Defender Economics

Explore a conference talk that delves into the economics of cybersecurity from a defender's perspective. Learn about the challenges faced by security professionals, including the defender's dilemma and the absence of perfect defenses. Examine attacker motivations, resources, and profiling techniques to better understand the adversary. Analyze real-world examples, such as Google Chrome's security model and its effectiveness against malware. Gain insights into the decision-making processes of both attackers and defenders, and discover how to think like a hacker to improve defensive strategies. Consider the economic aspects of cybersecurity, including the allocation of resources and the cost-benefit analysis of various security measures. Reflect on the complexities of maintaining effective security in a constantly evolving threat landscape.

Intro
Who am I
What is this talk about
References
Security
Defenders Dilemma
There are no perfect defenses
Media
Attackers
Bad Defensive Decisions
The Thing
Hackers vs Attackers
You have to keep your boss happy
Attacker math
Attacker economics
Know your enemy
Attacker profiling
Attacker motivation
Attacker resources
Procedures
Examples
Google Chrome vs Malware
Exploit Kit Integration
Chrome Security Model
Chrome vs Malware
Big Company X
Previous Research
Active APT Groups
Strengths Weaknesses
Options for Company X
Conclusion
Security is hard
Thinking like a hacker
Youre an attacker
Criticism
More money to attack