From private to public, working in local government.
11-08, 15:00–15:25 (US/Pacific), Blue Day

Why do local governments constantly get compromised? What I've learned after leaving my glamorous pentesting job to join a local municipality.


This is a summary of what I've learned in the last few months after taking a security role at a medium sized (100k+ resident) city. Topics include regular IT Security problems, problems specific to working in the public space, water department SCADA security, along with unique problems like dealing with CJIS and other compliance requirements relating to law enforcement.

From the perspective of someone who has worked for Tech Companies™ and penetration testing boutique shops.

Kos has worked in infosec for most of the last decade, bouncing between web security consulting at AppSec Consulting, corp and product security at Tesla, and pentesting at Lares Consulting. He has previously spoken at the best security conferences in the world such as Toorcon San Diego and Toorcon Seattle Appearances at Derbycon, DefCon, and BlackHat too.

There's a joke about hating money and working for a government entity, but really he was just interested in some of the unique problems government faces.

This speaker also appears in: