DeepSec Keynote: DevSecBioLawOps and the current State of Information Security
Technology is evolving. This is especially true for computer science and the related information technology branch. When everything is outdated after a couple of months, the wind of change turns into a storm. It also affects the way we work, processes which enable us to get work done, and changes perspectives how we see the world, code, and its applications. Dev, DevOps, and DevSecOps is a good example how these changes look like at the top of the iceberg. Subjectively information security is always a few steps behind the bleeding edge. The word „bleeding“ is a good indication of why this is the case. However, security professionals cannot turn back time and ignore the way the world works. New technology will always get pushed into all areas of our lives until its creators realise where it works best.
The implication for the information security experts is the management of vast piles of knowledge and the possession of experience. Once upon a long ago there was the network and there was the host. There may have been firewalls, but sometimes there were none. Now we have full stack development and penetration testing. A myriad of frameworks, tools, techniques, and collections of code have entered the daily life. Infosec staff is told: „Protect everything, anywhere, any time, using any means necessary!“ Be a DevSecBioLawOps and more!
If you look at the wonderful research papers and reports of vulnerabilities, then surely there must be people out there who know everything and possess all the skills. In reality information security can only be done in teams with highly specialised experts. The opening presentation of DeepSec 2020 tries to explore the facts, find some questions we might have forgotten, and will draw a big picture of the current state of affairs. The presentation is strongly recommended for anyone new to information security.
René was born in the year of Atari’s founding and the release of the game Pong. Since his early youth he started taking things apart to see how they work. He couldn’t even pass construction sites without looking for electrical wires that might seem interesting. The interest in computing began when his grandfather bought him a 4-bit microcontroller with 256 byte RAM and a 4096 byte operating system, forcing him to learn TMS 1600 assembler before any other language. After finishing school he went to university in order to study physics. He then collected experiences with a C64, a C128, two Amigas, DEC’s Ultrix, OpenVMS and finally GNU/Linux on a PC in 1997 (let’s leave out the wonderful world of Windows 3.11/95/NT4). He is using Linux since this day and still likes to take things apart und put them together again. Freedom of tinkering brought him close to the Free Software movement, where he puts some effort into the right to understand how things work – which he still does.