A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Calling All Researchers: A Discussion on Building a Security Research Framework - Michael "DrBearSec" Smith (BSides Las Vegas 2013) (Hacking Illustrated Series InfoSec Tutorial Videos)

Calling All Researchers: A Discussion on Building a Security Research Framework - Michael "DrBearSec" Smith

Independent researchers are lifeblood of the hacking community.  Discovering new vulnerabilities, formulating new strategies and ideas, publishing white papers and blogs, and creating new tools, these visionaries help move our community and industry forward.

Unfortunately, many outside of the community look down upon independent security researchers and dismiss their ideas and work.  This can be for numerous reasons, such as the research not working for a specific organization or company, the lack of scientific and academic standards, or just a prejudice against the concept of independent research.  Even worse, for our community, we have recently witnessed the prosecution of some of these researchers for crossing real or imaginary legal lines during the pursuit of their study.

One way to help legitimize the researchers to others in the corporate and academic communities, as well as help them avoid legal trouble, is the creation and adoption of research guidelines.  The first half of the talk discusses some of the potential pitfalls and prejudices independent security researchers face, especially in regards to security disclosures.  After that, there will be a frank discussion with audience members about their concerns and fears in terms of research, as well as what they would like to see in a research framework.  Finally, volunteers will be invited to help create the framework.

BIO: Michael Smith is a senior security engineer and consultant for ePlus Security. A long time veteran of the industry, he has a diverse IT background, although his true passion remains security. Michael is currently a Doctoral candidate at Capital College, researching the usage of qualitative and quantitative intelligence in security analytics.  He holds several certifications including his CISSP, OSCP, and GPEN. When not testing or securing the enterprise, Michael enjoys spending time with his family, pursuing his many geeky interests, wearing strange hats, and traveling… especially to see the Mouse.

 

Back to BSides Las Vegas 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast