Edwin van Andel, better known as @Yafsec, was born on a late november day in the excellent wine year 1970 and immediately started pushing buttons from his crib. During his early years no device was safe for him, and his adolescence was described by his neighbours as a "very disastrous period", mainly because of his discovery of computers, modems and the hack-tic.
After -as his lawyer told him to formulate it- "Examining information and structures available on a bunch of open systems," he eventually was hired by a large IT distributor. There he quickly became 'that' senior consultant with a risk tag, and for safety reasons was put mainly on long-term projects abroad. In 2003 he started his own company called Yafsec, with the sole purpose of guiding companies and IT dealers through the dark woods of the ever evolving security forrest. As of 2016 he joined Zerocopter, where he's mostly working on pubicly expanding their “continuous security” platform.
Elected winner of the Lightning talks at BruCON 2013, and organizer of the alternative NCSC conference "because no hackers were invited" #ALT-S, he is now a renown speaker that will introduce you -in a humorous way- to the dangers, virtues and current state of affairs in the security landscape.
From a hackers perspective, that is.......
In the ever changing security landscape we are slowly seeing a shift from labelling hackers per default as 'bad and malicious individuals', to accepting them more often as 'useful and potentially friendly’. We see more and more companies starting a bug bounty program and/or a Responsible Disclosure (Coordinated vulnerability disclosure) program.
We in the Netherlands are (at least in Europe) leading the pack on this last subject, backed heavily by the Dutch NCSC, the Dutch government and the Dutch prosecution services, with their Responsible Disclosure guideline.
In this interactive and mostly humorous talk I’ll start with defining security (in a grotesque way), followed by the ‘real’ definition of hackers, the way hackers think and work, and how they can be used instead of feared by companies. I’ll show how bug bounties and the Responsible Disclosure processes can work, but also how they sometimes do not. I will take the audience with me along the path to these fails, and discuss the way we can –or could have- improve(d) these processes. My final ‘calculation’ will even try to open the door to a safer online world! (from a hacker’s point of view that is.) ;)