RSACon 2014 Feb. 24, 2014 to Feb. 28, 2014, San Francisco, USA
Tell us about missing data
Tell us about missing data
| Title | Speakers | Summary | Topic Types |
|---|---|---|---|
| SANS: The Critical Security Controls: Planning, Implementing and Auditing | James Tarala | This course helps you master specific, proven techniques and tools needed to implement and audit ... | |
| SANS: Securing The Human: How to Build, Maintain and Measure a High-Impact Awareness Program | Lance Spitzner | Organizations have invested in information security for years now. Unfortunately, almost all of this effort ... | |
| SANS: Lethal Network Forensics | George Bakos | LETHAL NETWORK FORENSICS focuses on expanding your forensic mindset to include transient communications that occurred ... | |
| SANS: Mobile Device Security | Larry Pesce | This course is designed to teach students about the threats organizations are exposed to via ... | |
| (ISC)² CSSLP CBK Training Preview | Stephen Kalman | Build hacker resilient software! Attend this FREE half-day education session based on the (ISC)² CBK® ... | |
| Security Basics Seminar | Hugh Thompson , Tas Giakouminakis , Dana Wolf , Dennis Moreau , Michael Poitner , Benjamin Jun , Jason Brvenik , Mike Janke | The Security Basics Seminar explains some of the most important security principles and is designed ... | |
| Information Security Leadership Development: Surviving as a Security Leader | Jeff Bardin , Evan Wheeler , Doug Graham , Bruce Bonsall , Dave Notch , Dennis Devlin , Justin Peavey , Robert West | In conventional security training, there are few opportunities to learn how to develop and direct ... | |
| Closing the Cybersecurity Skills Gap – It’s Past Time. | Jane holl Lute , Andy Ellis , Javvad Malik , Dwayne Melançon , Mike Assante | This session will discuss how the evolving threat landscape is altering cybersecurity roles and what ... | |
| The Future of Security Education | Ernest Mcduffie , Michael Murray , Hord Tipton , Christopher Bloor | The info sec community dumps huge amounts of money into training their professionals. For countless ... | |
| The Security Staff and Skills Shortage is Worse Than You Think | Jon Oltsik | The shortage of skilled security professionals has gotten worse. It now overshadows shortages in all ... | |
| Advancing Information Risk Practices Seminar | Evan Wheeler , Jeff Lowder , Julie Fitton , Brad Keller , Irfan Saif , Scott Andersen , Summer Fowler | Many challenges face today’s Risk Management programs, including how to risk rank security gaps, handling ... | |
| Right Skills, Right Time, Right Industry: Women in Security | Julie Peeler , Cecily Joseph , Marene Allison , Patricia Goforth | Women account for 11% of the global information security workforce. Yet their diverse voice and ... | |
| Science Fiction is Here!! | Sam Curry , Uri Rivner | We've been reading about them in Sci-Fi books, and followed them in Sci-Fi movies. Well, ... | |
| (ISC)² CCFP CBK Training Preview | Stephen Kalman | Certified Cyber Forensics Professional (CCFP) provides a comprehensive validation of your knowledge and skills as ... | |
| Cyber Security Canon: You Should Have Read These Books by Now | Richard Howard | “Canon: a body of the most influential works.” This short talk will review some of ... | |
| So Why on Earth Would You WANT to be a CISO? | Todd Fitzgerald | You have been working in security for a few years, learning how to hack into ... | |
| Internet of Things... Promising but Let's Not Forget Security Please! | Eric Vyncke | Internet of Things (IoT) brings a lot of promises of a fully connected world: from ... | |
| Security: The Hardest Career | Michael Murray | Media constantly claims we have a lack of qualified information security professionals, yet we are ... | |
| Cyber Vigilante or Self Defense? | Bruce Heiman | As attacks on private-sector critical cyber infrastructure increase in frequency and sophistication, affected companies must ... | |
| Running Secure Server Software on Insecure Hardware without a Parachute | Nicholas Sullivan | In this session we will look in depth into what happens when we throw away ... | |
| Be a DREAMR: Obtain Business Partnership, Not Just Buy-in | Benjamin Meader , Jessica Hebenstreit | The Security DREAMR framework provides organizations with a systematic approach to remove the impression that ... | |
| Making Penetration Tests Actually Useful | Ira Winkler | Penetration tests are a staple among most security programs. They prove that problems exist, which ... | |
| Redefining Identity in the Age of Intelligence-Driven Security | Arthur W. Coviello | Identity lies at the heart of online security—determining what we are able to access and ... | |
| Conundrums in Cyberspace: Exploiting Security in the Name of, well, Security. | Scott Charney | Trust in technology has been badly undermined by public disclosures of widespread government surveillance programs. ... | |
| The Next World War Will be Fought in Silicon Valley | Nawaf Bitar | We are under attack, and we are not allowed to fight back. Everyone has a ... | |
| The Cryptographers' Panel | Paul Kocher , Whitfield Diffie , Ronald l. Rivest , Adi Shamir , Brian Lamacchia | Join the founders and leaders of the field for an engaging discussion about the latest ... | |
| Understanding NSA Surveillance: The Washington View | Richard Clarke , Michael v. Hayden , James Lewis | Revelations about NSA’s surveillance programs changed the landscape for the tech industry and the internet. ... | |
| Computer Forensics and Incident Response in the Cloud | Stephen Coty | Computer security incident response plans include physical server access, and the ability to scan logs ... | |
| Entropy, Random Numbers and Keys: What's Good Enough? | John Leiseboer | This session examines the relationship between entropy, random numbers and cryptographic keys. Currently, FIPS-140 only ... | |
| Security Principles Versus the Real World | Gary Mcgraw , Keith Gordon , Marcus J. Ranum , Eugene Spafford , Jim Routh | Years ago, Saltzer and Schroeder identified a set of security principles meant to guide security ... | |
| Welcome & Non-Integral Asymmetric Functions | Patrick Longa , Shi Bai | Topic 1: Efficient and Secure Algorithms for GLV-Based Scalar Multiplication and their Implementation on GLV-GLS ... | |
| Shifting Roles for Security in the Virtualized Data Center: Who Owns What? | Rob Randell , Malcolm Rieke | As converged infrastructures take hold, traditional roles are shaken up and reimagined. This session will ... | |
| 20 in 2014: The Top Privacy Issues to Watch | J Trevor Hughes | From the NSA leaks and Prism program to the proposed EU Regulation, privacy and data ... | |
| Implementing Privacy Compliant Hybrid Cloud Solutions | Peter Reid | Business today is turning increasingly to the cloud. Private Cloud technology can be deployed with ... | |
| NSA Surveillance: What We Know, and What to Do about It | Bruce Schneier | Drawing from Snowden documents and revelations from previous whistleblowers, this talk will cover types of ... | |
| Business Control & Velocity: Balance Security, Privacy, Ethics & Optimize Risk | Malcolm Harkins | We are experiencing unprecedented change in the global business environment, which can increase risk and ... | |
| Anti-Stealth Techniques: Heuristically Detecting x64 Bootkits | Lars Haukli | Stealth and persistency are invaluable assets to an intruder. You cannot defend against what you ... | |
| The Dark Web and Silk Road | Thomas Brown | The Government’s widely reported investigation of Silk Road has generated interest in the functioning of ... | |
| Gamifying Security Awareness | Ira Winkler , Samantha Manke | This session describes implementing Gamificaiton into Security Awareness programs, so that users exercise good behaviors ... | |
| Protected in Part Means Fully Exposed—A Mock Trial | Andrew d. Peck , John Facciola , Steven Teppler , Hoyt Kesterson , Carlos Villalba , Jay Brudz | A breach of Tax R Us and exfiltration of tax returns and credit card information ... | |
| Security Shelfware: Which Products are Gathering Dust in the Shed and Why? | Javvad Malik | Enterprises frequently buy security products with the best of intentions, but they end up being ... | |
| Mobile Devices Security: Evolving Threat Profile of Mobile Networks | Anand Prasad , Selim Aissi | This presentation will cover the evolution of threats related to 3G/4G Mobile Networks and their ... | |
