Joan Goodchild (@msjoanieg) How did you first get into security as a career?
Josh Corman (@joshcorman) Hmm. I always wanted to be a superhero; just lacked special powers. I knew this was “of consequence”. Now.more.than.ever. 1st InfoSec “job”: 2001 StealthStartUp dealt w/ Espionage Based Malware. Like FireEye but agent based. Sold into ISS (then IBM)
@msjoanieg Has your career allowed you to be superhuman in some ways? What has your "philosophy" been over the years in this career?
@joshcorman I’m just a guy trying to be my best and have impact. My belief is this is 90% HumanFactors, Motivations, GameTheory; 10% Tech. Our dependence on technology is growing faster than our ability to defend it. I relentlessly push us to be more strategic.
@msjoanieg You recently joined Sonatype at their new CTO. How is that going?
@joshcorman Today is my 2 month mark as CTO! GREAT fit. I’ve been passionate @
@RuggedSoftware AppSec/DevOps for years. Now it's my job.
@msjoanieg What prompted the move to Sonatype?
@joshcorman No easy answer. My mom died last Jan. Crystalized my priorities & made me hyperconscious of time. And it was time to be Chief * My heart shifted to security that affected publicsafety, human life, civil liberties; THINGS THAT MATTERED. Had to get alignment.
@msjoanieg Outside of your work at Sonatype, you've got a lot of other sec-related projects, too. Let's start with The Cavalry….
@joshcorman Part of my RockBottom was realizing “The Cavalry Isn’t Coming”; it falls to us. Our community needs to be the VoiceOfReason. So
@c7five & I stuck our necks out at #DEFCON21 & challenged us to lead on issues affecting Body/Mind/Soul -> @iamthecavalry. It was culmination of @RuggedSoftware @SecBurnout my Anonymous research realizing we must work together.
@msjoanieg How do you feel your work on
@iamthecavalry has gone so far? What is its mission?
@joshcorman VERY well - could’ve been DoA. It resonated instantly. 100 joined 2d
@DerbyCon “Congress” Then my #TEDx #BlueHat #ShmooCon #RSAC. DRAFT "To ensure technologies with the potential to impact public safety and human life are worthy of our trust.” @iamthecavalry. The wording needs work, but it resonates w/ MainStream, PolicyMakers, Peers, Family… It is needed. It is time.
@msjoanieg You gave a Tedx late last year titled "Swimming with Sharks." Tell us more about its focus.
@joshcorman Hardest 18m I ever did. "Swimming with Sharks: Security in the Internet of Things" http://youtu.be/rZ6xoAtdF3o
#TEDx. It was a case for @iamthecavalry . WHY it matters. WHY we need it. VERY hard to speak to masses w/out Jargon/TLAs/BasicKnowledge. Even HARDER to do so in a way that doesn’t offend the Security Digerati. Very tough to balance. We HAVE to be more accessible. B4 my shark dive, my boss asked “What kind of an idiot gets into water w/ an ApexPredator?” My TEDx argues the #IoT ALSO has them.
@msjoanieg What about
@RuggedSoftware? How does that fit into the picture?
@joshcorman My Rugged Manifesto instinct was Sec had to team w/ Dev; a Hippocratic Oath of sorts While true, I realized the greater truth: This is bigger than Sec & Dev; PublicGood safety needs Public Solutions. But Rugged (and
@RuggedDevOps ) patterns absolutely are part of the @iamthecavalry solution set.
@msjoanieg Any way to sum up your greatest hope for where you see this mission and collaboration headed in the future?
@joshcorman Our PublicSafety focus is driving to substantive improvements & policy change for: Auto, Medical, Home IoT, and Public Infrastructure. We’re currently deciding upon a 501c3 or c6 (etc) and have ~already~ had big impacts w/ Auto & Medical players behind scenes. We need to make sure our technology dependence is worthy of our trust. Grounded risks need to be visible. Too much is at stake.
@msjoanieg We have time for one more question. Complete this sentence: If I weren't working in security, I would be _________________
@joshcorman TOUGH ONE! If the world was safer w/out my help… >=1 of: [Independent Filmmaker | Chef | Teacher/Professor]