[Update: I think there was more positive than I really touched on, and have written a new post all atwitter about why it was useful and why I'll do it again.]
I don’t think that it was hugely successful for this talk for two reasons. First, my talk, “The Crisis In Information Security” is a ‘big idea’ talk, based on my book “The New School of Information Security,” written with Andrew Stewart.
A big idea talk has to cover a lot of ground quickly, rather than dwell on a lot of specifics–you can see some of that feedback, Rich Mogull comments on “I said some of that a year ago,” and B.K. Delong says “can we have more details?” The other reason it didn’t work is because there was a lot of in-room interaction. Questions came out during the talk rather than being tweeted.
stormtrooperguy: All tweets from the current panel @sourceboston will be tagged with #sourceadam so that they can reference it later.
leune: getting ready for #sourceadam
quine: Actually, #SOURCEAdam or #AdamSOURCE.
bkdelong: At Adam Shostack’s talk #sourceadam
securitytwits: RT @quine — if you’re in @adamshostack’s presentation at #SOURCEBoston, please use #adamsource OR #sourceadam for feedback/questions.
quine: Admittedly, I am a buffoon. I chose “#adamsource”, then announced “#sourceadam” — hence the use of both
Beaker: I believe I just saw a nerd version of Sysyphus — better than a LOLcat #sourceadam #sourceboston
Beaker: Who was the last idiot infected with Blaster? We just saw the last guy who had Smallpox…. #sourceadam #sourceboston
mortman: @Beaker Well lolcats are beneath Adam #sourceadam #sourceboston
mortman: Milliken Oildrop Experiment lead to powerpoint. #sourceadam #sourceboston
mortman: @alexsotirov @k8em0 has an apple and the rest of us don’t. #sourceadam #sourceboston
k8em0: @alexsotirov we lack cred in infosec because we lack data #sourceboston #sourceadam
hackertweets: k8em0: @alexsotirov we lack cred in infosec because we lack data #sourceboston #sourceadam
k8em0: @mortman @alexsotirov it’s a pear. Observation is not the best way to gather data.#sourceboston #sourceadam
mortman: @k8em0 @alexsotirov Proof that independent confirmation is a necessary part of the scientific method. #sourceboston #sourceadam
bkdelong: @k8em0 At least not VISUAL observation #sourceadam #sourceboston
mortman: #sourceadam #sourceboston Re: learning from experience. Is that another way of saying “the plural of anecdote is not data”?
stormtrooperguy: @sourceboston : the #sourceadam panel is packed, standing room only.
Beaker: Adam, you have a lot of “questions.” You have any answers? #sourceadam
I think I do. If not, you have a refund coming. (Hoff bought the book on his Kindle as we were setting up. I promised him a refund if he doesn’t like it.)
bkdelong: So @adamshostack what data is being collected that is good? What do we NEED to be collecting? #sourceadam #sourceboston
bkdelong: Specifically what KPIs and what metrics / risk calculations can we be doing to help us make the case to management #sourceadam @sourceboston
What does your management care about? You’re going to need rich sets of data to find the comparatives you need
mortman: #sourceadam #sourceboston RE: What is the biggest pain point? We talk about professional hackers, users, random loss, why not vendors?
mortman: #sourceadam #sourceboston Why not more blame for the folks who produce crap?
k8em0: it’s hard to categorize what causes security customer pain (hax0rs, kiddiez, RBN, nation-states) #sourceboston #sourceadam
rybolov: #sourceadam can you use the phrase “self-licking ice cream cone” jus for me? k thnx.
Self licking ice cream cone
hallam: @SOURCEAdam have you heard of the GENI initiative, any thoughts?
mortman: @hallam geni.net? or something else #sourceadam #sourceboston
I haven’t, thanks! Checking it out now.
bkdelong: The @datalossdb does not cover all breaches and too many reporters cite it as true total # of breaches – bad. Needs correction #sourceadam
BK: True, but as the Beatles said, it’s getting better all the time.
k8em0: #sourceboston #sourceadam Hype is too big for your breaches – they don’t cause all customers to flee & you to go bankrupt.
mortman: #sourceboston #sourceadam Mmmmm tylenol.
bkdelong: Tylenol Recall #sourceboston #sourceadam (expand)
bkdelong: The @datalossdb certainly best out there but there are lots of unreported/non-FOIA’d breaches not in there. Still a lot more. #sourceadam
bkdelong: More on Black Swan theory – http://tinyurl.com/2ngwkw (expand) (Yes, wikipedia for ease sake) #sourceadam #sourceboston
I was pretty dismissive of “Black Swan” hype. I stand by that, and don’t think we should allow fear of a black swan out there somewhere to prevent us from studying white ones and generalizing about what we can see.
rmogull: @bkdelong #sourceadam #sourceboston I wrote an article on that over a year ago (Tylenol/disclosure): http://bit.ly/Q5Ko8 (expand)
Great stuff, Rich!
mortman: #sourceboston #sourceadam Check out “research revealed” tracke at RSA.
k8em0: #sourceboston #sourceadam wallow in the data, follow @datalossdb for example.
bsmithsweeney: #sourceadam reminded of “The Quixotic Quest for Invulnerability” http://tinyurl.com/5equfo (expand), on protection vs. recovery #sourceboston
k8em0: #sourceboston #sourceadam you point out methodological flaws w/the passwords4chocolate experiment. 45% of women likely lied 4 choc.
It would be fun to find out how many lied, and how many didn’t care. I suspect we’d be depressed, but the truth is supposed to set you free, not make you happy.
bsmithsweeney: Really enjoyed #sourceadam talk @sourceboston. Definitely worth grabbing the slides/video.
Thanks bsmithsweeney, and thank you to everyone who participated in the talk and the backchannel!