Gene Kim - Tripwire
Students: Spring 2023, unless noted otherwise, sessions will be virtual on Zoom.
Why is IT in so much pain? Parallels of modern server security to 1700 maritime navigation.
Feb 07, 2001
AbstractAt the turn of the 18th century, maritime navigation was in a dismal state. Numerous ways of determining latitude were known, but none for determining longitude. So, ships at sea could find their north/south position with relative ease. However, in order to ascertain their longitude, they resorted to throwing logs over the stern of the ship, observed how fast they receded, and then plotted their estimated progress on a map. So inaccurate was this method that whenever a ship lost sight of land, it was essentially lost. Thousands of lost lives, and incalculable amounts of cargo lost to the deep is a testament of how 18th century maritime navigation was almost as much art as skill.
Defenders of IT infrastructure often find themselves in a similar state. The dismal reality of modern server security is that whenever the underlying integrity of a mission-critical server is in question ("have we been hacked?"), more often than not, the server must be rebuilt from scratch. Why?
This talk will focus on why IT is in so much pain, and speculates on what missing technologies can make IT less miserable. Other topics presented include how IT suppliers must take on a larger burden of responsibility for creating safe software -- including OS vendors, application vendors, as well as compiler and installer vendors. And, a model of IT capabilities in the context of Maslow's Hierarchy of Needs will also be presented -- i.e., are we worrying about mortgate payments when we don't have air?
About the Speaker
Gene Kim is the chief technology officer and co-founder of Tripwire(tm), Inc. In 1992, he co-authored the Tripwire integrity assessment software technology while at Purdue University with Dr. Gene Spafford. Gene is widely published on computer security, operating systems and networking in Usenet, ACM and IEEE publications and is a frequent speaker at industry conferences. He holds an M.S. in computer science from University of Arizona and a B.S. in computer sciences from Purdue University.
Gene is currently fixated on understanding IT maturity models, and why security practitioners often are too often left holding the bag for costly legacy misdeeds. Visiting his alma mater is always fantastic, although he suspects he still owes the money for parking tickets.