Breaking Brains, Solving Problems: Lessons Learned from Two Years for InfoSec Professionals

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=p86LsfCmQdo


Duration: 41:02
2 views
0

Matt Wixey | Research Lead, PwC UK
Date: Thursday, August 6 | 12:30pm-1:10pm
Format: 40-Minute Briefings
Tracks: Human Factors, Community

Many of us got into security because we like solving hard problems, and problem-solving is often listed as a specific requirement in security job descriptions. You might need problem-solving skills to crack niche technical issues in exploit development or mitigation, or when investigating threats and compromises. Or it might be more general, like developing strategies and policies. But what does it mean to be 'good' at problem-solving? How do our minds work when solving problems? More importantly, how do we get better at it?

In this talk, I'll present findings from over two years of creating and setting puzzles and riddles designed specifically for a team of 300 cyber security professionals as part of a dedicated program. Some were technical challenges, similar to CTFs; others focused on linguistics, lateral-thinking, probability, mathematics, and logic.

I'll cover the program's inception; how its puzzles were designed and solved; and the findings - including an analysis of improvements over time, which types of puzzles were most popular/solved and why, and case studies of where improvements in problem-solving actively helped with day-to-day work. I'll set all this against a background of academic research on problem-solving, discussing the mental processes which take place and how they can be strengthened with practice and exposure to different types of challenges.

I'll also share some observations on how the program fostered collaboration and cooperation between staff from different teams, technical abilities, and backgrounds – sometimes deliberately, sometimes completely accidentally.

Finally, I'll conclude by sharing some resources which have helped me, give you tips on starting your own puzzle program, and suggest ways in which the community can work together to build and maintain a repository of puzzles and findings. I'll also set a puzzle during the talk - first to message me with the correct answer wins a prize!

Black Hat - USA - 2020 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-10Hiding Process Memory via Anti Forensic Techniques
2022-01-10How I Created My Clone Using AI Next Gen Social Engineering
2022-01-10Practical Defenses Against Adversarial Machine Learning
2022-01-10iOS Kernel PAC, One Year Later Copy
2022-01-10Remote Timing Attacks on TPMs, AKA TPM Fail
2022-01-09Black-Box Laser Fault Injection on a Secure Memory
2022-01-09EdTech- The Ultimate APT
2022-01-09HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges
2022-01-09Making an Impact from India to the Rest of the World by Building & Nurturing Women Infosec Community
2022-01-09Election Security: Securing America's Future
2022-01-09Breaking Brains, Solving Problems: Lessons Learned from Two Years for InfoSec Professionals
2022-01-09Emulating Samsung's Baseband for Security Testing
2022-01-09Hunting Invisible Salamanders: Cryptographic (in)Security with Attacker-Controlled Keys
2022-01-09Mind Games Using Data to Solve for the Human Element
2022-01-09Breaking Samsung's Root of Trust: Exploiting Samsung S10 Secure Boot
2022-01-09I calc'd Calc - Exploiting Excel Online
2022-01-09Engineering Empathy: Adapting Software Engineering Principles and Process to Security
2022-01-09Multiple Bugs in Multi-Party Computation: Breaking Cryptocurrency's Strongest Wallets
2022-01-09Breaking VSM by Attacking SecureKernel
2022-01-09Escaping Virtualized Containers
2022-01-09Experimenting with Real Time Event Feeds


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
phishing
software
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Matt Wixey
infosec
ctf