Security industry best practices: Black Hat 2010

Following an industry conference, I find it a good practice for me to reflect back on what I learned and observed and see how I can apply it to my current work. At the conference there is so much to learn and take in, so I find it helps to let it all marinate for a bit of time and then I can start to uncover the new learning once I’m back at my desk and away from the conference buzz. It’s now been nearly two weeks since BlackHat wrapped up and these are the topics and observations from the conference that have been swilling around in my head. I hope to explore these thoughts more with my industry colleagues and find my way to contribute to improving security industry best practices.
 
Cyber security professionals need an education
Education remains an area of concern for cyber security professionals. The perception is that universities are graduating computer scientists and other degreed professionals inadequately prepared to create secure software products. One comment seemed to resonate with many BlackHat attendees: “If it’s fair to expect a journalism graduate to write with appropriate grammar, why can’t we expect computer science graduates to write secure code?” This problem arises from a number of challenges, particularly the need to adjust curricula to meet the ever-changing technology landscape. Security is also an (continue reading...)