ometimes it feels like the only real infosec professionals are penetration testers. They do cool stuff like you see hackers do in movies. I am an information security professional. I have security in my title, I deal with vulnerabilities and the like. I can’t pop boxes, I can’t reverse malware, I can’t pwn noobs. I’ve learned by watching and asking the community, I teach policy, concepts, state of mind. I empower others to ask why, to try things that no one thought of. I try to understand the concepts of security as it relates to my employer, and educate as many as possible to do the same. My job is education, outreach, and sometimes investigation and mitigation. Infosec isn’t all shells and linux, IDS and blinkenlights. There’s another side that is just as valuable.

Back to Derbycon 2014 video list