HP Demonstrates Why Everybody Needs to Think Like the 'Bad Guys'
NEWS ANALYSIS: An afternoon with Hewlett-Packard's "Bad Guys" reveals that there's a lot more to cyber-security than just thinking evil thoughts.WASHINGTON—I was having coffee with Angela Gunn, an old friend who is working as a security researcher these days. She was explaining some of the problems with traditional approaches to thinking about security. But she is focused on Hewlett-Packard's latest push, which is to think like a bad guy trying to break into computer networks and databases. We were both attending the HP Protect conference here, which spotlighted the "Think Like a Bad Guy" theme pretty much everywhere you looked. "Really," she said, "you have to think like whoever the bad guy is working for." My friend had a point. While it's important to understand the cyber-criminal's approach when they're attacking you, the only way to really understand them is to understand their motivations. What is it they're looking for when they break into your network? I found out when I entered the conference display floor and wandered to the back of the room to the Bad Guys' Lair. This required a walk through a smoke-filled corridor crisscrossed with laser beams to reach a bunch of people sitting around among pizza boxes, soda cans and bags of empty calories.
These were the HP "Bad Guys." I later found out that I could have gone around to the rear entrance and avoided the drama. Leave it to security guys and corporate hackers to engineer in an analog back door.