Trey Ford: Testing, notification should not be criminalized (slides)

Black Hat's former General Manager Trey Ford took the stage at informal conference Security B-Sides San Francisco today to present "Legislative Realities," a compelling talk on identifying and bridging the gaps between hacking, user security, company security and legislation.

Skip to: the rest of the gallery.

Mr. Ford told SC Magazine in a recent interview,

I love the purity of Security B-Sides, it has a special place in my heart. Conversations and presentations at B-Sides events are unique – they are timely, important, unconventional and unapologetically direct – which means they are often inappropriate for other venues.

(...) The legislation impacting information security should be something everyone in the industry watches closely, and it's a priority for us at Rapid7.

We need to see legislation achieve a balance of protection for researchers, clear guidelines for corporate due care, and simple definitions for criminal and malicious acts.

Ford is now the Global Security Strategist for Rapid7, and appears to be taking his wealth of experience running Black Hat, and experiences such as wrangling the NSA's General Alexander while simultaneous advocating for security researcher protections, and applying it to legislative changes.

Admired by many and known for running a tight strategic operation, it remains to be seen for many of us who admired what Ford did with Black hat just how the sprawling powder keg of a conference will soldier on in his absence. However, after seeing "Legislative Realities" this morning at the DNA Lounge, what's going to happen when Mr. Ford goes to Washington is definitely not going to be boring.

His BSides SF audience was crowded, and received applause for his pointed statements. In one instance, Ford pointed a finger at Kickstarter for waiting days to disclose being hacked to its users (anger at companies who leave users vulnerable until they get their PR finished), and Ford made an uncompromising point that "Testing and notification should not be criminalized."

I attended BSides SF 2014 today and managed to both avoid any contrived Ada Initiative drama, and took photos of Ford's slides - a selection of which are presented over the next few pages.

Black Hat's former General Manager Trey Ford took the stage at informal conference Security B-Sides San Francisco today to present "Legislative Realities," a compelling talk on identifying and bridging the gaps between hacking, user security, company security and legislation.

Ford is now the Global Security Strategist for Rapid7, and appears to be taking his wealth of experience running Black Hat, and experiences such as wrangling the NSA's General Alexander while simultaneous advocating for security researcher protections, and applying it to legislative changes.

Black Hat's former General Manager Trey Ford took the stage at informal conference Security B-Sides San Francisco today to present "Legislative Realities," a compelling talk on identifying and bridging the gaps between hacking, user security, company security and legislation.

Ford is now the Global Security Strategist for Rapid7, and appears to be taking his wealth of experience running Black Hat, and experiences such as wrangling the NSA's General Alexander while simultaneous advocating for security researcher protections, and applying it to legislative changes.

Black Hat's former General Manager Trey Ford took the stage at informal conference Security B-Sides San Francisco today to present "Legislative Realities," a compelling talk on identifying and bridging the gaps between hacking, user security, company security and legislation.

Ford is now the Global Security Strategist for Rapid7, and appears to be taking his wealth of experience running Black Hat, and experiences such as wrangling the NSA's General Alexander while simultaneous advocating for security researcher protections, and applying it to legislative changes.

Black Hat's former General Manager Trey Ford took the stage at informal conference Security B-Sides San Francisco today to present "Legislative Realities," a compelling talk on identifying and bridging the gaps between hacking, user security, company security and legislation.

Ford is now the Global Security Strategist for Rapid7, and appears to be taking his wealth of experience running Black Hat, and experiences such as wrangling the NSA's General Alexander while simultaneous advocating for security researcher protections, and applying it to legislative changes.

Black Hat's former General Manager Trey Ford took the stage at informal conference Security B-Sides San Francisco today to present "Legislative Realities," a compelling talk on identifying and bridging the gaps between hacking, user security, company security and legislation.

Ford is now the Global Security Strategist for Rapid7, and appears to be taking his wealth of experience running Black Hat, and experiences such as wrangling the NSA's General Alexander while simultaneous advocating for security researcher protections, and applying it to legislative changes.

Black Hat's former General Manager Trey Ford took the stage at informal conference Security B-Sides San Francisco today to present "Legislative Realities," a compelling talk on identifying and bridging the gaps between hacking, user security, company security and legislation.

Ford is now the Global Security Strategist for Rapid7, and appears to be taking his wealth of experience running Black Hat, and experiences such as wrangling the NSA's General Alexander while simultaneous advocating for security researcher protections, and applying it to legislative changes.

Black Hat's former General Manager Trey Ford took the stage at informal conference Security B-Sides San Francisco today to present "Legislative Realities," a compelling talk on identifying and bridging the gaps between hacking, user security, company security and legislation.

Ford is now the Global Security Strategist for Rapid7, and appears to be taking his wealth of experience running Black Hat, and experiences such as wrangling the NSA's General Alexander while simultaneous advocating for security researcher protections, and applying it to legislative changes.