Brucon: Challenges are not enjoyable if you already know the answers

News by Dan Raywood

Speaking at the opening keynote of the Brucon conference in Ghent, Microsoft senior security strategist Katie Moussouris said that attackers need defenders.

Speaking at the opening keynote of the Brucon conference in Ghent, Microsoft senior security strategy lead Katie Moussouris said that attackers need defenders.

Talking about her childhood and her first Commodore 64, Moussouris said that her own curiosity led her to write 'choose your own adventure' games but said that "it was not so much fun when you know the answers to the challenges".

Moussouris said: “Attackers and defenders need each other as we do not know answers to the puzzles, it stops being fun when we know the answers. If we challenge each other we are playing in an incredible 'choose your own adventure' game. We are challenging each other and the status quo and sharing knowledge, these are my kind of people. With the internet and security, we have invited the world to play in their own 'choose your own adventure' game.

“Hackers follow curiosity and challenge the status quo, and without sharing knowledge things will not change. We have seen this in dark corners of our industry and defenders need to listen. The internet is profoundly different from a few years ago, computers now talk to each other without human intervention.

“I am not talking about tablets and smartphones, but social networking and cultural revolutions and the internet of things means appliances and your car are connected. This is the same as internet of PCs, it is wide open to abusers and you need to know what kind of adventure you have chosen.”

Moussouris likened the front line battles as defenders being like a mouse to the attackers cat, when in fact they need to be the mongoose to cobra and be a winner some of the time. “Computer security is still more mouse than mongoose and great attackers will be symbiotic sparring partners,” she said.

She concluded by challenging delegates to find the levers to move the world in the hacker space or in the meeting room or better yet, both.

“Make your voice heard and find your lever. The security sea cannot swell without a knowledge of offence and defence, you are the sea. Pirate a ship, ride the waves to leap forward, defenders cannot be decent defenders if they do not understand the attack,” she said.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews