Earmuffs, but one line from Chris Krebs got laughs and applause at last week’s Black Hat 2022 conference:
“Life’s too short to work for assholes,” said the former CISA director, during a keynote speech at the Las Vegas summit.
That lighter moment during his speech, one that otherwise presented a murky cybersecurity future, highlighted the growing power held by today’s IT pro—power substantial enough to support major incident responses as well as the occasional resignation letter to a bad boss.
The strength of the individual IT professional was emphasized throughout Day 1 of the event. Black Hat founder Jeff Moss spoke about the expanding role of security professionals as they respond to consequential events, from international cyberconflicts, to all-hands-on-deck patch efforts, to everybody’s favorite Java-based logging utility.
“Our communities have an outsized amount of influence. Just think about how much influence the Log4J developer had, right? And we’re going to have to recognize that and own it,” Moss told the crowd.
The collective response to the open-source Log4J vulnerability required individual efforts within the infosec community. Chen Zhaojun of the Alibaba cloud security team first reported the flaw. Early alerts came from Twitter as peers began to share indicators of compromise. A GitHub repository held a list of vulnerable products and components, along with guidance on how to fix them.
And Russia’s invasion of Ukraine, Moss said, led to “super-empowered” individuals and organizations—borrowing a term from author Thomas Friedman, who used the phrase to refer to individuals who “can increasingly act on the world stage directly, unmediated by a state.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Some examples of smaller, super-empowered organizations making big moves in global cyber-theater: In March, the .uk domain registry Nominet suspended services from Russian domain registrars. That same month, the cloud database platform MongoDB will no longer sell cloud services or software to customers in Russia or Belarus..
“Communities that want to do something are super-empowered, and they’re a new player on the field. And we’re going to have to learn to live with that,” said Moss.
At times during his speech, Krebs presented a dark view of cyberspace: “Literally, every country on the face of this earth is looking at the digital ecosystem as a new domain, the fifth domain. They’re developing capabilities for espionage, for domestic surveillance. And yeah, they’re also looking at capabilities for destruction and disruption,” Krebs told the crowd.
In the past, when IT was a few individuals making sure computers were up and running, you may have just needed an engineering perspective. Now, security pros may require an ethical one.
“You have to make decisions now on the kind of company you are…you have to have those principles,” said Krebs.—BH
Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.