Opening the 19th Black Hat Europe in London, founder Jeff Moss said that over the years the diversity of the security community has grown as well has the expansion of skills to include both hard and soft skills. He also said that the culture is maturing, and on the tech side “I see a slow move to a demonstration of skill” and instead of showing certifications, it is much more about “demonstrating the skills you have to be in a particular field.”
He said that we are specializing in our fields, and he encouraged delegates to specialize as “that is how you are going to be known in your fields.”
Moss also said that we are going to be rewarded for our soft skills, and for our ability to communicate what we know to management. “What is the point of your business, and what are your business objectives? Is what you are doing fun and really exciting but doesn’t align to any business goals? Then you should get out of that team and get into a team that is aligned to those business goals.”
Citing former NSA and CIA head General Hayden’s term of you “have to organize to operate,” Moss argued that you have to organize your team, people, skills and resources before you can start operating.
“Right now we’re organized for compliance, and we need to organize to operate,” he said, adding that you need to be involved with solutions and not be too far away from the problems and solutions to make an impact. He also recommended engaging with the enemy “whoever it is” and seeing how they operate and learn their strengths and weaknesses.
“The most dangerous thing is defenders who never get information from real attackers,” he explained.
Finally, he recommended “fostering the right team and talent, as if you are not recruiting and transferring knowledge and passing on lessons learned to the company as a whole, there is a disconnect”, especially if legal doesn’t understand what you are doing. “If you are operating you have all of these cylinders firing.”
Moss concluded by saying that there are a wealth of learning opportunities available, and he praised conferences for posting talks without paywalls, and encouraged more knowledge sharing in the future.