2019-021-Chris Sanders discusses a cognitive crisis, mental models, and dependence on tools

https://chrissanders.org/2019/05/infosec-mental-models/

I've argued for some time that information security is in a growing state of cognitive crisis…

Demand outweighs supply

Because so many organizations need experience, they are unable to appropriately invest in entry-level jobs and devote the necessary time for internal training.

That's an HR and hiring manager issue, right? --brbr No. --bboettcher

Information cannot be validated or trusted

There are few authoritative sources of knowledge about critical components and procedures.

Large systemic issues persist with no ability to tackle them in a large, mobilized, or strategic manner.

The industry is unable to organize or widely combat the biggest issues they face.

Groups of individuals, everyone thinking they have the 'right answer', just like linux flavors --brbr

https://www.fireeye.com/blog/threat-research/2015/06/caching_out_the_val.html

https://www.helpnetsecurity.com/2018/07/10/windows-shimcache-threat-hunting/

Dependence on tools: http://traffic.libsyn.com/brakeingsecurity/2016-006-Moxie_vs_Mechanism-dependence_on_tools.mp3

https://en.wikipedia.org/wiki/Cognitive_revolution

https://buzzmachine.com/2019/04/25/a-crisis-of-cognition/

How do we solve it?

1. We must thoroughly understand the processes used to draw conclusions.
   1. S.M.A.R.T.?
2. Experts must develop repeatable, teachable methods and techniques.
3. Educators must build and advocate pedagogy that teaches practitioners how to think.

https://www.maximumfun.org/shows/sawbones - sawbones podcast (amanda mentioned)

Mental Model?

We use them all the time? Gotta simplify the complex...

Distribution and the Bell Curve

Operant Conditioning

https://www.latimes.com/science/la-sci-emotional-stereotypes-about-women-20190530-story.html

The Scientific Method

Applied Models

13 Organ Systems

4 Vital Signs

10 Point Pain scale

Defense in Depth

OSI model

Investigation Process

https://en.wikipedia.org/wiki/Inductive_reasoning

Model Desperation

Companies dumping existing models and embracing something else

The problem is that we're model hungry and we'll rapidly use and abuse any reasonable model that presents itself. Ultimately, we want good models because we want a robust toolbox. But, not everything is a job for a hammer and we don't need fourteen circular saws.

What makes a good model?

Simple

Useful

Imperfect? (wuh?)-brbr

Creating models

Begins by asking a question… (what is the weather going to look like tomorrow? --brbr)

What defines the sandwich? (kind of like "https://en.wikipedia.org/wiki/Theory_of_forms" --brbr)

Discuss the Rural Tech Fund https://twitter.com/RuralTechFund

https://ruraltechfund.org/

Practical Threat Hunting - https://twitter.com/chrissanders88/status/1133388347194454018

Practical Packet Analysis - https://nostarch.com/packetanalysis3

Suggesting books:

https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555

https://www.amazon.com/Undoing-Project-Friendship-Changed-Minds/dp/0393354776

More references on Chris' site https://chrissanders.org/2019/05/infosec-mental-models/

Book Club

Cult of the dead cow - June

Tribe of Hackers - July

The Mastermind - August

The Cuckoo's Egg - September

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email [email protected]

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: [email protected]

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec