Beau Woods is that kind of specialist we all look after – fully committed in the cyber security industry, an expert in his field and a great advisor. Moreover, he is one of the very few who’s willing to fight for a greater good of the information & security industry and . That is why, we believe that the Ambassador of the I Am the Cavalry should officially open DefCamp 2015. So why not learn more from his expertise? 🙂
“As with any field, in information security you have to be passionate and dedicated to rise to the top tier. That’s what I aspire to, and so every day I pour myself into what I love to do.“, starts the Linkedin biography of Beau Woods.
Could you please share few words about you and tell us exactly what is I Am The Cavalry? What is its purpose currently? Any significant results?
I Am The Cavalry is a grassroots initiative launched a couple of years ago at the DEF CON security conference. The idea was that our dependence on connected technology is growing faster than our ability to secure it. Consequences of this dependence are affecting the world around us – increasing exposure of physical systems, colliding with existing laws, and changing our social contracts. Public policy makers, industry leaders, incentives, and institutions are not safeguarding the public from harm. If the Cavalry isn’t coming to save us, we must save ourselves. The responsibility falls to all of us. I Am The Cavalry is a personal attestation that each of us will contribute to solutions, rather than simply admiring the problem.
“If the Cavalry isn’t coming to save us, we must save ourselves.”
Beau Woods @DefCamp 2015
We’re currently focusing on areas where human life and public safety intersect with cyber security. We segment these into four primary domains – automotive, medical devices, connected home (IoT, etc.), public infrastructure (planes, trains, power, etc.). We’ve had the most focus on automotive and medical devices, and there’s already a lot of work from others in the security research community on improving the other two domains.
We’ve had a lot of success turning ourselves and our colleagues into ambassadors, and reaching out to other stakeholders to catalyze action collaboratively. A year ago we published a Five Star Cyber Safety Framework for Automobiles which got a lot of positive reactions from Automakers, industry groups, and government regulators – some of whom are working to incorporate those capabilities into their activities. We’ve also worked closely with stakeholders in the healthcare community to improve cyber safety of medical devices.
Can you give us an example on how much damage can cause a flaw in a medical device?
Cars and medical devices today resemble corporate IT in the mid-1990s in some ways. They’re complex, software-enabled, vulnerable, and are being connected – directly or indirectly – to the Internet. But the consequences of failure are much higher, the threats are greater, and the economics won’t support an aftermarket cyber safety industry.
“[…] near future will focus on novel ways to adapt a “security by design” mentality to organizations and devices”
The problem space is well-worn, and it’s doubtful that there will be many new types of attack. So instead of focusing on discovering flaws we know are likely to exist, impactful research in the near future will focus on novel ways to adapt a “security by design” mentality to organizations and devices.
What do you think would give a greater weight for the security of medical devices?
We’ve already seen several U.S. and European medical device makers, as well as the U.S. regulator state the importance of security research in making a safer healthcare ecosystem. The key ingredients in this have been empathy and outreach. By reaching out, we get out of the often fatalistic mindset of our own community and engage with others trying to make a positive change in the world. By empathizing with their pains and passions, we can get a better understanding of what will actually work, and which levers to pull to make that change happen. We also build a coalition with consistent goals, different skill sets, and separate pathways to influence.
It’s your first time in Bucharest? What is your opinion about the Romanian security skills?
The security skills of Romanians are well respected among those who have worked with them – whether as allies or adversaries.
“I hope Romanians will join in leading an effort to reach outside the echo chamber and develop skills of empathy, communication, and influence.”
I am hopeful that global economic, technical, and social conditions favor Romanians working alongside other teammates around the world, preventing harm from accidents and adversaries, where it matters most. That takes wide scale change and a set of skills that many of the old guard in the security community don’t have or necessarily value. I hope Romanians will join in leading an effort to reach outside the echo chamber and develop skills of empathy, communication, and influence.
What are your expectations from DefCamp 6?
I’ve heard good things about DefCamp! I’m expecting a community of passionate security professionals and amateurs coming together to both learn and share with others. Beyond that I plan to go to the conference without expectations, and with an open mind.
About Beau Woods
Beau Woods is a core contributor to I Am The Cavalry, ensuring connected technology that can impact life and safety is worthy of our trust. Beau has over a decade in Cyber Security, and has advised dozens of organizations on security practice, strategy and technology, including Global 100, small businesses, NGOs, government agencies, and others. Beau is a frequent presenter, media contributor, and author.
About DefCamp 2015
DefCamp is the most important conference on Hacking & Information Security in Central Eastern Europe. The goal is bringing hands-on talks about latest research and practices from the INFOSEC field, gathering under the same roof security specialists, entrepreneurs, academic, private and public sectors.
In 2015, DefCamp is organized by the Cyber Security Research Center from Romania CCSIR with the support of the main partners Orange Romania, Bitdefender and Checkmarx, and help of Ixia, Safetech, Beyond Security, Dell SecureWorks, Dell SonicWALL and Cert Sign by UTI.