Software Integrity Blog


Gary McGraw’s Shmoocon keynote recaps security career with advice

Gary McGraw's Shmoocon keynote recaps security career with advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, Seven Things: Frank Zappa, T. Coraghessan Boyle, and 21 Years in Security” touches upon valuable insights gleaned over his more than 21 years in software security. It also reflects his many interests.

Watch the video.

Play-by-play annotation

1:20 intro: Bruce Potter explains how we met at NDSS while he introduces me

3:26 Talk starts with a series of disclaimers
1. old guy
2. corporate exec
3. academic scientist
4. software guy

5:00 First Synopsys talk

5:25 How Bruce Potter finagled me into giving the keynote


6:10 Stealing ideas from bad-ass iconoclasts


7:16 Wigs and stuff. if you are passionate about this field, there is lots of work to be done

8:04 Philosophy, Paul Humphreys, Searle, and Hofstadter
“… don’t let the system tell you ‘that’s wrong’ in intellectual pursuits.”


10:05 Letter Spirit with Doug Hofstadter
Fluid Concepts and Creative Analogies first book ever sold on amazon


11:00 Friday meeting at Reliable Software Technologies and the sad state of computer security


12:00 “… the paradigm was, to put it bluntly, f-ed” potty mouth GEM on stage.


12:57 “… a firewall is like a condom with a hole on port 80”


12:24 The obvious question “Why is the software broken?”


14:36 Building Secure Software “Why is the stuff broken?”

15:34 Tech transfer, passion, and the valley of death

16:30 Follow your passion. Be like Marie Moe


17:24 The story behind why Exploiting Online Games exists

19:40 Get a good rhythm
“@shmoocon is really cool because you are a community of people who are being intentionally kind to each other”


21:59 use real data and track them over time to make intentional decisions


24:00 The Silver Bullet podcast rhythm is monthly over ten years

24:54 Many minds are better than one. Build a network

26:04 Practice. 47 years of violin


27:00 On science, research, “research,” publication and real world stuff


28:44 Software Security is about BOTH breaking stuff and building stuff properly, hence the logo. Where did the logo come from?


31:23 Don’t be afraid to invent stuff, cut new ice, introduce new ideas to the world @tcboyle


32:05 My new stuff: Get data, Describe data, Measure
CISO Project


34:40 Why security-meters that measure software security directly are NOT POSSIBLE (halting problem anyone?)

39:00 The advent of the IEEE-CSD


42:24 Or you could just write original music


42:26 Too much information is running through my brain


43:48 Part of leadership is being calm in the face of certain disaster

45:35 The gray haired people have seen the world not end many times

46:00 Give back (and sail in kilts)
“… we’re all monkeys in this together on this planet”

49:03 Know your audience



50:29 Presentation of the moose head


Gary McGraw is the Vice President of Security Technology at Synopsys (SNPS), a Silicon Valley company headquartered in Mountain View, CA. He is a globally recognized authority on software security and the author of eight bestselling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.


More by this author