Doug is an Application Security Consultant with almost 10 years experience working with a broad range of companies, from some of the largest publicly held companies to small mom and pop storefronts. These experiences have shown that while the threat landscape changes, everyone is a target. While AppSec pays the bills, Physical Security has always been one of Doug’s true passions. Why spend countless hours extracting data from a web app when you can walk out with the database server?
Doug runs the Physical Security Villages (Lockpicking and Safe Cracking) for CypherCon. After picking locks and collecting locks as a hobby for decades he is now teaching the next generation to look at more than the digital when assessing of security.
Heath care devices, Automotive, even Internet of Things, all of these technologies have recently begun to made progress in their relationship with the hacker community. While there are a handful of lock and physical security companies embrace a few trusted security professionals, the vast majority hide their heads in the sand until it is too late.
I will discuss a few examples where physical security companies failed to embrace the community and paid a hefty price. I’ll also lay out some of the lessons that other industries have learned and how the can be applied to the physical security industry.