I'm not really a fan of the term 'information security celebrity', because I consider it somewhat an oxymoron, but I can indulge the concept for long enough to declare that if such thing does exist, Jack Daniel is absolutely qualified to wear such title.
I've watched Jack present at several industry events in the past, and have knowingly nodded each and every time one of my profile interviewees has given Jack as their answer to my question: If you could hire anyone, who would it be? But 1st May, in Earl's Court, was my chance to ask Jack Daniel absolutely anything I wanted to. In fact, I had to ask very little. Daniel's passion for the industry means that with only two or three questions, he could easily fill an hour engaging me with his antidotes and most candid views on the industry to which he has dedicated his career to.
At the top of his passions list is BSides, community-driven industry events which he co-founded into existence. The idea spawned from the community's complaints about papers that had been rejected by BlackHat. "Some of the rejections were valid, but some of the rejected papers were great and simply didn't have a home at BlackHat”. Daniel thus took it upon himself to find that content a home. "We had six weeks to execute the first BSides and held it in a frat house just outside of Vegas. There was a pool, a lounge, food, drink and plenty of opportunity to just talk", remembered Daniel. "I recall PCI discussions around the pool table."
The event was a success, and there was demand for the same model to be replicated across the United States, and eventually worldwide. "The magic of every [BSides] event is that it reflects the local committees", Daniel told me. With events now in over a dozen countries - including Singapore, India, UAE, Austria, South Africa, Brazil, Australia and more - the BSides community ran over 40 events in 2013. I asked Daniel how the events will maintain their intimacy with such growing demand and he shrugged, "That is a struggle", he confessed.
One of many BSides stories that Daniel shared with me which I can't possibly neglect to re-tell is of a 19-year-old man who presented at BSides. "He wanted to get into the information security industry, and wasn't being taken seriously, so he presented at BSides", he recalled. "The community helped him, he got a job, and his career is evolving".
We Eat Our Young
This story is particularly relevant given what Daniel went on to tell me when I asked how good the industry is at welcoming new talent. "In infosec, we eat our young. They're not mentored, they screw up and then they get eaten up, and that happens both in pen testing and on the business side", he said regretfully.
"We're all over the place as an industry, and the community could definitely be more supportive of new talent. This is what BSides is all about; giving people the chance to talk to the researchers and presenters."
The information security community, declared Daniel, is both the best and worst thing about the industry. He mentioned the Blogger Awards, and the eager BSides communities as "fantastic" but candidly declared the industry to be "full of utterly intolerant people ".
Hamster Wheel of Pain
When I ask Jack Daniel whether we’re doing a better job as an industry now than we were a decade ago, he contemplates the question for a few seconds before responding. “Well, we’re in a hamster wheel of pain in this industry”, he told me, “we don’t work on a static issue. Every time we almost get a technology right, the threat changes. We lock something down, and then the barriers move. It’s a moving target. This is a polite way of saying that I don’t know if we’re any better, but we’re running like mad.” Sometimes, he added, we run in the wrong direction.
“We use temporary bandages and we now have forty years of bandages built up. We forget about the fundamental stuff in security. We’re too focussed on creating problems and then building security. We need to take a step back”, he concluded.
I waited eight years to interview Jack Daniel, and I wasn’t disappointed. Until next time, Jack…
Jack Daniel is Security BSides co-founder and technical product manager at Tenable Network Security.