The goal of this talk is to show how simple decent security can actually be when we as professionals take the time to truly listen to our loved ones (and in turn, our customers) struggles and offer solutions they can stand up on their own.
Everyone with a career in any branch of technology absolutely loves playing personal tech support to family and friends, right? Your brother's wifi isn't working, your best friend's credit card information was stolen in a data breach, and your mother's computer keeps getting infected with malware even though she swears she didn't click the sketchy looking link this time. You have no problem helping them out and you want them to learn better security practices! However, you know very well trying to explain how to use a password manager to your grandmother who can hardly turn her iPad on will be a bit of a struggle. It is possible to perform tasks that security professionals do on a regular basis, such as reconnaissance, threat modeling, and vulnerability remediation to quickly and easily identify and even assist your loved ones in creating a better security posture for themselves without sounding like a slightly rude security know-it-all and not truly creating a personalized solution for their situation. In this talk, Alexis Lee will give a few examples of everyday, non-security experts, what information they need to keep secure, and what current bad practices they are currently using. Alexis will also cover how to have a respectful conversation about pointing out what bad security practices may be taking place and why it is important to fix them without inciting a panic, and help you give accurate advice on how to do better without frustrating your relatives into believing that good security is obstructively difficult. The aim of this talk is to show how simple decent security can actually be when we as professionals take the time to truly listen to our loved ones (and in turn, our customers) struggles and offer solutions they can stand up on their own. Sometimes a given solution to a problem would be an absolute disaster to implement in a typical work environment, but, if it means your aunt's chocolate chip cookie recipe is just a little more secure, then that's all that matters at the end of the day.