Defcon 17 had at least one speaker who has achieved greatness, Adam Savage. Adam co-hosts MythBusters and his model work has appeared in Star Wars and The Matrix Reloaded. At this particular con, Adam was speaking about failure and some poignant insights were shared – “It’s not about the cessation of failure. It’s about recognizing that it’s occuring, recognizing that it’s an inherent part of the process…and recognizing that you gotta dance with it and sometimes that it’s gonna catch up with you.” The attendants were definitely made up of Adam’s fans but his speech does touch the spirit Defcon – the exploration of failure be it on huge information systems, small embedded devices, different communication protocols name it.
Information security conferences explore the darkest corners existent in our communication world and the most important part is that they create a forum to discuss solutions to such things as data protection. Kenya is making big steps towards becoming a force in the African ICT landscape, and with the arrival of those huge internet pipes (SEACOM, TEAMS, etc, etc). Due to this FOC internet e-gov, e-commerce and cloud services can now be enjoyed in the country. With great capacity, the country must also face even more potent security threats to its cyber infrastructure. There are a number of knowledgeable people who can mitigate such threats but not enough.
Africa Hackon was held yesterday for the first time, attracting some of the best information security professionals in the country. The conference is fruit of a community that has long pushed for secure policies and practices in Kenya’s ICT sector. The National Cyber Security Master Plan for example has been heavily influenced by this community. Yesterday’s event featured presentations on how good and bad security affects the communication technologies that are used on a day-to-day basis. Wireless hacking, mobile exploitation, botnets, name it – all this were part of Africa’s first Hackon conference. A hackbattle was also included at the end of the conference, it wouldn’t be a real security con if there wasn’t one. The battle tested attendants’ knowledge of operating systems, encryption, web servers and social engineering skills. In fact, #Hackbattle2013 included a strong element of social engineering requiring very little technical input to compromise the subject.
As the continent moves to relying on digital infrastructure for its economic growth, information security will be a crucial part of it. Fostering good practices in the sector through forums such as Africa Hackon and the Skunkworks-ke Security mailing list should be encouraged. There have been major efforts put towards this goal through KICTA’s partnership with the security community. In the lead up to the 2013’s Information Security and PKI Conference, KICTA led an awareness campaign for college students and faculty in the country. This was done done in readiness for Kenya’s public key infrastructure implementation.
Some useful resources where you can get updates from the local information security community are below:
Chuk’s blog
Ty’s blog
BitCyber Security
Local VX expert
Troony’s Place