These are important questions that impact not only the digital world. These are societal issues, and in order for the current perceptions about offensive hacking to shift, everyone needs to be educated, but (as one attendee noted) there are no schools for pen testers.
In the private sector, enterprises have focused on prevention, but Fick said, "They need to spend more on detection and remediation, on next generation tools rather than last generation tools."
The companies of the future that will be able to withstand the shifts in the security industry are those that build diverse teams. "Diversity is a wellspring of innovation," said Fick, "whether it is gender, background, or perspective," he continued. When experienced people with a wide range of perspectives come together, it makes for effective problem solving.
Those who have the skills to think like an adversary and be a stealthy and invisible attacker will have the greatest offensive success. "By stealthy," said Fick, "I mean using domain credentials, hardening tools, and signature diversity."
There are no silver bullet solutions to issues in security, Fick said, but if we can change policies, continue to advocate for STEM education, and rely on companies that build better tools, we can take down adversaries. "Being proactive, aggressive, and offensive are the essential skills for the next generation of success," said Fick who noted that 25% of Endgame employees are attackers.
By creating a culture and environment that is appealing to a larger group of people, Fick said, enterprises will build better relationships with those who have been marginalized and often undervalued in the security world.
Sign up for Computerworld eNewsletters.