Somehow, at the last one I was at, I ran a workshop on getting started with Android development! No idea how that happened!

.sioda,

Dan – you’re wrong.

From a protection perspective let me introduce another analogy.

I know that bullet proof glass will stop a bullet so I have it installed. I don’t need to know how a gun works, the velocity of a bullet, the different types of bullets or anything like that. All I’ll need to know is how to install it properly in the window-frames. Which is in effect what a coder is doing. Installing / building something to the best of their ability.

Fully understanding how attacks work and the methodologies of the bad guys falls under the remit of pen testers.

Security engineering is by definition a preventative measure: an effort to stop the bad guys (or just guys with strange names, like little Bobby Tables) from successfully attacking your system. To do this, you must take the approach of looking at how such attacks work.

To take an example: if you were in charge of training police officers, you wouldn’t spend your time showing them what a well-behaved, law-abiding citizen looks like. It’s no use demonstrating how to not have to arrest people.

You need to see what the bad things are if you’re going to combat them.

Thanks for the comment… I don’t think I was pretending it was my idea at all. I did intact mention to our mutual friend that I was going to put it together as a talk (which he seemed to suggest was a good idea – I’m a little restricted from being quite so overt about naming the people I get to work with).

Given a lot of my work tends to revolve around helping people with their security programs, I’d like to be able to advise them on the best way of doing things, and if we can get better results through showing people how it should be done, rather than scaring them with how badly it can go wrong, then all the better.

Thanks for the slide references, but I was more keen to use a session as a discussion (rather than a presentation) to crowd-source the ideal solution.