Pre-mortems – #2 on SDxCentral’s Top 10 Stories

Archive for the ‘Videos’ Category

Pre-mortems – #2 on SDxCentral’s Top 10 Stories

Posted by

SDxCentral posted the top ten stories of  2023. I was surprised and pleased my pre-mortem on Zero Trust came in at number two on the list. I’m not tagging this as news, as I covered the story when it came out here: https://jwgoerlich.com/a-pre-mortem-on-zero-trust/

But! That did remind me. Since the original article came out, the video came out. If you want to see the RSA talk that landed the second spot on SDxCentral’s top ten, you can see it now. Right here. Right now. So much fun.

Joining Midori on the Consent Dojo

Posted by

We “Value” Your Privacy: Digital Consent with J Wolfgang Goerlich + Midori

  • How has consent been co-opted with things like end user agreements and cookies, and what can we do about it?
  • What can we consent to when it comes to digital toys and tech, including sex toys and sex tech?
  • What are consent technologies, and are there new developments, innovative technologies, or new approaches?
  • How are people advocating for themselves, individually or collectively, to take back control over our tech?

Nudge and Sludge: Driving DevOps Security with Design

Posted by

 

Nudge and Sludge: Driving DevOps Security with Design

Security people say users are the weakest link. When security becomes burdensome, users take shortcuts jeopardizing security. Design offers a solution. We will walk through affordances, nudges, sludge and principles to inform and direct our design. Come learn how better usability leads to DevOps security.

This talk was given at DevOpsDay Tel Aviv 2021.

We got it wrong! – Great Lakes Security Conference

Posted by

This session is on all the things we all say all the time, about all the things we call know. Security through obscurity is bad. Defense in depth is good. Stop clicking things. Next generation is bad, or maybe, next generation is good. The list goes on and on. The resulting rules of thumb are sometimes contradictory and often misleading. With war stories and anecdotes, we’ll explore what happens when teams run security by tribal knowledge instead of research and reason. Spoiler alert: they get pwned. Turns out, we were wrong.

Presented for Great Lakes Security Conference (GLSC) 2021.

Watch more videos on my YouTube channel.

Design Thinking for Blue Teams at Converge Detroit

Posted by

Usability versus security is stupid. It forces us to choose one or the other. It excuses security breaches under the guise of usability. It automatically pits us against them, builders against breakers, developers against defenders. A better approach is to view security like usability: they happen where man meets machine. At that moment of meeting, what factors in human psychology and industrial design are at play? And suppose we could pause time. Suppose we could tease out those factors. Could we design a better experience, design a better outcome, design a better path to the future?

Recorded for Converge Detroit 2020

Watch more videos on my YouTube channel.