Speaker: Justin Richer, Principal Engineer, Bespoke Engineering
Date: Tuesday, June 21, 2022
Location: Denver, CO

Description: Security designers mean well, but to most users, security is what gets in the way of getting things done. But when security and functionality fight, functionality always wins. This situation often leads to workarounds that technically meet the stated requirements but without actually fulfilling any of the goals that the requirement was meant to establish.

In this talk, we will discuss why this happens, and also go through a number of real-world examples of how to get around well-meaning security policies that got in the way of getting things done. From scripts to bots to interns, users will cobble together what they have into nearly-undetectable solutions to meet their needs. While the vast majority of users is well-meaning, this situation could even lead to malicious compliance on the part of more adventurous users, to spite what they see as a hurtful policy.

At the end of this talk, we’ll discuss how to detect and avoid these kinds of issues in your environment; and if you’re reading this thinking that noncompliance is something that needs to be stamped out, you will be very surprised as to what the real answer is.