Offensive Security Practitioners have a wide array of tools and tactics to breach perimeters, bypass controls, and hack the planet. Yet our efforts to enact change in the world around us are often abated by organizational positioning, cognitive biases, and public misunderstanding. In this talk we explore where the boundaries for offensive security teams at internal organizations could be expanded and strategies to enact security behavior change at scale both within our organizations and within technology communities at large.
Josh Schwartz, aka FuzzyNop, has been known to be a computer who knows how to computer. It is generally agreed that he is a suspicious character with questionable motives, however he has presented and taught trainings on the subject of red teaming, social engineering, and adversary simulation at conferences across the globe. He currently is the Director of Red Team at Verizon Media where he and his team hack all the things. Samantha Davison is a Behavioral Engineering Manager at Lyft where she nudges employees & users towards positive security & privacy behaviors. Before Lyft, Davison designed and implemented security engagement programs at Snap, Uber, and over a dozen Fortune 500 companies. Davison is the proud co-founder of Privilgd, provider of boutique security & privacy consulting. In her spare time, she explores the world of immersive experiences to prepare for her future career as Westworld Game Designer.