I will be going to Derbycon for my third straight year. This year, I’m taking Carlos Perez’s training course on using Powershell for defense and post-exploitation. The last couple of years, I branched out into parts of security in which I had no experience; this is coming a lot closer to my wheelhouse.
I also have submitted a paper for their CFP. Here’s my title and abstract:
A Gentle Introduction to Security Economics
Why do software manufacturers release software known to be vulnerable? Why are 419 scammers’ e-mails often so poorly written? Is making software open source better for security–or could it actually be worse? These are all questions which we can answer using economic tools. Economics is, at its core, the study of human behavior; given that security is fundamentally a human problem, marrying economic concepts to security analysis can give security researchers a better perspective on the problems we’re all trying to solve.
This talk assumes little to no knowledge of economics among attendees and will feature exactly zero Lagrangian calculations.
This talk is somewhat far afield of your standard Derbycon talk—which tends to be either highly technical or advocacy-related—but with luck, the committee will select my paper and I’ll have a chance to present in front of a brand new audience.