![]() ![]() These are about straight-up engineering systems or security methods in ways that they'll always work given a specific threat model. The high-assurance systems and security fields were much more interesting. The funny thing is I quit hacking because it was easy, mostly unimaginative, and repetitive. I got angry enough to walk out, and then went back thinking there was probably some value to be had. Instead all I got was some dummy thinking he's hot shit because he found some vulnerable systems on Shodan. ![]() We're not running webapps on racked pizza boxes, so there is a lot of topics in our systems that aren't really explored in public security literature. I was really excited to see what there was for us. I went to a two-hour presentation at $serious_security_conference on $my_product_domain. The less-charitable interpretation of this is "Hey dummies! If we all want to play red-team, who the fuck do we think is left over to fix things?" We are the domain experts and we are theĪdults in the room. No one is rising to meet these challenges. That disinterest is the entire raison d'etre of I am The Cavalry. Even if it's all you do, if your days are just "analyze, document, harden, repeat," that's a lot less fun than getting paid to pop boxes. ![]() It's not as fun to be a developer that is really into security but only have that be part of your job. One of the root causes seems to be that everyone with the aptitude for security crowds toward jobs that don't actually involve implementing good security. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |