About the Guest:

Huxley Barbee is recognized in the cybersecurity field for his extensive experience in security automation and software engineering. With a professional trajectory spanning over decades, Huxley's path began in high school, where his interest in computers and passion for programming were piqued. Throughout his career, he has significantly contributed to various sectors by emphasizing the defensive aspects of cybersecurity, scaling from hands-on firewall configurations to leading consulting practices for major corporations. As an advocate for education and collaboration in the InfoSec community, Huxley is also the organizer of BSides New York City, a renowned cybersecurity conference.

Episode Summary:

In this impactful episode of the Philip Wylie show, cybersecurity expert Huxley Barbee delves into his journey within the cybersecurity landscape, starting from the halls of his high school to the cusp of modern security automation. Listeners will be drawn into an engaging narrative that interleaves personal anecdotes with professional wisdom, highlighting pivotal moments that shaped Huxley's career.

The conversation with Phillip Wylie covers a multitude of insights, from the importance of programming knowledge in cybersecurity to the evolution of security tools and practices. Huxley underscores the need for hands-on learning and emphasizes the significance of understanding system fundamentals regardless of automation advances. The dialogue evolves to address current trends and challenges in security, particularly focusing on the nuanced utilization of AI in cybersecurity practices.

Key Takeaways:

In-depth programming knowledge can significantly enhance a cybersecurity professional's ability to understand, reverse engineer, and secure applications.

Security automation should incorporate human-driven decision points to mitigate potential risks associated with complete automation.

The cybersecurity field is evolving with new challenges, including the integration of AI and the risk management associated with older technologies that have gained new exposure, like OT systems.

Building security tools requires adopting best practices from software engineering to ensure long-term maintainability and support.

AI in cybersecurity poses an array of unpredictable outcomes and thus should be approached cautiously with risk mitigation or acceptance strategies.

Notable Quotes:

"What's most interesting about that role was I was able to combine my software engineering background with my security background and bring it all together."

"You need to understand - you are a programmer, right? Yes, you're working in the security fields, you're part of the security domain, but you are a programmer."

"One of the principles that I learned from leading that consulting practice is the goal. Your goal as a security engineer, somebody that's doing automation should never be 100% automation."

"Every single developer has done this because I'm doing this in development. It's fine. I'm just trying to get to work. When we go into production, we'll go ahead and fix that later."

"AI has a very important role to play going forward. I would not run production environments on anything that uses AI dependencies right now."

Resources:

* https://www.linkedin.com/in/huxleybarbee/

* https://twitter.com/huxleybarbee

* Infosec Exchange (Mastodon instance): @Huxley at Infosec Exchange

* BSides New York City: BSides NYC