A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Hackers vs. Defenders: Can the defender ever stop playing catch up and win? - Mano Paul Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Hackers vs. Defenders: Can the defender ever stop playing catch up and win?
Mano Paul
Derbycon 2015

For the majority of my career in information security, I have played the role of a defender. Two of my books related to application security and secure software are testaments of this. However, I am certain that most security professionals within companies would relate to me, when I say, ‰ÛÏI found myself playing catch up‰Û. The attacker always seemed to have the advantage, for even securely designed applications were exploitable or exploited. How could this be? One of the reasons for the exploitability of secure applications was that the application teams seldom designed and developed their application with the attacker's skills, tools and techniques in mind. This talk is designed to bridge that gap by teaching the attendees: - how applications get hacked (the anatomy of exploiting vulnerabilities) - the shortcomings of secure development processes such as threat modeling and code reviews, etc. - how proactive offense can be the best defense.

Brief Bio: Author (7 Qualities of Highly Secure Software and The Official Guide to the CSSLP),, Advisor (Software Assurance), Biologist (Shark Researcher), CEO (SecuRisk Solutions), Founder (HackFormers), Security Professional, Christian, Husband, Father, Blackbelt and Video-gamer. Extended Bio: Mano Paul is a shark biologist turned security professional. He is the author of the acclaimed ‰ÛÏ7 Qualities of Highly Secure Software‰Û and the ‰ÛÏOfficial (ISC)2 Guide to the CSSLP.‰Û He founded and serves as the CEO of SecuRisk Solutions. Before SecuRisk Solutions, Mano managed the application security program at Dell, Inc. prior to which, he was a shark researcher in the Bimini Islands, Bahamas. His InfoSec experience includes designing & developing security programs from compliance-to-coding, security in the SDLC, writing secure code, risk management, security strategy, penetration testing, vulnerability analysis, and security awareness training & education. Mano is also a managing partner at Prudent Games, a company his son, Reuben Paul, founded which develops entertaining games that are educational as well. Mano was appointed as the software assurance advisor for (ISC)2 and is a member of the AppSec Advisory Council. He was recognized and honored for his contributions to the security industry by being awarded the first Information Security Leadership Awards (ISLA) as an information security practitioner in 2011. Mano is an invited speaker, delivering keynotes, talks, training and participating as a panelist, in several domestic and international security conferences such as RSA, Security Congress, ASIS, DerbyCon, SANS, OWASP AppSec, LASCON, Shakacon, Gartner (Catalyst), and SecureSDLC events. Mano holds the following professional certifications, CSSLP, CISSP, GWAPT, GSSP-.Net, EC-Council ECSA, MCSD, MCAD and the CompTIA Network+ certification. Mano holds a Bachelor of Business Administration degree in Management Information Systems from the University of Oklahoma, USA, and a Bachelor of Science degree in Zoology (Fisheries) from the University of Chennai, India. On a personal note, along with a few volunteers, Mano founded HackFormers in 2011, which is a faith-based non-profit organization with the mission to Teach Security, Teach Christ and Teach Security in Christ. He is married to Sangeetha Paul and he enjoys spending time with their two sons, Reuben and Ittai. For fun, he likes to do Shaolin Do Kung Fu (both he and Reuben are 1st degree Black belts) and play video games with his children.


Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast