Jennifer and I just got back from Berkley where we went to see Richard Clark speak. Well, discus. Or something.
Anyway, it was engaging for a lot of the reasons that I expected it could be. One of the things that first struck me was that he kept bringing abstract questions about potential threats back to the demonstrated threat model in play today. It’s something that I don’t really expect from someone in public service. Despite my considerable reservations about his work in the “cybersecurity” world, I couldn’t help but come away impressed. He clearly articulated who the enemy was/is, what kinds of things help and what kinds of things hurt US interests in that context.
With so much security theater in the world, it is always an unexpected and pleasant surprise to hear someone talk about risks and threats in a way that doesn’t play to hype and focuses on real risks (and not just those that will sell at the voting booth).
Favorite line of the evening: “you cannot declare war on a tactic”.