Interview with Michael
Here we are, back again with Security-BSides in Hamburg! Last December’s event was an overwhelming success, and encouraged by the participants we felt we needed to offer a second conference whilst 32c3 was in town. Minimum time-frame, scarce resources, but yet again some awesome people around us made it happen!
This is why we want to introduce some of them to you. We’re currently interviewing sponsors, speakers, participants, workshop-leaders, supporters, and community members who spread the word even if they can’t make it to Hamburg. So join us in meeting our great BSides family!
This is one of our speakers and supporters, Michael Goedecker - he is IT-Security expert and together with IT Securtiy consulting companies like Auxilium and BPEX, he offers his expertise to the biggest companies in Germany and Europe.
1. Michael, you are one of the very faithful supporters of BSides Germany! Why do you think BSides is a good idea?
BSides and Security Research are vital to everyone. BSides to me is a place were we leave our egos at the door and help teach each other the way it was meant to be. We talk about what we see in reality and make sense of it all in a way than everyone can understand. As a human being its important to pass on the stuff we have learned to others and we discuss findings so that research becomes more dynamic and even better than it was previously. Many people talk about innovation, BSides actually is that innovation many people try to replicate. Simply put we research, write findings down, present, discuss and refine. Everyone wins!
2. With Auxilium as well as with BPEX you are working a lot with Managers - why are Managers asking you for help?
Initially we see a lot of companies that say “cyber” this and “cyber” that. Like those other fellow researchers we are actually out there and make sense of all the acronyms and make security understandable to the business. We cut the BS, take existing systems and make them better, we do our best to give the best advice we can within a budget. If the customer decides to not do something we make sure they know the pros and cons and simply let them decide. Managers trust us because we do the work and don’t sell smoke and mirrors.
3. Do you think that the overall security awareness has increased or decreased?
Security has changed because the nature of threats have changed. We all have been talking the password hardening and encryption game for years. Now we see that the three C’s (Cyber Warfare, Espionage and Crime) come up with new ways to use old stuff and also become a lot better at avoiding detection. Awareness is always a reoccurring theme it never stops in my opinion. We are aware in some areas and lacking in others. Awareness needs to be more social, mainstream and in everyone’s mind not to scare but because its the right thing to do. Awareness that security is business critical is the next stage of what I call the security revolution. Security is business critical…
4. What can Hackers do to reach out to Managers and offer their help? And how could Managers reach out to hackers without any concern?
For starters Hackers are not Crackers or Nation State Spies! We need to make sure that Hacking is understood for what it really is. It’s simply put; the passion to understand how technology works and make it better. Along the road we find bugs, rather than suppress this we should embrace and nurture it.
We as security folks need to understand the entire process and help managers cross the bridge to understand the technical things we know. Appreciating that there are two sides helps when talking to a business owner why encryption makes sense or why brute forcing passwords is so easy when you use the same password for everything and it isn’t even that hard to guess. I try to be that guy that balances the discussion and starts with a scenario or use case, then can go into more details after folks understand why security is so important. So soft skills, knowing how to present, working in a community or team, using innovation to make things better. All of these are btw what BSides has!
5. What contribution could BSides make to increase the exchange and the trust between managers and hackers?
By acting as a bridge or neutral ground for both sides to “sniff each other” and give businesses the chance to help Bsides events by sponsoring and also offering to hire folks that are so passionate about security and technology. We need both, both are valid. Businesses see how we work, we see how they work, we learn from each other and get to know each other by building a relationship. I know this sounds funky but this is what happens, human hacking! ;-)
BSides also helps and gives folks a stage to present and discuss, gain those skills you can’t really teach but have to experience in order to build.
How to book tickets
You can book tickets to the conference, via our Eventbrite page.