Between the electronic music festival, the Tigers, Red Hot Chili Peppers and the Detroit Grand Prix, it’s been a busy couple of weeks in Detroit. Amidst the hype that surrounded these major events, last weekend’s BSides hackers conference at the Renaissance Center slipped under most people's radar.
The notion of a hackers conference probably calls to mind some motley rabble of quasi-anarchists tethered to laptops, but Wolf Goerlich, BSides spokesman and one of the conference’s four organizers, says computer hacking has grown up.
“Ethical hackers don’t break stuff,” Goerlich says. “They detect and respond [to problems] and apply security standards for employers.”
So forget your preconceived notions about Matthew Broderick accidentally starting World War III while playing a video game or Angelina Jolie navigating psychedelic computer networks to the consternation of a young Bunk Moreland.
When we talk about hackers here, we are talking about a subset of IT professionals that focus on network and system security.
As such, instead of hiring agents or lobbying against apocryphal anti-hacker legislation, the roughly 300 BSides conference attendees participated in sessions entitled “Intro to Linux System Hardening and Applying it you Your Pentest (ED: penetration test) System,” and “Introducing Android Security Evaluation Framework.”
To quote Renfro from The Fugitive: “Advances in Nuclear Tissue and Pathology Research, by Dr. Charles Nichols. I bet they line up to hear that one.”
So, really, how much does a trade convention for hyper-technical IT professionals matter to the average layman with little more than an iPhone and Facebook account?
Quite a lot, if only because the folks like BSides participants are basically the only thing keeping your online data safe.
More importantly, professional hackers make their living looking for flaws in complex systems, determining how those flaws could be exploited, and ultimately how to fix them. It’s a discipline that could potentially have application outside the world of computer networks.
Consider computer security professional and adjunct professor Christopher Payne’s presentation Saturday afternoon entitled “Your Hacker Class is Bulls**t.”
On the surface, Payne’s talk was a critique of training programs designed to prepare “ethical hackers” for careers protecting networks. But, on a deeper level, Payne was presenting a damning critique of how the American education system perpetuates its own dysfunction.
Students, Payne argues, provide favorable evaluations to professors who teach to the test (i.e. certification exams) and fluff grades. Obviously, students like receiving good grades and certification prep that doesn’t otherwise challenge them. And teachers buy into this dumbed down system because good evaluations are good for the career.
However, as Payne eloquently if often profanely points out, this neat little system results in teachers who don’t really teach anything useful and students who don’t learn all that much.
“Busy work, right, is the norm for these students,” he said during his presentation. “They’re producing mass pages of trash that’s just regurgitated crap. A lot of them…that’s what they’re graded on. They turn in trash and they’re like: ‘Hey, look, I did it. I hit the page minimum.”
Having spent far too much of my own dubious academic career boosting word/page counts for the sake of a grade, Payne’s analysis shines through as a uniquely cogent critique of flaws and inherent moral hazards built into our education system. And I've sat through more than my fair share of lectures and announcements from politicians, administrators, and teachers on the subject of education reform, so I know of what I speak. Most of your self-styled experts aren't as on point.
After spending a little time at BSides, I’m thinking that, not only could Arne Duncan use Payne’s counsel, but there are probably a number of non-IT fields that could benefit from a hacker’s ethos and insight.