RSACon 2014 Feb. 24, 2014 to Feb. 28, 2014, San Francisco, USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
SANS: The Critical Security Controls: Planning, Implementing and Auditing James Tarala This course helps you master specific, proven techniques and tools needed to implement and audit ...
SANS: Securing The Human: How to Build, Maintain and Measure a High-Impact Awareness Program Lance Spitzner Organizations have invested in information security for years now. Unfortunately, almost all of this effort ...
SANS: Lethal Network Forensics George Bakos LETHAL NETWORK FORENSICS focuses on expanding your forensic mindset to include transient communications that occurred ...
SANS: Mobile Device Security Larry Pesce This course is designed to teach students about the threats organizations are exposed to via ...
(ISC)² CSSLP CBK Training Preview Stephen Kalman Build hacker resilient software! Attend this FREE half-day education session based on the (ISC)² CBK® ...
Security Basics Seminar Hugh Thompson , Tas Giakouminakis , Dana Wolf , Dennis Moreau , Michael Poitner , Benjamin Jun , Jason Brvenik , Mike Janke The Security Basics Seminar explains some of the most important security principles and is designed ...
Information Security Leadership Development: Surviving as a Security Leader Jeff Bardin , Evan Wheeler , Doug Graham , Bruce Bonsall , Dave Notch , Dennis Devlin , Justin Peavey , Robert West In conventional security training, there are few opportunities to learn how to develop and direct ...
Closing the Cybersecurity Skills Gap – It’s Past Time. Jane holl Lute , Andy Ellis , Javvad Malik , Dwayne Melançon , Mike Assante This session will discuss how the evolving threat landscape is altering cybersecurity roles and what ...
The Future of Security Education Ernest Mcduffie , Michael Murray , Hord Tipton , Christopher Bloor The info sec community dumps huge amounts of money into training their professionals. For countless ...
The Security Staff and Skills Shortage is Worse Than You Think Jon Oltsik The shortage of skilled security professionals has gotten worse. It now overshadows shortages in all ...
Advancing Information Risk Practices Seminar Evan Wheeler , Jeff Lowder , Julie Fitton , Brad Keller , Irfan Saif , Scott Andersen , Summer Fowler Many challenges face today’s Risk Management programs, including how to risk rank security gaps, handling ...
Right Skills, Right Time, Right Industry: Women in Security Julie Peeler , Cecily Joseph , Marene Allison , Patricia Goforth Women account for 11% of the global information security workforce. Yet their diverse voice and ...
Science Fiction is Here!! Sam Curry , Uri Rivner We've been reading about them in Sci-Fi books, and followed them in Sci-Fi movies. Well, ...
(ISC)² CCFP CBK Training Preview Stephen Kalman Certified Cyber Forensics Professional (CCFP) provides a comprehensive validation of your knowledge and skills as ...
Cyber Security Canon: You Should Have Read These Books by Now Richard Howard “Canon: a body of the most influential works.” This short talk will review some of ...
So Why on Earth Would You WANT to be a CISO? Todd Fitzgerald You have been working in security for a few years, learning how to hack into ...
Internet of Things... Promising but Let's Not Forget Security Please! Eric Vyncke Internet of Things (IoT) brings a lot of promises of a fully connected world: from ...
Security: The Hardest Career Michael Murray Media constantly claims we have a lack of qualified information security professionals, yet we are ...
Cyber Vigilante or Self Defense? Bruce Heiman As attacks on private-sector critical cyber infrastructure increase in frequency and sophistication, affected companies must ...
Running Secure Server Software on Insecure Hardware without a Parachute Nicholas Sullivan In this session we will look in depth into what happens when we throw away ...
Be a DREAMR: Obtain Business Partnership, Not Just Buy-in Benjamin Meader , Jessica Hebenstreit The Security DREAMR framework provides organizations with a systematic approach to remove the impression that ...
Making Penetration Tests Actually Useful Ira Winkler Penetration tests are a staple among most security programs. They prove that problems exist, which ...
Redefining Identity in the Age of Intelligence-Driven Security Arthur W. Coviello Identity lies at the heart of online security—determining what we are able to access and ...
Conundrums in Cyberspace: Exploiting Security in the Name of, well, Security. Scott Charney Trust in technology has been badly undermined by public disclosures of widespread government surveillance programs. ...
The Next World War Will be Fought in Silicon Valley Nawaf Bitar We are under attack, and we are not allowed to fight back. Everyone has a ...
The Cryptographers' Panel Paul Kocher , Whitfield Diffie , Ronald l. Rivest , Adi Shamir , Brian Lamacchia Join the founders and leaders of the field for an engaging discussion about the latest ...
Understanding NSA Surveillance: The Washington View Richard Clarke , Michael v. Hayden , James Lewis Revelations about NSA’s surveillance programs changed the landscape for the tech industry and the internet. ...
Computer Forensics and Incident Response in the Cloud Stephen Coty Computer security incident response plans include physical server access, and the ability to scan logs ...
Entropy, Random Numbers and Keys: What's Good Enough? John Leiseboer This session examines the relationship between entropy, random numbers and cryptographic keys. Currently, FIPS-140 only ...
Security Principles Versus the Real World Gary Mcgraw , Keith Gordon , Marcus J. Ranum , Eugene Spafford , Jim Routh Years ago, Saltzer and Schroeder identified a set of security principles meant to guide security ...
Welcome & Non-Integral Asymmetric Functions Patrick Longa , Shi Bai Topic 1: Efficient and Secure Algorithms for GLV-Based Scalar Multiplication and their Implementation on GLV-GLS ...
Shifting Roles for Security in the Virtualized Data Center: Who Owns What? Rob Randell , Malcolm Rieke As converged infrastructures take hold, traditional roles are shaken up and reimagined. This session will ...
20 in 2014: The Top Privacy Issues to Watch J Trevor Hughes From the NSA leaks and Prism program to the proposed EU Regulation, privacy and data ...
Implementing Privacy Compliant Hybrid Cloud Solutions Peter Reid Business today is turning increasingly to the cloud. Private Cloud technology can be deployed with ...
NSA Surveillance: What We Know, and What to Do about It Bruce Schneier Drawing from Snowden documents and revelations from previous whistleblowers, this talk will cover types of ...
Business Control & Velocity: Balance Security, Privacy, Ethics & Optimize Risk Malcolm Harkins We are experiencing unprecedented change in the global business environment, which can increase risk and ...
Anti-Stealth Techniques: Heuristically Detecting x64 Bootkits Lars Haukli Stealth and persistency are invaluable assets to an intruder. You cannot defend against what you ...
The Dark Web and Silk Road Thomas Brown The Government’s widely reported investigation of Silk Road has generated interest in the functioning of ...
Gamifying Security Awareness Ira Winkler , Samantha Manke This session describes implementing Gamificaiton into Security Awareness programs, so that users exercise good behaviors ...
Protected in Part Means Fully Exposed—A Mock Trial Andrew d. Peck , John Facciola , Steven Teppler , Hoyt Kesterson , Carlos Villalba , Jay Brudz A breach of Tax R Us and exfiltration of tax returns and credit card information ...
Security Shelfware: Which Products are Gathering Dust in the Shed and Why? Javvad Malik Enterprises frequently buy security products with the best of intentions, but they end up being ...
Mobile Devices Security: Evolving Threat Profile of Mobile Networks Anand Prasad , Selim Aissi This presentation will cover the evolution of threats related to 3G/4G Mobile Networks and their ...
Now That You’re In, How Do You Get Out? Terminating Cloud Services Ben Rothke Out of the box Cloud contracts don’t allow for easy exit for the customer. In ...
Identity as a Service (IDaaS): Where are You? Daya Puls Identity as a Service (IDaaS) has been a viable business service since before 2009. Open ...
How to Secure the Next Phase of Mobility in the Internet of Things Erich Stuntebeck When every piece of technology is connected how can enterprises keep corporate information secure while ...
The Information Security Specialist or Generalist, Who Will Be in Demand? Rick Gilmore What will be the demand for skills in the future as Information Security evolves? The ...
Can Government Cybersecurity Policies Balance Security, Trade & Innovation? Danielle Kriz , Alexander Dewdney , Allan Friedman , Jon Boyens , Masahiro Uemura As governments increasingly view cybersecurity as a national priority, many are enacting policies that impact ...
