Today I keynoted @BSidesVancouver. It was an honor to be asked and I had a great time.

Conference Link: https://hopin.com/events/bsides-vancouver-2022/

I talked about 11 lessons learned over my career that contradict some of the edicts that are well known in the Cyber Security space.

Before we get into the lessons though, let me attack the things I know many of you reading this already have queued up in your head.

Counter Point 1

“All of that is well and good, but it’ll never work where I work.”

Why not? Every single one of these lessons learned are things that I was told wasn’t possible. For the most part they were things I didn’t even do, they were things either already in place when I joined the company or put into place while I worked there.

I saw first hand that something I was told was “impossible” was not only possible but accomplished much more than I could have imagined. Until you see something for yourself, it’s hard to go against what you are taught, but as Security Professionals isn’t that what we are supposed to do? Look beyond the scope of what is seen as “possible”?

Counter Point 2

“It’s not as easy as you are making it sound.”

You are right, none of this is easy. Good work hardly ever is. If you are looking for the easy solution, something that can be done in a day or a week this is not the blog series for you.

Counter Point 3

“We already known all of this”

Awesome! I wish I would have known these things earlier in my career.

Lessons Learned