LAS VEGAS – Facebook Chief Security Officer (CSO) Alex Stamos extolled Black Hat USA attendees to focus more on the positive social impact the information security (InfoSec) industry can have on society.
Stamos spent much of his opening keynote address at the security conference highlighting the influence that can come from security experts. This included the idea that the space itself has become something it formerly attempted to fight.
“We don’t fight the man anymore, we are the man,” Stamos said. “But, we have not changed our views on our responsibility.”
Stamos added that the industry was “not living up to our potential,” noting that it had “perfected the art of finding problems without addressing the root issues.”
Stamos also said the market needs to do more than just show off its ability to combat difficult problems, and instead focus on real-world challenges.
“It’s impressive to see someone pull off a hack on stage, but it does not follow what will actually happen in the real world,” Stamos said.
As an example, he cited efforts around the roll out of the public cloud. He noted a lot of initial research went into finding security flaws in the use of public cloud platforms, which did indeed show some potential issues.
However, Stamos said these efforts were targeted at extreme scenarios not likely to be encountered in real life and impacted the adoption of platforms.
“That these security features were not good enough distracted us,” Stamos said. “A lot of companies decided to not deploy in the public cloud, which could have been a better move for their business.”
As part of his call to arms, Stamos asked those in attendance to put themselves in the shoes of the people they should be trying to protect when designing or working on Internet security challenges. This includes the mobile ecosystem, which is how most of the world’s users access the Internet, but they are tied to devices that lack robust security parameters.
“This room is not what the real world looks like,” Stamos said. “Most people use smartphones that cost $50 or $100 and ship out of the factory with an outdated OS.”
Defensive, Diversity Push
Stamos announced that Facebook is allocating $1 million in new funding to encourage “original defensive research” through the Internet Defense Prize. Stamos also cited Facebook’s work with the Defending Digital Democracy Project, which includes efforts to help political campaigns inject security features into their operations.
“Our goal is for these groups to assist each other and share information directly to build greater resiliency into our elections,” Stamos further explained in an accompanying blog post. “This effort has begun with a series of conversations between the various groups to understand their security needs and how we can best address them.”
Stamos also said Facebook was investing more into scholarships and programs designed to increase the diversity of the technology security field.