People Security

for Pragmatic Paranoids

Why

\cfrac{P_{incident} * C_{incident}}{C_{prevention}} \ge 10

$$ P_{incident} $$

Untargeted Attack

Targeted Attack

$$ C_{incident} $$

  • Bullet One
  • Bullet Two
  • Bullet Three

$$ C_{prevention} $$

  • Bullet One
  • Bullet Two
  • Bullet Three

How

xkcd password style

Security at the expense of usability comes at the expense of security.

- AviD

Security at the expense of usability comes at the expense of security.

To improve security, improve either security or usability.

Security

Requiring 2FA on Github + Google Apps

Usability

Not physically enforcing 2FA

Writing a 2-minute guide for setting up 2FA

Challenging Github's 2FA setup UX

Challenging client's existing security strategy when it conflicts with 2FA

Requiring disk encryption on all OS

Requiring a password manager

Documenting disk encryption on all OS

Documenting password management

Made with Slides.com