Monday, January 23, 2012

TEDxMaui -- Hack Yourself First

Update 04.12.2012: Video of the presentation embedded below.                                                  Ten years ago if you would have told me that I'd be back living in Hawaii, founder of a fast growing technology company, and a TED speaker -- I would've said, "What's a TED?" Preparing for TEDxMaui was extremely difficult. The presentation format is completely different than anything I’ve ever done before. It was limited to just 18 minutes as opposed to 50, and given to an audience of every day people eager to see something amazing, instead of security professionals and high-tech workers. The message had to be crystal clear. Since TEDxMaui videos won’t be published until late February, you’ll have to settle for my substandard textual description for now.

I wanted everyone, both the viewers in the audience and those who would eventually watch the video, to deeply appreciate the crucial importance of Internet security. I want everyone to know that to discuss Internet security is really to discuss our economic well-being and our national security, and I want everyone to know that both are under attack -- every single day. Most of all I wanted everyone to know that hacking, and people learning how to hack, is absolutely essential to defend ourselves. I labelled this concept Hack Yourself First, the title of the presentation. Hack Yourself First advocates building up our cyber-offense skills, and focusing these skills inward at ourselves, to find and fix security issues before the bad guys find and exploit them.

Before presenting Hack Yourself First I had to first imagine how the audience would respond. Most watching undoubtedly have only had negative experiences with the words “hacking” and “hackers.” All they likely knew of hacking is in relation to viruses infecting their computers, stealing money out of (their) bank accounts, TV interviews of shadowy characters wearing Guy Fawkes masks, salacious articles featuring cyber villains, and of course bad hollywood movies. Whether we like it or not, these are the ambassadors of hacking, so the idea of teaching cyber-offense skills might be considered akin to illegal activity. Just the same, there I was on stage revealing that, “Yes, I am a hacker -- but not like them.” 

I don’t know what precisely it was that I said, but the message of Hack Yourself First undoubtedly resonated in a big way. No less than a hundred people introduced themselves to me afterwards excitedly asking, “How do I learn to hack myself first?” Perhaps I shouldn’t have been, but I was blown away. And not just the very young or student age, I’m talking about people 45 up to 70 years old with zero technology background. Maybe it was because I taught them a simple hacking trick, a simple hacking trick they could grasp, and even do, like those from my “Get Rich or Die Trying” presentation. Suddenly the fascinating subject of hacking, which they previously assumed was too complicated to learn, was suddenly approachable. I taught a TED audience how to hack! How cool is that!? :)

Many in the information security industry have been trying desperately and in vain to raise Internet security awareness among the masses. We repeatedly give people laundry lists of what not to do, and it isn’t helping. Better awareness, better overall Internet security, could be accomplished through Hack Yourself First. Teach anyone and everyone who wants to learn how to do the actual attacks the bad guys use against them, perhaps packaged up in a Capture-the-Flag format.  That would be a lot of fun for everyone. When people know precisely how hacking works, they’ll be in a better position to spot attacks against them and be on their guard.

I came to TEDxMaui to share my ideas with a wider audience, but what I came away with was more ideas from them about where we can take Hack Yourself First. 


Ven said...

Hello Jg - Not suprised at all, you have a knack to present your ideas from the few I have seen in person.

Glad you took the TED opp to sow right seeds, they are going to have a blast against their kids lol

Best Regards

Anonymous said...

Actually your last link on the page for me so at least 10th. remember your google + account may be affecting your results.

But keep your chin up you could get to the top spots anytime.

iaoboy said...

J, great meeting you and your wife, while also co-presenting at TEDx Maui. Please call me 357-4999 I have a meeting set up for Wed. regarding the business we spoke about at the reception and wanted to know if that would work for you folks. Aloha Vincent

dbavedb said...


Jeremiah Grossman said...

@Ven: thank you very much. there is a big opportunity to continue teach ever day people interesting hacking techniques. the packaging has to be just right though. so much to do, so little time!

@Anonymous: The SERPS are always changing and now unique to each person. Maybe time to hack the damn thing. ;)

@iaoboy: will do!

@dbavedb: I thought so too. :)

A Maui Blog said...

Thank you for sharing your knowledge with us during TEDxMaui. Learned a lot from you and I am sure will learn more as I follow your blog and tweet :)

Anonymous said...

European Network and information Security Agency (ENISA)

Stock taking questionnaire for an Inventory of Information Security sources

March 2012

The Agency has launched a stock taking exercise , using a questionnaire to establish an Inventory of publicly available sources on Information Security. Using already existing information in an aggregated format will lead to faster assessments with less effort.

Therefore, collection and aggregation of existing data and sources is an effective tool to raise information security.

A main objective of this work is to include publicly available information on information security risks and opportunities, to be used in all upcoming assessments. The result of the stock-taking exercise/questionnaire is an online inventory.

In the framework of the Agency’s work on “Identifying and Responding to the Evolving Threat Environment” in 2012, ENISA assesses emerging risks and opportunities. This forward-looking activity is an essential step to address future information security challenges. Collection and aggregation of existing quantitative data is a long-term objective that will be refined in future versions of the Agency Work Programme.

The questionnaire is among other things looking at organisational issues, security risks, opportunities, and security trends.

How to contribute?

Fill in the stock-taking questionnaire

Homer - mortal kombat said...

Thank's very much. Good information

Anonymous said...

Sorry to be a bother but, has there been any update as to when the video of this talk will be available? It seems interesting.

Jeremiah Grossman said...

@Anonymous: No bother at all. I'm told it is very soon to be posted.

Anonymous said...

Is this presentation available online yet?

Jeremiah Grossman said...

@Anonymous: Not yet, soon... I hope. I'm told there are piling through the post edits and didn't expect it to take this long.

Dinis Cruz said...

Congratulations, this is a great step for our industry.

I just posted some comments on my blog:

Naveen said...

this was too good! keep writing!

farm fencing