Your Pad or Mine? - Embracing and Securing BYOD Tamir Hardof BYOD can be a challenge but there are good reasons to embrace it. Attend this ...
Twilight of Legacy AV Models - A Different Long Tail Story Zheng Bu Malware has a very short lifetime. But how short is it? The findings may surprise ...
How Shared Security Intelligence Can Better Stop Targeted Attacks Piero Depaoli Managing isolated security products to stop today’s threats is a losing battle. The security community ...
Response Plan Fitness: Exercise, Exercise, Exercise! David Matthews An incident response plan is worthless if it's shelf art. We'll use a case study ...
Securing the Big Data Ecosystem Davi Ottenheimer Security professionals must protect more data in more places than ever before. The emerging business ...
Ensuring Your 3rd Party Vendors and Partners are Secure Michael Baker Every organization has either outsourced part of their environment or is considering it to save ...
The Art of Attribution: Identifying and Pursuing your Cyber Adversaries Dmitri Alperovitch Imagine someone physically breaks into your company's offices and goes through all your files—would you ...
The NIST Randomness Beacon Rene Peralta This session will describe the architecture of the NIST Randomness Beacon. This is to be ...
Data Encryption for Virtualized Enterprise Misha Nossik Virtualization of enterprise IT makes sensitive data difficult to control. Just encrypting the disks and ...
Hardware Trojans and Malicious Logic Alfredo Ortega , Sebastian Muniz In this talk, we will discuss actual trends on hardware trojan design and implementation. We ...
Security Awareness Metrics - Measuring Change in Human Behavior Lance Spitzner Security awareness is nothing more than another control designed to reduce risk, specifically human risk. ...
Diablo Security: What Can Infosec Learn from Video Games? Dwayne Melançon Adventure games make it easy for us to understand how our skills, weapons and countermeasures ...
Security PR 101 James Rivas While large organizations have the capital and man-power to prepare a Public Relations (PR) plan ...
The Network Alone Can’t Protect Your Data Chad R. Skipper , Elliot Lewis The new paradigm of BYOx has made the network border obsolete, thus driving security down ...
Building a Bunker for Business Assets and Processes Todd Inskeep InfoSec's recent data analytics focus ignores a) a lack of focused asset management, and b) ...
Securing the Virtual Environment Davi Ottenheimer N/A
The Relevance of Government Cybersecurity Intelligence Mark Weatherford , Phyllis Schneck , Rodney Joffe , Roland Cloutier , Steven Chabinsky Due to the growing cyber-threat, many commercial companies are using their cumulative technical sophistication to ...
Succeeding with Enterprise Software Security Key Performance Indicators Rafal wh1t3rabbit Los Enterprise software security has been a hot topic for over a decade, yet enterprises of ...
Storm Advancing: Security Weathermen Forecast the Advanced Threat Landscape Neil Macdonald , Ramin Safai , Carter Lee , Golan Ben-oni In a post-prevention world, security professionals are blind to targeted attacks and advanced malware, and ...
Public-Key Encryption Sherman s.m. Chow , Christoph Striecks , Irippuge Milinda Perera Topic 1: A Generic View on Trace-and-Revoke Broadcast Encryption Schemes Authors: Dennis Hofheinz and Christoph ...
Virtualization and Cloud: Orchestration, Automation and Security Gaps Dave Shackleford As enterprise virtualization and cloud deployments become more automated, leveraging orchestration platforms and scripting frameworks ...
Cloud Computing in China: Opportunities, Challenges and Risks James Lewis , Jim Reavis , Timothy Grance , Terry Graham , Yale Li This presentation will outline the cloud computing landscape in China. It will describe the opportunities, ...
Mission Impossible?: Building and Defending Zero-Knowledge Privacy Services Nicko van Someren , Mike Janke , Sutha Kamal , Ethan Oberman A panel of experts describe the new premium on “zero-knowledge” technology models keeping access to ...
The Seven Most Dangerous New Attack Techniques and What's Coming Next Ed Skoudis , Johannes Ullrich , Alan Paller , Mike Assante Which are the most dangerous new attack techniques? How do they work? How can you ...
Trust Us: How to Sleep Soundly with Your Data in the Cloud. G. Mark Hardy , Bill Burns , Michael Hammer , Bruno Kurtic How do you know your mission-critical data and apps are truly safe with someone else? ...
Security Response in the Age of Mass Customized Attacks Peleus Uhley , Karthik Raman In recent zero-days, attackers are combining the features of mass malware with multiple unpatched vulnerabilities ...
One Year Later: Lessons and Unintended Consequences of the APT1 Report Martin Mckeay , Lance James , Nick Selby , Gal Shpantzer , John Prisco Mandiant's APT1 report revealed a great deal about China's espionage efforts—but what has the industry ...
The Sixth Man: How Cybersecurity Awareness Programs Strengthen Our Defense Roberta Stempfley , Michael Kaiser , Jacqueline Beauchere , Kevin Kempskie The “Stop.Think.Connect” Campaign and National Cyber Security Awareness Month recently celebrated their 10th year engaging ...
Mock Trial Using Actual Case on Misrepresentation of Cloud Based Evidence Andrew d. Peck , Frank Maas , John Jorgensen , Lucy Thomson , Serge Jorgensen Electronically Stored Evidence (ESI) presented to the Court has become highly technical and therefore difficult ...
New Frontiers in Security Kevin Mandia , Ted Schlein , Kenneth Minihan , Nate Fick A panel moderated by Ted Schlein (Kleiner Perkins Caufield & Byers) with Nate Fick (Founder ...
What Is the Future of Data Privacy and Security in Mobile? Tanya Forsheit , Charles Mccolgan This session will cover the privacy challenges presented by mobile technology and the shifting legal ...
OpenStack Clouds & PCI Compliance Scott Carlson Large corporations are moving quickly toward OpenStack with a variety of hypervisors (KVM, HyperV, Xen, ...
Android in the Enterprise and the Future of Mobile Threats Andrew Conway Android is making significant inroads into the enterprise. According to IDC, Android recently broke the ...
SecOps Alchemy - Turning Pb to Au James Lugabihl More and more organizations are shifting their attention from prevention to detection and response. With ...
Risk-based Authentication: The Future of Guarding your Network, Systems and Data Irfan Saif Traditional authentication and authorization tools have limited success in preventing sophisticated attackers from gaining unauthorized ...
Facts vs. Fear: Foreign Technology Risks in Critical Industry Sectors Jerry Caponera , Curtis Dukes , James Barnett , Nigel Jones , Roar Thon Political rhetoric is stifling practical discussion among U.S. government and critical infrastructure buyers concerned with ...
Harnessing Big Data for Application Security Intelligence Tsvika Klein , Or Katz Web app firewall data has increased exponentially, leaving security experts with a big data mess. ...
Analyst Quadrants, Third-Party Tests, Vendor Data Sheets and YOU Fred Kost , John Kindervag , John Maddison , Paul Yancey , Ryan Liles How do organizations analyze their product selection options? Can they rely on analyst reports, vendor ...
Good Guys vs. Bad Guys. Using Big Data to Counteract Advanced Threats Joe Goldberg Advanced threats skillfully use social engineering and custom malware to get into an organization and ...
Anatomy of a Data Breach: What You Say (or Don’t Say) Can Hurt You Tom Field , Alan Brill , Michael Bruemmer , Ronald Raether Every breach response plan looks good on paper, but what about when it’s time for ...
I Survived Rock’n’Roll: Security Incident Escalation Winn Schwartau The Show Must Go On! How Stevie Wonder, Paul Simon, Bob Marley and Charlie Daniels ...
Are Mobile Devices the Answer to the Strong Authentication Problem? Alphonse Pascual , Brett Mcdowell , Michael Barrett , Nils Puhlmann , Phillip Dunkelberger Strong authentication is the key enabler for delivering web services on desktop or mobile environments. ...
Making the Security Super Human: How to Effectively Train Anyone/Anything Kati Rodzon The security and productivity of an organization is largely a product of constant learning by ...
CANCELLED: Using Big Data to Protect Big Data Stephen Schmidt AWS’s CISO will discuss how to leverage big data analysis to understand the behavior of ...
Evaluating the Security of Purchased Software: Can We Find Common Ground? Steven B. Lipner , Chris Wysopal , Howard Schmidt , Eric Baize , Nadya Bartol Vulnerabilities in software continue to put customers at risk. So how can you tell if ...
Large Corporation Chief Information Security Officers on Aligning Cyber Technologies, Personnel and Processes Evan Wolff , Andrew Vautier , Gary Gagnon , Greg Schaffer , Michael Papay Hear from three Chief Security Information Officers at large corporations about their experiences, strategies and ...
Invited Talk Antoine Joux Discrete logarithms: Recent progress (and open problems) Read More →
Survey of the Operating Landscape Investigating Incidents in the Cloud Jacob Williams , Paul a. Henry You’re moving data and operations to the cloud. Sooner or later you WILL have an ...
From Data to Wisdom: Big Lessons in Small Data Wade Baker , Jay Jacobs The infosec industry has gone gaga over big data analytics—and with good reason. But in ...
Hacking Exposed: The Art of Deterrence Stuart Mcclure We’ve been spending billions of dollars defending against the bad guys. What if you could ...
Achieving and Exceeding Compliance Through Open Source Solutions Erin “secbarbie” Jacobs , Zack Fasel Obtaining and exceeding compliance regulations, especially PCI DSS, doesn't need to be a costly vendor-driven ...
From Disclosing Existing Vulnerabilities to Discovering New Vulnerabilities Qinglin Jiang In this presentation, will first show how to use reverse engineering tools to uncover the ...
Effects-based Targeting for Critical Infrastructure Sean Mcbride This session describes effects-based targeting per U.S. military doctrine. Relying on surprising ex-post OSINT analysis ...
Cognitive Injection: Reprogramming the Situation-Oriented Human OS Andy Ellis It's a trope among security professionals that other humans—mere mundanes—don't "get" security, and make foolish ...
A Tale of Two Mocks—A Deep Dive Into the Issues Raised Andrew d. Peck , John Facciola , Steven Teppler , Hoyt Kesterson , Jay Brudz , Frank Maas , Lucy Thomson Although the mock trials are educational and entertaining, their format does not allow for a ...
Monitoring and Filtering Your Child's Web Media Use in our Connected World Kevin Bong SynerComm helps enterprises implement controls to manage their employees’ web and social media use, but ...
Assume a Hostile Environment: Securing Mobile Data in the App Scott Alexander-bown The large mobile attack surface can be seen as a hostile environment. This presentation will ...
Finding Needles in a Needlestack with Graph Analytics and Predictive Models Tim Wyatt , Kevin Mahaffey Good or bad? Security systems answer this question daily: good code vs. malware, legit clients ...
Understanding Geo Cyber Risk Gregory Rattray Despite the Internet’s global presence, cyber threats occur within localized environments. Organizations with global footprints ...
Hardware-Level Attacks - Is Detection Possible? Alfredo Ortega Today firmware and BIOS-level malware are no longer theoretical. The purpose of this session is ...
Identity & Access Management (IAM) Maturity: A Comparison Across Companies Caedmon Bear The need to connect and manage an increasing number of distributed digital identities across organizations ...
Cybersecurity Economics: Tips, Tactics and Tradeoffs Pete Lindstrom Cybersecurity Economics is the practice of making decisions about technology-related risk, as constrained by resources ...
Updating the Law on Government Access to Your Online Data Richard P. Salgado , James Dempsey The U.S. law covering government access to email and data stored online has been in ...
Mind Over Matter: The Pragmatic, Strong, and Smart Approach to Security Ammar Alkassar , Kim Nguyen This session addresses the critical challenges of secure trustworthy applications with respect to Internet threats. ...
Use Anomalies to Detect Advanced Attacks Before Bad Guys Use It Against You Alexander Watson Websense Security Labs research reveals new techniques for finding anomalies in application telemetry and error ...
The World of Warbiking through the Streets of San Francisco Chester Wisniewski , James Lyne Come hear what happens when two cyber security experts explore just how secure is the ...
Inflection: Security's Next 10 Years Richard Mogull We are now deep in the early edge of a major inflection point in security. ...
Roadster Amongst the Tonka Trucks Michele Guel The goal is to encourage women to embrace their passion and excel in their fields, ...
New Ideas on CAA, CT, and Public Key Pinning for a Safer Internet Kirk Hall , Rick Andrews , Wayne Thayer CAA and Public Key Pinning / HPKP allow websites to advertise which Certification Authorities may ...
Social Gaming: Emerging Regulation (aka"Make Money and Avoid Jail") Behnam Dayanim Social gaming is exploding. Unlicensed gambling is prohibited. The boundaries between social casino gaming and ...
Security Career Pro Tips Jeff Combs With over 13 years of security recruiting experience, Jeff Combs is an industry thought leader ...
2nd-Wave' Advanced Threats: Preparing for Tomorrow's Sophisticated Attacks Nikolaos Triandopoulos 2nd-Wave' advanced threats are emerging as sophisticated attacks in which attackers change the game they ...
Scaling a Software Security Initiative: Lessons from the BSIMM Gary Mcgraw Everybody agrees that code review, architecture analysis and penetration testing are good things to do ...
Privacy as a Growing Risk Jeff Northrop New privacy regulations in the EU, increased enforcement action by the FTC and tension around ...
Cultivating the Global Workforce Landscape Elise Yacobellis , Rae Hayward , Vehbi Tasar The technology landscape is morphing rapidly, creating a knowledge and skills gap for information security ...
Security Metrics: Can They Be Effectively Measured Across the Enterprise? Alan Shimel , Andrew Mccullough , Ivana Cojbasic , Jody Brazil Like every business function, security should be measured. The reality is that most have no ...
Hardware Implementations Duc-phong Le , Jeroen Delvaux , Vasily Mikhalev Topic 1: Attacking PUF-Based Pattern Matching Key Generators via Helper Data Manipulation Authors: Jeroen Delvaux ...
Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy Bryan D. Payne How does security factor into your selection of an IaaS provider? Do you know how ...
Let Go of the Status Quo: Build an Effective Information Protection Program Daniel Velez The status quo of virus scans and dirty word searches no longer make an effective ...
Hacking Exposed: Day of Destruction Dmitri Alperovitch , George Kurtz Destructive attacks remain a relatively rare occurrence; however, there is a growing interest among attackers ...
Adventures in Insurance Land – Weaknesses in Risk Pricing and Alternatives Jamie Gamble , Tim West Cyber insurance is an over 1B industry and one the fastest growing specialty lines of ...
Buy Candy, Lose Your Credit Card - Investigating PoS RAM Scraping Malware Chester Wisniewski , Numaan Huq In today's economy debit/credit card transactions have replaced cash. Payment cards are quick, convenient and ...
A Deep Dive into the Security Threat Landscape of the Middle East Timothy Rains The Middle East has seen a number of high profile targeted attacks in the past ...
Securing Boomers, Gen Xers and Gen Yers: Omg We Are So Different! Todd Fitzgerald We are in a unique age, where we have 4 generations working alongside each other ...
Hot Topics in Information Security Law 2014 Ben Tomhave , Peter Mclaughlin , Rebecca Matthias , Richard Abbott The legal risk and regulatory environment for information security is in a state of constant ...
Neuro-Hacking 101: Taming Your Inner Curmudgeon Mike Rothman , Jennifer Minella For self-proclaimed security curmudgeons and anyone else searching for better work/life balance, this session is ...
Touchlogger on iOS and Android Nathan Mccauley , Neal Hindocha A major problem for online payments is keyloggers. Now that mobile devices are used for ...
Implementing PCI DSS 3.0 for Success: Challenges and Best Practices Troy Leach How is your organization approaching implementation and maintenance of PCI DSS version 3.0 to reduce ...
Privacy Enhancing Technologies: Pipe Dream or Unfulfilled Promise? Naomi Lefkovitz The National Strategy for Trusted Identities in Cyberspace envisions an “identity ecosystem” that doesn’t overshare ...
You Shared WHAT?! Risks and Strategies of Securing Employee File Sharing David Butcher Employees are self-provisioning a variety of consumer grade file sharing tools to get their jobs ...
Mobile Security in the Enterprise Nathan King Creating a mobile security policy and infrastructure in the Enterprise can be a daunting task. ...
Securing Our Nation's Data Centers Against Advanced Adversaries Mark Weatherford , Robert Carey , Jamie Dos Santos , Richard Schaeffer In the world of Advanced Persistent Threats, cyber-delivered disruption and destruction of critical data center ...
Implementing a Quantitative Risk-Based Approach to Cyber Security Scott Borg A risk-based approach to cyber security can yield credible estimates of annualized expected losses under ...
Intelligence Driven Security Adam Meyers Simply securing the enterprise by having the latest in IDS/IPS, Anti-Virus, SIEM and perimeter security ...
The Future of Authentication: Different Approaches to the Same Goal Bob Blakley , Brett Mcdowell , Michael Barrett , Eve Maler , Mayank Upadhyay Customer satisfaction and growing online fraud are major factors in driving the uptake of strong ...
Project 2020: Preparing Your Organization for Future Threats … Today Rik Ferguson Hear the results of Project 2020, which is an ICSPA initiative, driven by Trend Micro ...
Big Data's Potential in Helping to Secure the Internet of Things Jim Kobielus This session addresses the security challenges of IoT. Understand IoT vulnerabilities at the device, application ...
New Foundations for Threat Modeling Adam Shostack Everyone knows you ought to threat model, but in practical reality it turns out to ...
Why Cyber Incident Response Teams Get No Respect Mark Weatherford , Larry Ponemon , Christopher Pierson , Jill Phillips , Thomas Cross As security breaches continue to plague companies, a great cyber incident response team is essential. ...
Side-Channel Attacks Thomas Roche , Carolyn Whitnall , Lubos Gaspar Dueling Banjos - Cloud v Enterprise Security: Using Automation & DevOps NOW
Honeywords: A New Tool for Protection from Password Database Breach Ronald l. Rivest , Kevin d. Bowers Is your company next in line to be breached? Password breaches are becoming an everyday ... IncludeThinkstScapes
Gumshoes – Security Investigative Journalists Speak Out Dan Hubbard , Kevin Poulsen , Brian Krebs , Nicole Perlroth Financial fraud, advanced malware, APTs, nation state attacks, cyber warfare, they’ve covered it. In this ...
To Regulate or Not to Regulate Cyber Security: That Is the Question James Lewis , Irving Lachow , Evan Wolff , Paul Rosenzweig There is growing evidence that the private sector cannot adequately respond to state-sponsored cyber attacks ...
C U SRF with Cross USer Request Forgery Amichai Shulman Will present a new, practical type of CSRF, the “Cross USer Request Forgery” (CUSRF, pronounced ...
An Arms Race: Using Banking Trojan and Exploit Kit Tactics for Defense Ryan C. Barnett , Ziv Mador During this talk we will show how security products can use hackers' advanced obfuscation tactics ...
Keeping Up with the Joneses: How Does Your Insider Threat Program Stack Up? Dawn Cappelli , Randall Trzeciak None of us want our trade secrets taken to a competitor, confidential information exposed, customer ...
Search, Warrants and the Right to Privacy: Are We In Post-Constitutional America? Andrew d. Peck , John Facciola , Steven Teppler , Frank Maas What are the American citizens’ expectations of privacy for information generated, transmitted through or stored ...
Security Education for the New Generation Jacob West , Matt Bishop How will we educate a new generation of computer scientists on security? We tackle topics ...
Hero to Zero: Can Government Catch-up in Mobility? Luke Berndt Government was one of the first enterprises to embrace mobility. However the marketplace has become ...
Training CIRTs for the IRL Trenches Alissa Torres The time to realize that your Incident Response team's SOPs are broken is NOT when ...
Baseline Security: A Risk-Based ISMS Implementation Peter Kunz Implementing InfoSec policies for a baseline level of protection is one of the key pillars ...
Enterprise IAM Strategies in Banking Jim Weaver What are the key components of an IAM strategy in banking? What puzzle pieces do ...
An Overview of the EO Cybersecurity Framework Matthew Scholl , Kevin Stine , Samara Moore , Peter Allor , Adam Sedgewick Under Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the President directed NIST to work with ...
Continuous Monitoring with the 20 Critical Security Controls (CSC) Wolfgang Kandek The 20 CSC outline a practical approach to implementing security technologies by providing proven guidelines ...
One Step Ahead of Advanced Attacks and Malware Jon Paterson Signature-based approaches offer excellent precision and efficiency, but lack the depth needed to protect against ...
Handling Zero Day Disclosures: You're Doing it Wrong Brian Gorenc , Jewel Timpe Do you think handling vulnerability disclosures is hard? It shouldn’t be. We share the Zero ...
Security of Large Complex Technical Systems Marcus Sachs Early industrial methods of mechanization and automation led to highly complex systems that required new ...
Mobile App Privacy: Gone in 6 seconds Kevin Watkins This presentation will demonstrate just how easy app privacy theft is to perpetrate with popular ...
A Penetration Testing Maturity and Scoring Model Dave Shackleford What value does pen testing really provide to your organization? What constitutes a “good” pen ...
Hacking Exposed Mobile Joel Scambray N/A
Beginners Guide to Reverse Engineering Android Apps Pau Oliva Fora Ever wondered what this black magic that hackers and security analysts use to reverse engineer ...
Data-Driven Security (Brand New Book Launch) Bob Rudis , Jay Jacobs N/A
Mobile Analysis Kung Fu, Santoku Style Andrew Hoog , Sebastian Guerrero Selma Santoku Linux is a F/OSS distro dedicated to mobile forensics, security and malware analysis. This ...
DevOps/Security Myths Debunked David Mortman , Gene H. Kim , Josh Corman , Nick Galbreath , Dwayne Melançon As DevOps has become more popular a lot of myths have arisen with regards to ...
Surviving a Security Firestorm: Tales from Those Who've Lived through It Roland Cloutier , Ronald Woerner , Bill Downes , Kostas Georgakopoulos , Rocco Grillo Imagine you’re in the middle of a major security breach. What do you do and ...
Symmetric Encryption & Cryptanalysis Jean-Philippe Aumasson , Vesselin Velichkov Topic 1: Automatic Search for Differential Trails in ARX Ciphers Authors: Alex Biryukov and Vesselin ...
Let Your Users Go Rogue Sanjay Beri , Alan Boehme , Arthur Lessard , Mike Kail Shadow IT is scary! But maybe letting people "go rogue" is a good thing. Join ...
Is the Cloud Really More Secure Than On-Premise? Bruce Schneier , Wade Baker , John Pescatore , Eran Feigenbaum , Bret Arsenault Scalability, low cost and fast deployment are attracting organizations to adopt cloud services. But some ...
Castles in the Air: Data Protection in the Consumer Age Jason Clark , John Johnson The consumerization of IT (CoIT) involves what Gartner calls the 'Nexus of Forces': Social, Cloud, ...
Hot Topics in Privacy Michelle Dennedy , J Trevor Hughes , Brendon Lynch , Keith Enright The explosion of social media, mobile devices and internet sharing has pushed privacy to the ...
Your Product is Made WHERE? David Doughty Increasingly companies and governments are focusing on where products are made as a means of ...
Pass-the-Hash: How Attackers Spread and How to Stop Them Mark Russinovich , Nathan Ide Pass-the-hash transforms the breach of one machine into a total compromise of infrastructure. The publication ...
Cybersecurity the Old Fashioned Way: Pass Known Good Content Peter Fonash , Ann Barron-dicamillo , Boyd Fletcher , Brian Done , Thomas Ruoff This panel will present security benefits of filtering processes in cross domain solution (CDS) technologies ...
It’s Time to Offer Facebook Logon to Your Customers Daniel Killmer , Kevin Moulton Fear and uncertainty has ruled decisions to NOT offer Facebook authentication. In this session, we ...
How Good Is Your Predictive Coding Poker Face? Andrew d. Peck , Steven Teppler , Matthew Nelson Predictive coding technology is like the poker game Texas Hold ‘em. Both can be risky ...
CANCELLED: Why We Need a Cybermilitia (and How to Get One) Siobhan Macdermott The need for comprehensive cybersecurity legislation is obvious and urgent but neither governmental nor business ...
Predatory Hacking of Mobile: Real Demos Jeff "rfp" Forristal Sneak behind enemy lines to learn how hackers can grab data off mobile devices. Live ...
The 900 Days: Battles with NAC and Access Control Jennifer Minella War stories, roadblocks and recovery plans. In the last 3 years, we’ve dumped volumes of ...
How to Quickly Achieve the HIPAA Compliance Now Required for Most Companies Michael Mcalpen HIPAA now covers a surprising swath of businesses. Who is covered? What does achieving compliance ...
Mobile Payments: Winning the Fraud Battle Rajesh Ramanand Explore how technologies like single sign in, one-click payments and the disposability of mobile devices ...
Big Data and Hadoop: New Security Challenge Seshadri Ramaswami A discussion around the new type of approach necessary in order for organizations to take ...
Meet the PCLOB: An Introduction to the Independent US Privacy and Civil Liberties Oversight Board Ari Schwartz , James Dempsey , David Medine , Elisebeth Cook , Rachel Brand The newly formed independent PCLOB began its work in the summer of 2013 only to ...
Raising the Security Bar with Windows 8.1 Chris Hallum Windows 8.1 offers a huge leap forward in security by including the largest set of ...
Building a Mystery: Threat Intelligence in Modern Security Christopher Elisan , Rick Holland , Berk Veral , Andrew Bjerken , Daniel Cohen Today’s cyber threats make actionable intelligence and intelligence sharing crucial to a new security approach: ...
Threat Centric Security Martin Roesch If you knew you were going to be compromised would you do security differently? It’s ...
10 Dimensions of Security Performance for Agility & Rapid Learning David Severski , Russell Cameron Thomas Information security is an innovation arms race. We need agility and rapid learning to stay ...
It’s a Jungle Out There: The Security State of CMS Platforms Maty Siman Most likely your organization is using a CMS-based site—whether for blogging, site delivery or user-engagement. ...
Smart Grid Security: A Look to the Future Gib Sorebo Drawing on his recently published book, the speaker will discuss the future of security for ...
Social Media Single Sign-On: Could You Be Sharing More than Your Password Tom Smith In today’s social media environment, a single sign-on to social sites is quite appealing. However, ...
Foreign Spies and Facebook: The Undeniable Truth Hila Meller , Menny Barzilay It is strange to acknowledge that almost every country in the world would like to ...
The Steps Zurich Took to Build an “Effective” Information Security Program James Shira This session will present the major challenges of Zurich Insurance Group’s security team and the ...
Using Data Breadcrumbs to ID Targeted Attacks Dan Hubbard Without copies, samples or details how can one possibly prevent, contain and inform on targeted ...
Beyond Information Warfare: The History of the Future of Security Winn Schwartau We will weaponize it. Humans will soon share Earth with 100B intelligent IP endpoints. We ...
Targeted Security Analytics: You Know Where They are Going. Be Waiting Andrey Dulkin As perimeter defenses fail to defend against targeted attacks, the mitigation focus has shifted to ...
DHS Cybersecurity Future Technology : Where We Go From Here Brendan Goode This session will focus on understanding the development of the next five-year cybersecurity engineering and ...
Getting Your Security Budget Approved Without FUD John Dickson Getting a security budget approved is a challenge, but it is arguably the single most ...
Hijacking the Cloud: Systematic Risk in Datacenter Management Networks Michael Cotton This session will focus on the unique security challenges of securing the baseboard management network ...
Third-Party Cyber Security & Data Loss Prevention Brad Keller , Jonathan Dambrot While companies may do an effective job of their cyber security and data protection, the ...
Cybersecurity in a World of Borders Michael Daniel Most people describe cyberspace as a place with few borders: great for commerce and the ...
Information Security Policy for Users (Not Auditors) Michael Scheu Corporate Information Security Policies have grown into unwieldy documents of 50 pages or more. While ...
DLL Side-Loading: A Thorn in the Side of the Anti-Virus (AV) Industry Amanda Stewart Advanced Persistent Threat (APT) developers use “DLL Side-Loading” to sneak malware past Anti-Virus (AV) scanners. ...
Learning Malware Languages: Fun with Dick and Jane’s Malware Terry Nelms Recognizing the languages of today’s malware families requires an understanding of both their grammar and ...
Helping People Walk the Narrow Path Markus Jakobsson While most people are honest, many occasionally stray from the truth, whether when filing taxes, ...
Deciphering the Legal Framework that Governs Online Identity Systems Tom Smedinghoff The legal rules that govern online identity systems come from a variety of sources, and ...
Crypto for Constrained Devices – A Talk with Whitfield Diffie Whitfield Diffie , Ray Potter Technology continues to get faster, smaller and more deeply integrated. This creates a challenge for ...
OTT, Virtual Carriers and the New Wave of Spam Threats in the 4G/LTE World Simeon Coney The rise of new applications and services in the U.S. and globally is unintentionally causing ...
Riding the Tiger – Harnessing the Power of Industry in Cyber Security Dag Stroman , David Martin Common Criteria, the widely used international standard for IT product security, is evolving—new technologies, threats, ...
How Joshua DoSed Jericho: Cybersecrets of the Bible Mary Ann Davidson “There is nothing new under the sun”— Ecclesiastes. Who knew the Bible is a security ...
Criticality Analysis & Supply Chain: Providing "Representational Assurance" Daniel Reddy Acquirers of technology want to know from their suppliers which components are most critical in ...
Integrating Any Smartphone Into Your Mobile ID Strategy Kevin Gillick Industry association, GlobalPlatform, details how the secure element, smart card and trusted execution environment are ...
Tinker Bell SSL: Avoiding the Neverland Security Infrastructure Errol Lloyd Too much of a good thing can be bad for your security infrastructure; specifically high ...
Break That Code Trivia Game Hugh Thompson Join Hugh Thompson as he hosts a security themed trivia game in The Sandbox! Show ...
Cybersecurity Framework: A Practical Guide to Manage Cybersecurity Risk Roberta Stempfley , Kevin Stine , Samara Moore , Ronald S. Ross , Robert Kolasky , Chris Boyer , Scott Saunders The Cybersecurity Framework offers a prioritized, flexible, repeatable, performance-based and cost-effective approach to managing cyber ...
TweetUp: Security & Privacy Mark Stanislav , Brian Honan Join us for a TweetUp at the Social Command Center (Moscone North/South Hallway) on Wed ...
The FBI and the Private Sector: Closing the Gap in Cyber Security James Comey Director Comey will discuss cyber threats to our national security. We have made great strides, ...
Stop Looking for the Silver Bullet: Start Thinking Like a Bad Guy Art Gilliland Organizations worldwide spent approximately $46B on cyber security in 2013, but successful breaches increased 20% ...
Watching the Watchers: Privacy Officers Inside the U.S. Government Ari Schwartz , Alexander Joel , Erika Brown Lee , Karen Neuman The NSA revelations have sparked renewed interest in who is overseeing privacy inside the federal ...
Operation Full Circle Michael Fey Intel Security's McAfee GM of Corporate Products & Worldwide CTO, Michael Fey, will present the ...
Android Security Cookbook Scott Alexander N/A
The Future of Security Stephen Trilling How do you stop a motivated attacker who has unlimited resources from compromising your enterprise’s ...
Cyber Warfare 2E Jason Andress N/A
The Boy Who Played with Fusion Taylor Wilson Taylor Wilson’s keen interest in science sparked at any early age. From the construction of ...
Using Automated Cyber Threat Exchange to Turn the Tide against DDOS Phyllis Schneck , Peter Fonash , Richard Struse , Joseph Demarest , Mark Clancy The FS ISAC, the IT sector and the Federal Government have been working together to ...
RESTing on Your Laurels Will Get You Pwned Abraham Kang , Alvaro Muñoz Public REST APIs have become mainstream. Now, almost every company that wants to expose services ...
Cybersecurity: An Innovative Approach to Advanced Persistent Threats Brent Conran Understand the nature and evolution of APTs and why it is so difficult to deal ...
Education and Engaging the C-Suite on Cybersecurity Roland Cloutier , Michael Kaiser , Bill Coleman , Jenny Menna Many small and medium companies often lack the resources and tools to protect against the ...
End-to-End Analysis of a Domain Generating Algorithm Malware Family Jason Geffner Select malware families have used Domain Generating Algorithms (DGAs) over the past few years in ...
Digital Signatures Benoit Libert , Sherman s.m. Chow , Essam Ghadafi Topic 1: Group Signatures with Message-Dependent Opening in the Standard Model Authors: Benoit Libert and ...
Oh the PaaSabilities, Security in a Platform as a Service World David Mortman PaaS makes developers (and possibly operations) lives much easier. But what are the security implications ...
Security vs. Privacy: Who is Winning? Christopher Pierson , James Shreve What is more important “Security” or “Privacy”? Surveillance, information sharing, website collection, merged media everywhere ...
Public Cloud Security: Surviving in a Hostile Multitenant Environment Mark Russinovich The rise of public cloud computing has brought with it a new set of security ...
Buyer Beware: How to Be a Better Consumer of Security Maturity Models Julia Allen , Nader Mehravari Maturity models are effective tools for improving an organization’s security capabilities and outcomes. But knowing ...
Too Critical to Fail: Cyber-Attacks on ERP, CRM, SCM and HR Systems Mariano Nunez They run your business-critical processes and store your most sensitive information. However, you were told ...
Cloud Ninja: Catch Me If You Can! Rob Ragan , Oscar Salazar What happens when computer criminals start using friendly cloud services such as Dropbox, Google Apps, ...
Changing User Behavior: The Science of Awareness Aaron Higbee , Lance Spitzner , Kati Rodzon , Frank Dimina Humans are a creature of habit. Understanding the way users think and react is vital ...
Dueling Perspectives: “Rules of the Road” or “Rule of Law” for Cyberspace James Lewis , Catherine Lotrionte , Steven Chabinsky , Ary Brown , John Mallery While cyber conflicts are likely to become more frequent and intense, events have outpaced the ...
Android Security - Building a Secure Open Source Platform Adrian Ludwig Android has introduced a new model for securing a computing platform. This talk by the ...
How Was Your Migration to RSA 2048-Bit? Errol Lloyd Did you complete your digital certificate migration to RSA 2048-bit? Are you still migrating internally? ...
How to Overcome Security Challenges of Doing Business in China Paul Harjung Doing business in China can present unique IT security challenges. In this P2P session, attendees ...
The Privileged User Discussion: Security Enforcer or Threat? Roger Bache Privileged Users are one of the greatest risks an organization faces today. Because of the ...
“All About the Data”: Security Information and Event Analysis – Move from a Qualitative to Quantitative Approach Corey Epps Qualitative assessments of security risks are not as compelling as statistics on attacks detected, contained ...
Cyber Legislation: National Security & Corporate Responsibility Collide Robert F. Lentz , Clete Johnson , Adam Sedgewick , Byron Acohido , Ryan Gillis Where does national security intersect with corporate responsibility, and should Washington push for legislation to ...
Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome Josh Corman , David Etue Nearly every aspect of our job as defenders has gotten more difficult and more complex—escalating ...
Oh the Humanity! Building Reliable Cultural Firewalls Lance Hayden Security is a cultural as much as technological challenge. Culture is defined as shared values ...
Is the Security Industry Ready for SSL Decryption? John W. Pirc , David Desanto This session will uncover research findings regarding issues with on-board SSL decryption with next generation ...
Key Trends in Security: The Venture Capitalists' View Joseph Menn , David Cowan , Asheem Chandna , Ray Rothrock In this session, three distinguished venture capitalists from Bessemer, Greylock and Venrock will discuss the ...
Words Matter: Eschew Obfuscation, Espouse Elucidation Sari Greene The language of security is replete with technical jargon, confusing acronyms, inconsistent terminology and negative ...
Security by and for the People! Joshua Davis , Leslie Lambert Security by and for the people! Data protection and security awareness have amped up by ...
The Game of Hide and Seek, Hidden Risks in Modern Software Development Ryan Berg Today's modern software is no longer written, it's assembled. It's time to take a hard ...
iOS Security: The Neverending Story of Application-Security Adi Sharabani , Yair Amit iOS is probably the most security mobile operating system nowadays. However, is it enough? Last ...
Protocols Sarah Meiklejohn , Kaoru Kurosawa , Qiong Huang Topic 1: Rethinking Verifiably Encrypted Signatures: A Gap in Functionality and Potential Solutions Authors: Theresa ...
The Boundary Between Privacy and Security: The NSA Prism Program Jim Harper , Omer Tene , Chris Hoofnagle , Mary Ellen Callahan Is there a reasonable expectation of privacy, even in issues of national security? In the ...
50 Shades of Security: Whipping Your Users Into Submission Ira Winkler While admittedly the title of this presentation started as a joke, the reality is that ...
Measurement as a Key to Confidence: Providing Assurance Robert Martin , Ron Ross , Sally Long , Daniel Reddy , Helmut Kurth Providing security assurance relies on programs, schemes and assessors specifying and performing appropriate measurements. These ...
Bitcoin Is Here: How to Become a Successful Bitcoin Thief!!! Etay Maor , Uri Rivner OK folks. You’ve all been hearing about Bitcoin—and now it’s time to leverage this amazing ...
Whose IP Is It Anyway: Tales of IP Reputation Failures Michael Hamelin Throughout the history of security we've used many forms of reputation to identify adversaries. The ...
Social Engineering: When the Phone is More Dangerous than Malware Chris Hadnagy , Michele Fincher Is social engineering (SE) the most dangerous security threat to your business? The Social-Engineer team ...
Hackback? Claptrap! - An Active Defense Continuum for the Private Sector Randy Sabett , Stewart a. Baker , James Denaro , Steven Chabinsky , Irving Lachow Many commentators take a binary approach to active cyber defense (“hacking back”)—that it’s either OK ...
Practical Attacks against MDM Solutions (and What Can You Do About It) Michael Shaulov How are mobile cyber-espionage attacks carried out? In this engaging session, we will show how ...
International Data Breach Response Ellen Giblin Conversation will guided by Privacy Counsel’s experience in managing an international data breach spanning 34 ...
SCADA Success Stories Peter Lunk SCADA and Industrial Control System security is becoming more important in the wake of Stuxnet ...
Threat Modeling: How Do You Define It? How Do You Use It? Dan Klinedinst There are many different approaches to threat modeling: methodologies, visual attack graphs, red teaming, security ...
Security Risk Assessments of Third-Party Service Providers Robert Shullich A common method in assessing risk about a third-party and their security practices is to ...
Government x 2: State and Federal Collaboration on Cybersecurity Cheri Caddy , Dan Lohrmann , Mike Sena , Tom Maclellan Cybersecurity requires a unique—and challenging!—degree of collaboration among different government offices, particularly when responding to ...
Bad Romance: 3 Reasons Hackers Love Your Web Apps & How to Break Them Up Jd Sherry Increased complexity & access to personal data has made web apps a prime target for ...
Mutiny on the Bounty: The Epic Tale of How Data Defeated Dogma Katie Moussouris Nobody believed it would ever happen, yet in 2013 Microsoft launched not 1 but 3 ...
How Microsoft IT "Does" Data Protection Laura Hunter In this informative and entertaining session, come and hear from a real-world architect within Microsoft's ...
Make Way for the Internet of Things Benjamin Jun The coming wave of smart, connected “things” will explode your organization’s endpoints by a factor ...
Should a National Cyber Safety Board Be Created to Help Report on Breaches? Alex Hutton , Adam Shostack , Harry Sverdlove , Chris Wysopal , Jacob Olcott When will the number of breaches per year start to come down and what will ...
Security Business Intelligence– Big Data for Faster Detection/Response Stacy Purcell Intel’s Security Business Intelligence platform is a game changer for Intel’s security team. Our custom ...
Hunting for OS X Rootkits in Memory Cem Gurkok The OS X Kernel has been increasingly targeted by malicious players due to the shrinking ...
How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell Yair Rovek Not conforming to the traditional SDLC model, Agile sounds like a security nightmare. We opened ...
Where in the World is xn--80atbrbl6f.xn--p1ai? Chris Larsen , Tim Horst Internationalized Domain Names (IDNs) allow registration and use of domains using non-ASCII characters. They have ...
The PRNG Debate Dan Boneh , Paul Kocher , Bart Preneel , Adi Shamir , Dan Shumow Several high profile failures of Pseudo-Random Number Generators have recently been reported. In this panel ...
The Future of Exploits, Developing Hidden C&C and Kittens James Lyne Writing an exploit to deploy malware with C&C to exfiltrate data. Have you ever seen ...
Ending Risk Management Groundhog Day Jack Jones Ever wonder why risk management can make you feel like Bill Murray in the movie ...
Turning Medical Device Hacks into Tools for Defenders Jamie Gamble , Tim West Much has been done to highlight weaknesses in medical devices in the past years. To ...
How Microsoft, FS-ISAC & Agari Took Down the Citadel Cybercrime Ring John Wilson , Patrick Peterson , Errol Weiss , Richard Boscovich A global cybercrime ring was dealt a serious blow in June when over 1,500 command ...
How to Catch an Insider Data Thief Jonathan Grier Insider data theft leaves no broken windows, making traditional forensics blind. But you can still ...
Is the Liberty Reserve Money Laundering Case the New Face of Cyber Crime? William Rogers , Eduard Goodman , Joseph Burton , Macdonnell Ulsch The Rising Implications of Crypto-Currency in Crime and Commerce. The cyber criminal enterprise is increasingly ...
Why Mobile Should Stop Worrying and Learn to Love the Root Andrew Hoog IT departments are locked out of mobile devices without rooting or jailbreaking them, a serious ...
Not Playing Nice in the Sandbox; The Latest in Malware Evasion Techniques Jeff Debrosse Attendees will discuss the latest and greatest in sandbox evasion, research and detection techniques. Join ...
Workshop on the Proposed NIST Cybersecurity Framework Lawrence Dietz This workshop will give participants a chance to evaluate the good, bad and the ugly ...
U.S. and E.U. Competition to Regulate the Emerging Global Identity Architecture Jane Winn The convergence of various technical and business identity management models is fueling the emergence of ...
Information Security Supply Chain - You, Your Partners and Nation States James Deluccia The interdependency of industry and technology has resulted in general real concern of trusting third ...
Cyber Battlefield: The Future of Conflict Dmitri Alperovitch , James Lewis , Jason Healey , Martin Libicki , Tom Corcoran Panel of leading experts in the field will explore complex policy issues of conflict in ...
Why SSL Is Better Than IPsec for Fully Transparent Mobile Network Access Aidan Gogarty Meet head on the challenge of secure remote access from anywhere, anytime. This presentation demonstrates ...
EMM, Delivering Security Without Compromising the User Experience Brian Robison Securing Information with an Enterprise Mobility Management (EMM) solution for either personal or company issued ...
Attacking Trust – The Next Evolution in Cyber Weaponry Merike Kaeo , Jim Routh , John Kindervag , Kevin Bocek , Katie Bowen Cybercrimals are fast learners. Adversaries have raced to build on powerful blueprints laid out in ...
Where Do We Go from Here, Now That Our Internet Is Gone? Rafal wh1t3rabbit Los , Benjamin Jun , Daniel Houser , David Melnick , Erik T Heidt What should the answer be for the security practitioner in a post-Snowden world, where we ...
The "Fog of More" - A CyberSecurity Community Challenge Tony Sager As defenders, we have many resources: tools, technology, information, processes. But this leads to a ...
SDN & Security: Why Take Over the Hosts When You Can Take Over the Network Robert Hinden Software Defined Networks (SDN) is the new hot networking technology that is taking the network ...
Network Security Smackdown: Which Technologies Will Survive? Christofer ( Hoff ) Hoff , Jon Oltsik , Bret Hartman , Martin Brown We will have a lively debate on the future of network security. If you’re in ...
Utilizing Threat Indicators & Context to Improve Security Response John W. Pirc , Howard Schmidt , Phil Porras , Srinivas Kumar The holy grail of security is knowledge of which attacks are targeting my organization and ...
A Comfy Couch for Critical Assets Todd Inskeep Many organizations struggle to prioritize security elements to protect critical assets—why? Because they have failed ...
A Human Factor Interface for SIEM Bettina Wesselmann , Johannes Wiele By correlating security log data from security devices with other security-related information, SIEM provides means ...
Follow the Money: Security Researchers, Disclosure, Confidence and Profit Jake Kouns , Carsten Eiram If you want to understand security research and disclosure, just like in several other industries, ...
viaForensics' Study Tracks Mobile App Data Security (viaForensics) Andrew Hoog Join viaForensics CEO Andrew Hoog as he discusses a 2014 study of application data and ...
Fun with Proxmark3 Daniel Ayoub The Proxmark3 is a tool that enables the user to read, encode and emulate RFID ...
Why AWS CloudHSM can Revolutionize AWS Oleg Gryb , Subra Kumaraswamy , Todd Cignetti As of today, a traditional mindset towards cloud environments can be formulated shortly as "we ...
Is Your Browser a User Agent, or a Double Agent? Mike Shema Privacy shouldn't be an afterthought in the browser. Data security within web and mobile apps ...
Privacy Reboot J Trevor Hughes Why should the security profession care about privacy? Is privacy the enemy of security? Do ...
Reboot Your IT Threat Risk Assessment (TRA) Process in 20 Minutes Olasupo Lawal IT Threat Risk Assessments are important in reducing risks by ensuring that “security” is baked ...
Hacking iOS on the Run: Using Cycript Sebastian Guerrero Selma Cycript is a javaskript interpreter which also understands Objective-C syntax. The goal will be to ...
Disrupting the Progression of a Cyber Attack Brian Honan , Dwayne Melançon Before medieval marauders had any hope of capturing the castle, they first had to overcome ...
Malicious Acrobatics on Social Media Zejin Ding Online social networks are dangerous places for users, as more attacks and malicious dimensions have ...
Data Breach Resolution for Insurance Carriers Paul Paray This session will discuss a variety of actual data breach incidents involving insurance company clients. ... IncludeThinkstScapes
Rogue Mobile Apps: Nuisance or Legit Threat? John Lacour With millions of mobile apps available and tens of thousands being released every month, it ...
View from the Inside: DHS Priorities in Cybersecurity Phyllis Schneck , Suzanne Spaulding Suzanne Spaulding serves as Acting Under Secretary for the National Protection and Programs Directorate (NPPD). ...
Lean Hacking: How Attackers Are Doing More with Less and How to Stop Them Paul Judge Lean is a popular approach in building startups. Hackers are learning to be lean as ...
Babel Revisited: Lessons from an IPv6 Transition Steven f. Fox , Jeffrey Wiley The IRS orchestrated the documentation and implementation of IPv6 security requirements despite organizational and contractual ...
Economic Impact of PRISM on Cloud Services & Safe Harbor Craig Spiezle In light of recent high profile events and news including WikiLeaks, NSA Prism as well ...
Unmasking the Social Engineer and Social Engineering Chris Hadnagy N/A
Little Bets: How Breakthrough Ideas Emerge from Small Discoveries Peter Sims Sims demonstrates that the linear problem-solving we were conditioned to embrace, actively thwarts creativity. Rather, ...
Hacking Web Apps Mike Shema N/A
The New Model of Security Christopher Young , Padmasree Warrior The pace of change in technology is accelerating and security is no different, with attackers ...
The Cloud – Security Nightmare or Our Next Great Hope? Philippe Courtot Security professionals in general distrust the cloud—losing control, fly-by-night third party solutions, privacy and surveillance. ...
The Privacy Engineer's Manifesto: Getting From Policy to Code to QA Value Michelle Dennedy , Jonathan Fox N/A
State of the Hack: One Year after the APT1 Report Kevin Mandia The exposure of one of the world’s most prolific cyber espionage groups known as APT1 ...
A Fierce Domain: Cyber Conflict, 1986 to 2012 Jason Healey N/A
The Story of charity: water Scott Harrison Seven years ago Scott Harrison started charity: water with a mission to bring clean drinking ...
Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats and Blackhatonomics: An Inside Look at the Economics of Cybercrime John W. Pirc N/A
Malware Under the Hood – Keeping your Intellectual Property Safe Marion Marschalek , Mike Kendzierski The power of Reverse Engineering and Forensics can help keep your Intellectual Property safe from ...
Software Liability?: The Worst Possible Idea (Except for all Others) Jake Kouns , Josh Corman While many had hoped that market competition would influence security improvements, customers are forced to ... IncludeThinkstScapes
The Current State of Automotive Security Chris Valasek As automobiles become more connected, thoughts go towards their vulnerability to attack by malicious actors. ...
Hash Function Cryptanalysis Yu Sasaki , Gaoli Wang , Pierre Karpman Topic 1: Analysis of BLAKE2 Authors: Jian Guo, Pierre Karpman, Ivica Nikolić, Lei Wang and ...
Secure Cloud Development Resources with DevOps Andrew Storms , Eric Hoffmann Adoption of cloud resources by development teams has created a security problem. The self-service and ...
Walking the Security & Privacy Talk; Moving from Compliance to Stewardship Michael Hammer , Rick Andrews , Craig Spiezle , Jeff Wilbur As privacy and security concerns mount compounded by big data, big losses and big challenges, ...
Risky Business: Managing Risk across Industries in Today’s Global Economy Christopher Mcclean , Larry Jensen , Russ Paulsen , Scott Knowles Today’s headlines are rife with stories of security breaches, which have changed the way we ...
Technical Metrics Aren’t Enough: 10 Strategic Security Measures Julia Allen , Lisa Young Learn how 10 strategic security measures, tied to business objectives, are more effective than tactical ...
Hunting Mac Malware with Memory Forensics Andrew Case While Mac systems have historically been ignored during targeted attacks, within the last year these ...
Operation Olympic Games Is the Tom Clancy Spy Story that Changed Everything Richard Howard The use of cyber weapons against the Iranian nuclear program changed the cyber landscape forever. ...
The Social Networking Battleground: Growth vs. Security Paul Judge Social networks are popular for users and attackers. The demand for fast growth and high ...
Practical Legal Aspects of BYOD Lawrence Dietz , Francoise Gilbert The exploding use of employee owned devices in the workplace is fraught with legal uncertainty. ...
Lessons Learned from Physical Tamper-Response Applied to Client Devices Ryan Lackey , Eric Michaud Physical tamper-evidence and tamper-response can be applied to client devices (cellphones, tablets, laptops), particularly to ...
Leading Cybersecurity: Technically Sexy, Programmatically Dowdy Mischel Kwon , David Stender , Darren Van Booven , Vance Hitch Continuous Monitoring in the Federal Government has broadened the security leaders’ job. CISO’s manage attack ...
Eight Conflicts Which Changed Cyberspace Jason Healey The history of cyber conflict has been long ignored, leading us to make repeated mistakes. ...
Utilities and Cybersecurity - Myth and Reality Nadya Bartol , Scott Saunders , Doug Mcginnis , Michael Phillips Is it true that the control systems that run our power grid are accessible from ...
The Disaster Experts: Mastering Risk in Modern America Scott Knowles N/A
Collaboration across the Threat Intelligence Landscape Merike Kaeo Varying islands of sharing exist that include industry regulatory organizations, structured executive CISO groups, global ... IncludeThinkstScapes
Writing Secure Software Is Hard, but at Least Add Mitigations! Simon Roses Femerling The fact is that writing secure software is hard but modern compilers (Visual Studio, GCC ... IncludeThinkstScapes
Stepping P3wns: Adventures in Full Spectrum Embedded Exploitation & Defense Ang Cui , Michael Costello , Salvatore Stolfo , Jatin Kataria We will present two demonstrations of exploitation and defense of embedded devices like printers, phones ...
Applications of Cryptographic Primitives Dmitry Khovratovich , Gareth T. Davies Topic 1: KDM Security in the Hybrid Framework Authors: Gareth T. Davies and Martijn Stam ...
Applying Cryptography as a Service to Mobile Applications Peter Robinson Deploying cryptographic keys on vulnerable end points such as mobile phones is risky. This presentation ...
BYOD: An Interpretive Dance Ellen Giblin , Constantine Karbaliotis IT departments are being faced with an increasing demand for use of personal devices, to ...
We Are All Intelligence Officers Now Dan Geer The concerns only of NSA in 1983 (the TCSEC/Orange Book year) are now the concerns ...
Visualize This! Meaningful Metrics for Managing Risk David Mortman , Alex Hutton , Caroline Wong , Jack Jones , John Johnson Metrics are incredibly useful and a critical input for making risk decisions, but finding the ...
Now You See Me – Attacks with Web Server Binaries and Modules Vanja Svajcer The session covers targeted attacks on Apache and other web servers such as nginx and ...
They Did What?!? – How Your End Users Are Putting You at Risk Mike Seifert Informed users make better decisions. Your users can be social engineered and enable cyber crime. ...
How to Make a Security Awareness Program FAIL! Winn Schwartau Security Awareness is often integral to a good security program. But is it worth it? ...
Cyber Legislation & Policy Developments 2014 Michael Aisenberg Congress, government agencies, standards bodies and foreign nations all have developed new laws, regulations and ...
Mobile Application Assessments by the Numbers: A Whole-istic View Dan Cornell Typically, mobile application assessments myopically test only the software living on the device. However, the ...
Risk and Responsibility in a Hyper-Connected World Chris Rezek , James Kaplan Findings and perspective on the current state of the cyber security challenge and three potential ...
A CISO's Perspective: Protecting with Enhanced Visibility and Response Jay Leek Most organizations are heavily focused on building taller wider walls thinking they can keep the ...
Building and Extending Solutions with Hardware Trust Steve Orrin , Doug Austin CSC is extending our infrastructure and end-user solutions to incorporate hardware trust. This session will ...
Securing Smart Machines: Where We Are, Where We Want to Be, and Challenges Tadayoshi Kohno , Akshay Aggarwal , Dan Guido , Laura Berger Using recent examples, panelists will examine the security challenges companies face when adding connectivity to ...
Information Exchange on Targeted Incidents in Practice Freddy Dezeure Information exchange of IOC/TTPs used in targeted attacks is key to detecting intrusions earlier and ...
Seven Habits of Highly Effective Security Products Sandra Carielli Time after time, we see security products not fully leveraged, used incorrectly, or end up ...
Syrian Electronic Army: Their Methods and Your Responses Ira Winkler Having helped organizations respond to Syrian Electronic Army (SEA) attacks, we learned about their methods. ...
Cloud Application Security Assessment, Guerilla Style Adam Willard , Mark Orlando This session will outline a low cost, non-intrusive “guerilla style” security assessment approach for cloud-based ...
How to Discover if your Company's Files are on a Hacker's Shopping List Christopher Burgess In the 2013 Intellectual Property (IP) Commission report the U.S. is believed to have lost ...
What Is Going on at NSA These Days Richard George As a former NSA insider, the speaker will focus on some of the stories about ...
The Dichotomy of the System Administrator Cliff Neve Organizations spend a lot of time focusing on APTs and the lack of education of ...
Eyes on IZON: Surveilling IP Camera Security Mark Stanislav If you have an IP camera at home or work, you may have wondered, "How ...
A Hacker’s Perspective: How I Took Over Your City’s Power Grid Andrew Whitaker This war story session will share the techniques our penetration testing team has used in ...
Top Attacks in Social Media Gary Bahadur How does a company protect itself and protect customer data from social media attack vectors? ...
Applying International Law to Cyber Warfare Jason Thelen The Tallinn Manual answered a critically unanswered question “When is a cyber attack an act ...
Smartphone Privacy Daniel Ayoub In this session, we will explore the permissions users often unknowingly grant on their smartphones ...
Effects of Recent Federal Policies on Security and Resiliency Landscapes Nader Mehravari Recent executive orders, presidential policy directives and federal agency activities are affecting strategies and practices ...
The Role of a Cyber Mercenary Gunter Ollmann Focusing on the evolution of information warfare specialists and their increasingly valuable role within mercenary ...
Malware Defense Integration and Automation Robert Fry Demonstrate the value of Netflix's Open Source initiative FIDO (Fully Integrated Defense Operation) and how ...
When Worlds Collide – the Fusion of Cloud and Embedded Tim Skutt The fusion of Cloud and Embedded has huge potential for transforming systems. This fusion brings ...
Hugh Thompson and Guests Hugh Thompson Security guru and bestselling author Dr. Herbert “Hugh” Thompson has seen it all—hacked voting machines, ...