follow me on Twitter

    Tuesday, March 17, 2009

    SOURCE Boston 2009, Part One

    Recently returning from Source Boston 2009, I am still basking in enlightenment and the excitement of meeting brilliant computer security professionals in the relaxed, small atmosphere at the Seaport Hotel. Without fail, I’d sit down at lunch or in the lounge and be discussing computer architecture or be debating how information security professionals can improve their craft.

    After a high speed dash in the snow from Southern Maine to Boston, I just made Joe Grand’s presentation and didn’t regret white-knuckle driving. Joe was a co-host of Prototype This on the Discovery Channel. Who wouldn’t want his job?! Having a hacker space warehouse near the water in San Francisco with a group of buddies making stuff—how cool! However, hearing about the behind-the-scenes difficulties that the viewers didn't see was informative. With only about $13,000. in cash per build which was to take two weeks, after knowing this, I have even more appreciation for the engineering feat with which those guys pulled off those builds. What would you do if you had Joe’s job and the producers wanted things that had never been done before, for a little amount of cash, and in two weeks? Sounds like a lot of stress, but beautiful stress. If I had his job, I think I’d have long days—some frustrating when my stuff didn’t work—but I’d go to bed every night thinking, “Yes…I am paid to tinker with stuff in a workshop that’s every geek’s dream--life is good!” By seeing Joe’s enthusiasm and broad smile when he’d describe the design and build stages and his co-host team, I suspect he feels similarly.

    Right after Joe’s presentation, I went to hear Dan Guido from NYU/Poly present on “So You Want to Train an Army of Ninjas...” The way in which he has added penetration testing into a traditional computer science curriculum is exemplary and a model I hope to adopt for the University of Maine’s computer science curriculum. Teaching about the importance of engineering security from the first line of code to the final testing phase is crucial to providing computer science professionals with the skills they need to compete in this competitive employment environment and to responsibly design better software and hardware products for the market.

    I’m tired of hearing about ridiculous vulnerabilities that were the fault of a lazy software engineering where the most important aspect in the design was, “Does it work?” Going beyond just making the code work is what Dan teaching his students. By hands–on methods teaching students how vulnerable stuff can be broken and then learning how to fix it, he’s not only teaching them about what happens if you design broken crap and its vulnerability is exposed, but consequences if you’re the one who put the crap out there in the first place. Better yet, he has released all of his course materials online to share with anyone interested in creating a better computer science curriculum. Thank you, Dan! As a side note, he has also started something of a crazy tradition at Source Boston (or so he told me!) with a potato being passed around. Dan Kaminsky (in the background in photo) got it next. Ah, the fun of hanging with the techie crowd—it’s funny that after hours the humor is often associated with anything BUT technical things. But I still don’t get it—why a potato?

    No comments: