Developers Are (still) From Mars, Infosec People (still) From Venus

In March 2011, Brian Honan contributed to an issue of the INSECURE magazine with an article called “Management are from Mars, information security professional are from Venus“. This title comes from the John Gray’s worldwide bestseller where he presents the relations between men and women. Still today, we can reuse this subject for many purposes. Last week, I had the opportunity to attend two major events, both in their own field. Devoxx Belgium was organized in Antwerp and brought 3.500 developers together to discuss about multiple topics like mobile, cloud & bigdata, HTML5, Java, methodologies, frameworks and many more. One track was assigned to “architecture & security” and, honestly, it was more focussing on architecture. I had the opportunity to speak at this event. My talk tried to open developers’ eyes about the risks associated to IoT. The same week, Black Hat Europe was organized in Amsterdam and also brought hundreds of people to meet and discuss about security topics. On one side, we had developers and on the other side, infosec people. I also attended some talks the last day and particularly the closing roundtable with Jess Moss, Marion Marschalek, Harron Meer and Jennifer Savage. I wrote a quick wrap-up about this event. They discussed about the status of the security landscape and came to the conclusion that we are still facing major issues and, basically, that the implementation of today’s security is a fail…

At Devoxx, while waiting for my timeslot, I watched other presentations. Developers are doing an amazing job, they are motivated, they have ideas. They are involved in open-source projects. A lot of energy! In parallel, at Black Hat, I also attended amazing presentations, had interesting discussions and met new friends. Here also, people are motivated, excited by new researches. On both sides, we have people from the same generation, pretending to be “geeks”, using ultra-modern technologies but… they don’t speak to each other!

Another example with the OWASP Chapter meetings… This is taken from the Belgian situation but I’m sure that it’s the same in other countries. When meetings are organized, the audience is mainly based on always the same people: infosec professionals! Why? Developers could also benefit from those meetings…

I’m not blaming one or another, we have different objectives and way of thinking but let’s try to communicate better:

• Let’s talk to each others: do attend not only conference in your field but have a broader approach.
• Don’t be afraid to ask questions to better understand how the others are doing
• Share!

Other idees are welcome!