Sophisticated adversaries are shifting from exploiting technical vulnerabilities to exploiting bad choices made by trusting insiders. We are also beginning to see malware that factors in a human actor who facilitates the intrusion. Security now rests precariously on the ability of people to make good choices – it’s the Achilles heel in any organization. Attackers will always eventually find ways to game new technical defences; we need to refocus on the human element of security and how defenses can adapt to users. With real examples, this talk takes a look at the depth of the problem, some innovative solutions, and opens a window into one of our industry’s greatest challenges.
Dr. Herbert (Hugh) Thompson is Program Committee Chairman of RSA Conference and Senior Vice President and Chief Security Strategist at Blue Coat Systems. Dr. Thompson is a world-renowned expert in information security. He has co-authored three books on the topic including, How to Break Software Security: Effective Techniques for Security Testing (with Dr. James Whittaker, published by Addison-Wesley, 2003), and The Software Vulnerability Guide (with Scott Chase, published by Charles River 2005). He is also the co-author (with Bob Sullivan of NBC News) of an upcoming book from Penguin titled The Plateau Effect. In 2006 he was named one of the
Dr. Thompson has delivered talks/keynotes at key conferences and Fortune 500 corporations and writes frequently on the topic of information security. He has delivered a keynote presentation at every RSA Conference (US) since 2007. Dr. Thompson has been interviewed by top news organizations including CNN, NPR, CNBC, ABC, Fox News, CBS Evening News, MSNBC, HBO, BusinessWeek, Forbes, Fortune, Associated Press, and the Washington Post. He has authored more than 80 academic and industrial publications on software security and writes for such industry publications as Scientific American, IEEE Security & Privacy, CSO Magazine, Network World and Forbes. He earned his Ph.D. in Applied Mathematics from Florida Institute of Technology.