The following post is a guest blog by Bo Weaver, Senior Penetration Tester at CompliancePoint. If you're attending UNITED, you can catch Bo's talk at 11:45 AM on Thursday, September 14 in the Phish, Pwn, and Pivot track.
Hi! I’m Bo. I’ll be speaking at Rapid7’s UNITED Summit in Boston this week, and Rapid7's community manager asked me to write a little blog about my talk. I marvel how on the net we make up new words for a common digital thing—even spell check says "blog" isn’t a word! I know what a "bog" is and I know in our line of work a "blob" is a large chunk of data in a database table. Living in the mountains makes finding bogs kinda hard, but the chunk of word data below is swampy enough to qualify.
I’ve worked in the security field for over twenty years. Long before the Internet I worked in private security, mostly undercover on corporate and industrial espionage. This was back in the day when you actually had to physically steal stuff. I also did a lot of work in Executive Protection. My Internet career started even before that when I was in the Navy: I studied as an Electronic Technician while in school; we all worked on a little R&D project called ARPANET. While working on this I never thought that it would turn into what it’s become! In the 90s I did a lot of work with BBSes and then dialup ISP in the Southeast—mostly securing these networks. Since then I’ve had about every network security job there is. I've learned a lot over the years, and I'll be sharing some of that knowledge at UNITED.
My passion has always been hacking. For roughly the last 5 years I have been working for Compliancepoint, an Atlanta-based security consulting company as a senior penetration tester and security researcher. The thing I love most about my job here is that we test everything from Mom and Pop companies running an online business to major corporate and government networks. We get to see it all.
My talk at UNITED is about reducing complexity and how even big problems can have relatively simple solutions. Sometimes organizations think they need to throw millions at a problem when some time, some knowledge, and little expense can fix even major issues. I learned about KISS in engineering school and have never forgotten: “Keep It Simple, Stupid”. Doesn’t matter if you’re building a toaster or a world network. Kiss it!
See the full UNITED agenda here.