Stomping on Buildings: Stop acting like Godzilla and start acting like Godzilla

No ratings

Presented at GrrCON 2025 by

Kevin Johnson

Godzilla is known for destroying buildings as he stomps around. Sadly, InfoSec has a similar reputation when it comes to working with developers and the business. We are known for our “No” and being paranoid. But Godzilla has also fought on the side of humans when the threat was big enough. So how do we go about being known for making things better instead? In this presentation, we are going to explore how we can change our approach and our reputation, while ensuring that our organizations are as secure as we can be. This talk will walk through a variety of scenarios and examples from the real-world. Leveraging our experiences over 20 years of testing and advising organizations from mom-and-pops to huge multinational companies, this presentation will outline what we have done wrong, and what is the best way to do it right. We will look at the various attacks and exploits, how they were addressed, and how we should have assessed the risks. Overall, attendees will get a look into the mindset of a seasoned security person. Using their experience as a penetration tester, incident responder, and forensics professional, they will provide guidance on how we can move more toward an inclusive security process. Using stories from their time hacking everything from corporate networks to devices and iot, this presenter will entertain and educate. Walking out of the talk, attendees will be able to implement solutions and process changes to improve their security stance.