Taking the Human Element to the MAX
2024-04-20 , Track 2

In the aviation world, when bad things happen there is a culture of avoiding the blame game and instead focusing instead on how we can learn from our mistakes to make everyone safer. With the issues surrounding the 737 MAX series of aircraft over the past couple years, the FAA and NTSB have again held the line on focusing on safety and learning from mistakes despite media sensationalization. But we in the cybersecurity community can also take advantage of this learning opportunity. With news and whistleblower accounts of the design and quality issues leading to the MAX series aircraft, there are many parallels to what happens in the cybersecurity space when we fail to properly account for and incorporate the human element into our programs. In this presentation, we will take that same approach of not bashing or blaming but focusing on learning. We’ll step through the issues that have come to light regarding the 737 MAX series and show how those correlate to cybersecurity. We’ll identify what lessons we can learn and how we can apply those when selecting technology and building processes for our organizations’ security programs. Finally, we’ll discuss the Swiss Cheese model as it applies to cybersecurity and examine best practices for closing those holes before they align and result in disaster.

Alyssa Miller is a hacker who, in her pre-teens, bought her first computer and hacked her way into a paid dial-up community platform. She grew up in hacker culture, finding her hacker family in IRC channels during her adolescent years. While IT was not her original career plan, she ended up working as a developer and later a penetration tester in the financial services industry. As she moved into consulting, her focus on defending technology systems and personal privacy grew to the point where she was advising fortune 100 companies on how to build comprehensive security programs.

Alyssa is now the CISO at New York based Epiq Global. Still very much a hacker to this day, she’s built on that identity to grow her career. She is an internationally recognized public speaker and author of “Cybersecurity Career Guide”. She’s an advocate for helping others make a career out of their passion for hacking and security in general. She’s also a proponent for the open sharing of ideas and perspectives on improving our technologically connected world.