(Not really the talk he gave, but just watch it anyway. The one he gave is called "Guerrillas in the Wires")
You have done PCI/HIPAA/SOX/ISO/FISMA/GLBA Compliance Audits, 10 Pentests, 20 Vulnerability Assessments, Code Review, App Testing and enough paperwork to feed the fire all winter long… but what did it get you. It got you a huge bill and a hardware stable of all of the latest security products. So now what? Are you safe? Will the Millions you spent on Hardware, Software and Compliance protect you from the “Bad Guys?” You may never know… but at least the marketing says it “Should.” Even if it DOES its job, will it protect your business? The answer: Not likely! For much too long, compliance has tested physical assets and ignored the thing that matters most…. YOUR BUISNESS. This session will discuss how we can change the paradigm. Throw away the # of addresses, the compliance reg, the book of what IT “thinks” is important and let’s get to work on testing the BUSINESSES ability to survive an attack. We will review how to evaluate what DOES matter and why compliance is nothing more than a blanket to hide under. At the end, it is about protecting the special sauce that makes your company unique. You can’t pay a fine for being “Non-Compliant” if you have already been HACKED OUT OF BUSINESS.
 

Back to Derbycon 2011 video list