Thinking About Defenders - A Blog Before Blue Team Con

I’ve spent most of my career either defending networks that I was responsible for or attacking networks under contract. I’ve enjoyed the challenge of both, but there’s little debate about which type of job gets more public attention. Newspapers don’t write stories like “CISO Builds Great Security Program: Boredom Sets in as All Attackers are Thwarted.” But there are a lot of headlines like “How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards.” 

‍

I get it; it’s really fascinating to see how someone can take apart a system and make it do things it’s not supposed to do. It’s at the core of hacking. On the flip side, it’s very hard to prove a negative. How well we build defensible systems and run secure environments is hard to measure. We know where our gaps are, and we don’t know when the next attack might be. So while attackers can prove they got in, defenders have a harder time proving they’ve done their job right. Defending just doesn’t make for good storytelling.

‍

Thinking About Defenders

To complicate matters, defending is _hard_. The systems we’re defending change all the time, the tools we use to secure our systems are needlessly complicated, and in general there’s more to learn than any mortal has time to learn in a lifetime (or two). Getting good at defending is a long path, with stretches of boredom interspersed with moments of adrenaline when things don’t go the way we want them. We don’t often know concretely what we did right but we will absolutely find out what we did wrong.

‍

Designing for Defenders

At Turngate, we’re working to help defenders. We want to simplify the work you’re doing and help you understand what’s going on in your system whether you’re a customer of ours or not. For instance, we’ve got blog posts on understanding Google and Okta logs if you’d like to learn more about what’s going on in your SaaS world. We’re also sponsoring defensive oriented conferences, like ShmooCon and Blue Team Con, to help the community of defenders meet, learn, and geek out a little bit.

‍

See You at Blue Team Con

To that end *cue the fanfare* Blue Team Con is right around the corner. In just a week we’ll be in Chicago hanging out with blue teamers, defenders, and those looking to learn the trade. If you’re interested, you can still get tickets (tho you better get them quick).

‍

If you’re at Blue Team Con, stop by our booth and say “hi.” If you’re interested in trying out Turngate, we’ll be giving out codes for our Early Access program. We’d love to have you give us a test drive and see what you think.

‍

Also, we may go out hunting for an Italian beef sandwich too. They seem to be all the rage right now for some reason…

‍

See you in Chicago!

‍