A Conversation With Jeff Moss
A Conversation With Jeff Moss

A Conversation With Jeff Moss

Omer: I was going through random Google searches against your name and I found Platinum Net, what is it?

Jeff: That was one of twelve underground messaging networks, Fido network that crypto jobs remote I belong to. And they all used the Fido net method of straight forward messaging. It wasn’t the part of Fido net but it used the Fido net protocol to reach on private messaging networks. It was a pretty small network out of Canada and it dealt mostly with the hacking information, and how to modify your car engine and whole bunch of random hacking kind of related topics, that was the reason I start DefCon,15 years ago because I was a friend with a guy who ran Platinum Net there. He ran the US main node and redistribution in United States. He got a new job; his parents had to move, so he had to take down the network. He wanted to do a party for every body and he asked me for help. But then his parents left early and he had to go over night as well. I was just stuck there, holding my bag, thinking about how to deal with the situation. I turned off to the other networks I belong to and invited every body to DefCon.

Omer: Jeff Moss was already in place, why did the idea of black have evolved?

Jeff: When DefCon started it was all a passion. Nobody at our age could get jobs; there were no jobs in computer security. And there wasn’t really even a market. The only people who were doing security work were people working for government, banks or universities or maybe manufacturers. There was really no chance to get a job. But then the internet boom sort of changed all that and as the boom was beginning, people started looking for IT people for installment of networks and other infrastructures. All of a sudden everybody started getting jobs that we knew. And they were looking for jobs, they got it and then they tried convincing their bosses to pay for their trips to DefCon. DefCon was just a straight hacking convention, and not really something serious. The announcements made there were not really serious, so you show that to your boss and he is not going to pay your way to DefCon. So everybody suggested that there should be something more serious and conventional event similar to the nature of DefCon. So they can show it to their bosses and their trips can be paid. A friend of mine, Larry was his name, suggested to do a whole new convention which is more serious sounding and charge them a bunch of money for it, because when you charge money for something, you can sort of manage expectations. So by charging money we could fly in the best speakers, we can pay the flight rent, we can pay to spend some time to develop the content. So that’s what it sort of became. Black Hat was totally a spin off.

Omer: What do you think that how the whole idea of security has moved a step further, from PDP’s to the modern computers, how far has it come from the early days of personal firewalls to the unsupervised IDS algorithms?

Jeff: It is fantastically more complicated now. The market just for security skills is fantastic. Competition sort of breed specialization and so 15 years ago it used to be 4 people each with different knowledge and you can pretty much understand any problem, you know the telephone problems, the UNIX problems, it wasn’t that complicated back then. Now you can have hundred people in a room and still not understand all the implications of dynamic html and a virtualized system on the multi processor core and it goes on and on and it can be hideously complicated. So on one hand it has matured the security market and on the other hand, the problems it created for it self are more and more complicated and harder to understand specializations. So it isn’t about one technology anymore. For example, if someone is expert on “SQL Injection on Oracle”, they don’t know much about anything else, because they have specialized it so much and it has extremely vast scope. And I don’t know if that is the best for the market place because if that person is to go find a job again, there will not be many places out there, hiring people who know about SQL injection on Oracle. So after re-training, they can pick those skills and may be do SQL injections on Microsoft products. But even that is completely different from what it was probably 6 to 7 years ago. I think it has changed a lot to what it used to be 10 years ago.

Leave a Reply

Your email address will not be published.