate enough to find an opportunity to break into the cyber security community and have been so passionate about it ever since). It is a serious gap that no one has really found a great way to fill without charging an astronomical cost which most of these young troops could never afford to pay.
The next session I attended was Mark Russinvich's session about Zero Day Attacks. His new book is out and the premise of his presentation was is it viable, feasible, and desirable for a terrorist to conduct a mass zero day attack with the goal of major destruction. He walked through the entire scenario - which quite frankly is pretty scary - and basically the conclusion is it is in the realm of the possibility. These exploits are sold and with the right motivations, the vulnerabilities to exploit are definitely out there within our most critical systems. Pretty damn sobering if you ask me. All the more reason I believe we need more people in this field. Starting to see my theme here...I definitely am adding his book to my list to read.
I am going to save my write-ups on the keynotes to later as I actually want to watch both of them again...they were really that good. I took copious notes and there were just some excellent soundbites that I want to ensure I correctly captured so stay tuned.