Imperfect Security: Doing Less to Achieve Better Security
Kevin Hanaford
BSidesSF 2024 · Day 1
In his BSidesSF 2024 talk, "Imperfect Security: Doing Less to Achieve Better Security," Kevin Hanaford, Trust Engineering Lead at Discord, challenges the conventional pursuit of "perfect security." Hanaford argues that perfect security is an unattainable ideal, leading to inefficiency, high costs, and ultimately, frustration. Instead, he advocates for an "imperfect security" philosophy, which focuses on operating within reality, maximizing efficiency, prioritizing the human element, and fostering collaboration. This approach, he contends, allows security teams to achieve better, more sustainable outcomes by strategically allocating resources and building stronger relationships across the organization.
AI review
This talk, while not a deep dive into zero-days or kernel exploitation, presents a brutally honest and pragmatic framework for building effective security programs. Hanaford correctly identifies the futility of 'perfect security' and instead advocates for a reality-based, efficient, human-centric, and collaborative approach. It's a much-needed antidote to the endless pursuit of theoretical perfection that plagues many security teams, offering actionable strategic insights for those who manage security operations.