Pete Herzog has been a hacker since before the industry agreed it was an industry. He created the OSSTMM and has spent twenty-six years regretting having named it that. Operating principle since 1999: hack everything, harm none.
With over 30 years of experience in cybersecurity, Pete Herzog is a security researcher, ethical hacker, and innovative problem-solver. Guided by the philosophy “hack everything, harm none,” he has applied his expertise across diverse domains, including artificial intelligence, Zero Trust frameworks, and advanced security research.
Topic
Security as a Natural Law: How the Universe Applies Persistence
Security is treated by most organizations as a moving target of compliance frameworks, vendor checklists, and best-practice rotations. Security is, in fact, a measurable property of any operational surface, derivable from natural-law principles rather than legislated by control standards. This produces a quantitative score for “actual security” that does not require auditor consensus to calculate, lets organizations track real changes over time, and exposes which controls are doing work versus which are theater. The talk will sketch the formal model, which has been introduced in OSSTMM 4, walk through how it translates into operational measurement, and contrast it with the dominant NIST/ISO/SOC compliance posture.
