DEF CON 25 SE Village - John Nye -The Human Factor Why Are We So Bad at Security
How does the science of human perception and decision making influence the security sector? How can we use information about how people make decisions to create more successful security professionals? In the 1970s, “fringe” psychologists began to question the phenomenon of decision making, seeking to understand the mechanism by which individuals will make seemingly unfathomable choices in the face of obvious deterrents. For example, virtually every story told by those that lived in areas ravaged by war is full of the warning signs they saw, reasons they could tell disaster was coming. Why then, did these individuals fail to run? It is almost impossible for one to believe that they are in the midst of a life-changing catastrophe. Terrifying circumstances are subconsciously alienated from our thoughts as ideas that are too far-fetched to be real. When one has any personal stake in a situation (e.g. what to eat for dinner or who to vote for) our ability to take stock and react reasonably seems nearly non-existent. There are numerous academic studies on decision-making and perception. Their insights have been applied to various industries over the years with surprising success. Financial corporations have benefited greatly by working to understand, incorporate and utilize these insights. Why do we make unintelligent choices? Why are we are so overwhelmingly deficient at risk assessment and mitigation? This session will explore how the science of decision making applies to the security sector, empowering attendees to walk away with a better understanding of how these concepts can be leveraged to build more robust and useful security tools, as well as more successful training models. Supported by the research of Nobel prize-winning psychologist Daniel Kahneman, the session will introduce these techniques and discuss how they can help in the practical application of security testing.