No Hollywood Ending Here | A Doomsday Cybersecurity Conversation With Marcus J. Ranum
11/16/20 • 40 min
We've had enough conversations about the relationship between technology, cybersecurity, and technology to know that people have different expectations, hopes, and visions. Some utopian, some dystopian, and some are Marcus J. Ranum.
We met Marcus J. Ranum a few years ago during an ISSA Los Angeles Summit, where we had an inspiring and thought-provoking conversation about the idea of needing the equivalent of a Geneva Convention for cybersecurity. Given the many twists and turns the conversation had, it was at that point that we knew Marcus had a different perspective on cyber life, as many other professionals do.
Jump ahead a few years to our partnership with ISSA International to bring to life the Official ISSA International Podcast to ITSPmagazine, and we find ourselves with the opportunity to have an extended Luminaries Series chat with Marcus—this time looking at things through the lens of our Redefining Security channel. We take a look at the past, where Marcus was instrumental in bringing to life the first information security firewalls, and from there, we leaped into the present and the future. Buckle up, because it is not a pleasant stroll in the park, and it got pretty dark, very quickly.
In 1976, when Marcus "got into computing," the deployment of systems involved running a wire to a terminal, plugging it in, and enabling the operating system. And, when we say "enabling the operating system" we mean actually building a kernel for your system that you were going to run it on, configuring the hardware, and configuring the device drivers that you needed in the operating system for the hardware that you were going to run everything on.
"We didn't have all these gigantic driver frameworks as we do nowadays. Everything was kind of low and slow, and lean and mean… it had to be because there wasn't infinite amounts of memory nor infinite amounts of processing power. And that had a direct effect on the way security evolved." —Marcus J. Ranum
Fast forward 40+ years—where have we landed—where are we headed?
As you will hear, Marcus has a very dark view of the future of security; a future that involves software engineers, hardware engineers, increased complexity, ongoing abstraction, and an overall lack of comprehension of how things work. This story may be ripe for the picking for a Hollywood flick to hit your favorite streaming service. However, it may not be the traditional Hollywood ending that you might expect.
Come on, join us for this journey. It's one you won't want to miss being part of.
Is there hope for the future of technology and humanity?
Maybe. Maybe not.
Guest(s)
Marcus J. Ranum
Resources
Book: The Myth of Homeland Security by Marcus Ranum: https://www.amazon.com/Myth-Homeland-Security-Marcus-Ranum/dp/0471458791
Book: Huawei and Snowden Questions: https://openlibra.com/en/book/the-huawei-and-snowden-questions
This Episode’s Sponsors:
Nintex: https://itspm.ag/itspntweb
Imperva: https://itspm.ag/imperva277117988
To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-security
Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships
We've had enough conversations about the relationship between technology, cybersecurity, and technology to know that people have different expectations, hopes, and visions. Some utopian, some dystopian, and some are Marcus J. Ranum.
We met Marcus J. Ranum a few years ago during an ISSA Los Angeles Summit, where we had an inspiring and thought-provoking conversation about the idea of needing the equivalent of a Geneva Convention for cybersecurity. Given the many twists and turns the conversation had, it was at that point that we knew Marcus had a different perspective on cyber life, as many other professionals do.
Jump ahead a few years to our partnership with ISSA International to bring to life the Official ISSA International Podcast to ITSPmagazine, and we find ourselves with the opportunity to have an extended Luminaries Series chat with Marcus—this time looking at things through the lens of our Redefining Security channel. We take a look at the past, where Marcus was instrumental in bringing to life the first information security firewalls, and from there, we leaped into the present and the future. Buckle up, because it is not a pleasant stroll in the park, and it got pretty dark, very quickly.
In 1976, when Marcus "got into computing," the deployment of systems involved running a wire to a terminal, plugging it in, and enabling the operating system. And, when we say "enabling the operating system" we mean actually building a kernel for your system that you were going to run it on, configuring the hardware, and configuring the device drivers that you needed in the operating system for the hardware that you were going to run everything on.
"We didn't have all these gigantic driver frameworks as we do nowadays. Everything was kind of low and slow, and lean and mean… it had to be because there wasn't infinite amounts of memory nor infinite amounts of processing power. And that had a direct effect on the way security evolved." —Marcus J. Ranum
Fast forward 40+ years—where have we landed—where are we headed?
As you will hear, Marcus has a very dark view of the future of security; a future that involves software engineers, hardware engineers, increased complexity, ongoing abstraction, and an overall lack of comprehension of how things work. This story may be ripe for the picking for a Hollywood flick to hit your favorite streaming service. However, it may not be the traditional Hollywood ending that you might expect.
Come on, join us for this journey. It's one you won't want to miss being part of.
Is there hope for the future of technology and humanity?
Maybe. Maybe not.
Guest(s)
Marcus J. Ranum
Resources
Book: The Myth of Homeland Security by Marcus Ranum: https://www.amazon.com/Myth-Homeland-Security-Marcus-Ranum/dp/0471458791
Book: Huawei and Snowden Questions: https://openlibra.com/en/book/the-huawei-and-snowden-questions
This Episode’s Sponsors:
Nintex: https://itspm.ag/itspntweb
Imperva: https://itspm.ag/imperva277117988
To see and hear more Redefining Security content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-security
Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships
Previous Episode
You Can't Lift-And-Shift Humans To The Cloud | A Training And Staffing Conversation With Niles Pyelshak, Ryen Macababbad, And Kacy Zurkus | RSAC 365
Get ready for another journey! This time we're going into The Cloud; pack some open mind and perspective, as the environment is busy, constantly changing, and diverse skills, backgrounds, and culture are needed.
Presumably, many folks—when they think of "the cloud"—immediately think about technology; something along the lines of "my computer is somebody else's computer." We often forget that humans are building the cloud, running in the cloud, using and supporting it. Each cloud is a bit—or a lot—different. It is—or should be—built to operate in support of its specific business, bringing with it everything it needs to allow it to run and be successful. It must be usable by the teams that run it and secure it. But that’s not always the case.
With a widening gap for skilled cybersecurity talent—that now must also operate in the cloud environment—what we're really missing in the industry is the means to look at non-traditional talent. We must get creative in picking the pools where to find this talent and get creative with looking for sources of people that can fill the roles we have open.
We must remove the blinders that the InfoSec industry has been wearing for far too long. By doing so, we will open up to opportunities for the many talented, passionate, technology-loving, and continuously-learning, to join the industry. These are the kind of people we want in our organizations because they're always going to go after learning something new—and that's what we need most in this fast-paced cloud environment.
When you listen to this episode, you'll quickly realize that you may be able to lift-and-shift some of you on-premises technologies to the cloud—but that this model doesn't suit the humans making it all work.
A few things need to change as fast as the cloud. The way in which we educate, train, and prepare the existing and future workforce is possibly one of the most important to address.
Listen up as we present to you the upcoming RSA Conference 365 Virtual Series.
The first one of many.
Guest(s)
Niles Pyelshak, Service Delivery Manager, Cisco
Ryen Macababbad, Senior Security Architect Manager, Microsoft (@Ryen_Mac on Twitter)
Kacy Zurkus, Content Strategist at RSA Conference (@KSZ714 on Twitter)
Resources
Learn more and register for the RSAC 365 November Seminar: https://itspm.ag/35rZGSe
Microsoft Software and Systems Academy: https://military.microsoft.com/programs/microsoft-software-systems-academy/
DoD Skillsbridge: https://dodskillbridge.usalearning.gov/
Empow(H)er Cybersecurity: https://www.empowhercybersecurity.org/
This Episode’s Sponsors:
ReversingLabs: itspm.ag/itsprvslweb
To see and hear more event coverage content on ITSPmagazine, visit:
https://www.itspmagazine.com/itspmagazine-event-coverage
Are you interested in sponsoring our event coverage or another ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships
Next Episode
Why Knives Are Good For Culture | Guest: Stephen Bono | Tech Done Different With Ted Harrington
In the years since he formed ISE, Stephen Bono has grown the Baltimore-based company into a cyber-threat mitigation and solutions entity widely recognized for its thought leadership, excellence, integrity, and dedication to its clients. How did he do it? By thinking differently.
Listen in to hear stories about:
- how ethical hacking changes the way companies think
- why knives are good for culture
- the role of failure in leadership development
In this episode, our special guest is Stephen Bono, the Founder/CEO from Independent Security Evaluators. Enjoy the conversation!
Guest(s)
Stephen Bono, Founder/CEO from Independent Security Evaluators
Host(s)
Ted Harrington
This Episode’s Sponsors:
If you’d like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorships
For more podcast stories from Tech Done Different With Ted Harrington: https://www.itspmagazine.com/tech-done-different-podcast
Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/itspmagazine-podcasts-3754/no-hollywood-ending-here-a-doomsday-cybersecurity-conversation-with-ma-9891137"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to no hollywood ending here | a doomsday cybersecurity conversation with marcus j. ranum on goodpods" style="width: 225px" /> </a>
Copy