Amazing opening keynote at @bsidessf by my old con buddy @bubblewire making the case for *optimism* in a very tumultuous time for the security community.

Why to be optimistic?
1. “The Room where it happens” Security is now increasingly part of strategic institutional decision making. Beyond just tech to real influence. 10 years ago, who wanted hackers in the room?

2. We have learned to design for humans, not against them.

3. Started to focus on what actually moves risk. Real skepticism of rote vendor solutions. Better at calling bullshit and focusing on what solves real problem

4. Barrier of entry are lower. Abstractions allow more people to engage in security. Everyone can be a builder. We depend on creativity and experimentation. Security practitioners are becoming builders.

5. Legacy risk might finally be tractable! AI tools can read, understand, and transform the legacy cold bases. We can imagine burning down technical debt.

6. We can pave things from the start - new providers are thinking about security “with a heightened awareness” New AI leaders have invested in security. Not a first priority, but maybe second or third, rather than bolt-on.

We have managed massive transitions in the security space before (cloud native!).

She also reminds us that the entire security community is built on just that: community. We share, we build collaboratively, we rely on alliances and nonprofits and standards orgs.