In this session, a new hardware-level attack on PCIe is presented as an example for the implicit trust your organization places in 3rd parties. These implicit trust relationships that are typically overlooked will be closely examined under the lens of "InfoSec debt" and providing guidance to InfoSec decision makers on the ROI or risks of adding additional IT services/appliances to an organization's network. The "InfoSec debt" metric can then be tracked over time and provides an intuitive way to explain the cost/benefits of IT security to other organizational stakeholders.
Jacob Torrey is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. He can be found posting goofy stuff to his Twitter: @JacobTorrey when not out in the mountains or tending to his critters..