| Now That You’re In, How Do You Get Out? Terminating Cloud Services | Ben Rothke | Out of the box Cloud contracts don’t allow for easy exit for the customer. In ... | |
| Identity as a Service (IDaaS): Where are You? | Daya Puls | Identity as a Service (IDaaS) has been a viable business service since before 2009. Open ... | |
| How to Secure the Next Phase of Mobility in the Internet of Things | Erich Stuntebeck | When every piece of technology is connected how can enterprises keep corporate information secure while ... | |
| The Information Security Specialist or Generalist, Who Will Be in Demand? | Rick Gilmore | What will be the demand for skills in the future as Information Security evolves? The ... | |
| Can Government Cybersecurity Policies Balance Security, Trade & Innovation? | Danielle Kriz , Alexander Dewdney , Allan Friedman , Jon Boyens , Masahiro Uemura | As governments increasingly view cybersecurity as a national priority, many are enacting policies that impact ... | |
| Your Pad or Mine? - Embracing and Securing BYOD | Tamir Hardof | BYOD can be a challenge but there are good reasons to embrace it. Attend this ... | |
| Twilight of Legacy AV Models - A Different Long Tail Story | Zheng Bu | Malware has a very short lifetime. But how short is it? The findings may surprise ... | |
| How Shared Security Intelligence Can Better Stop Targeted Attacks | Piero Depaoli | Managing isolated security products to stop today’s threats is a losing battle. The security community ... | |
| Response Plan Fitness: Exercise, Exercise, Exercise! | David Matthews | An incident response plan is worthless if it's shelf art. We'll use a case study ... | |
| Securing the Big Data Ecosystem | Davi Ottenheimer | Security professionals must protect more data in more places than ever before. The emerging business ... | |
| Ensuring Your 3rd Party Vendors and Partners are Secure | Michael Baker | Every organization has either outsourced part of their environment or is considering it to save ... | |
| The Art of Attribution: Identifying and Pursuing your Cyber Adversaries | Dmitri Alperovitch | Imagine someone physically breaks into your company's offices and goes through all your files—would you ... | |
| The NIST Randomness Beacon | Rene Peralta | This session will describe the architecture of the NIST Randomness Beacon. This is to be ... | |
| Data Encryption for Virtualized Enterprise | Misha Nossik | Virtualization of enterprise IT makes sensitive data difficult to control. Just encrypting the disks and ... | |
| Hardware Trojans and Malicious Logic | Alfredo Ortega , Sebastian Muniz | In this talk, we will discuss actual trends on hardware trojan design and implementation. We ... | |
| Security Awareness Metrics - Measuring Change in Human Behavior | Lance Spitzner | Security awareness is nothing more than another control designed to reduce risk, specifically human risk. ... | |
| Diablo Security: What Can Infosec Learn from Video Games? | Dwayne Melançon | Adventure games make it easy for us to understand how our skills, weapons and countermeasures ... | |
| Security PR 101 | James Rivas | While large organizations have the capital and man-power to prepare a Public Relations (PR) plan ... | |
| The Network Alone Can’t Protect Your Data | Chad R. Skipper , Elliot Lewis | The new paradigm of BYOx has made the network border obsolete, thus driving security down ... | |
| Building a Bunker for Business Assets and Processes | Todd Inskeep | InfoSec's recent data analytics focus ignores a) a lack of focused asset management, and b) ... | |
| Securing the Virtual Environment | Davi Ottenheimer | N/A | |
| The Relevance of Government Cybersecurity Intelligence | Mark Weatherford , Phyllis Schneck , Rodney Joffe , Roland Cloutier , Steven Chabinsky | Due to the growing cyber-threat, many commercial companies are using their cumulative technical sophistication to ... | |
| Succeeding with Enterprise Software Security Key Performance Indicators | Rafal wh1t3rabbit Los | Enterprise software security has been a hot topic for over a decade, yet enterprises of ... | |
| Storm Advancing: Security Weathermen Forecast the Advanced Threat Landscape | Neil Macdonald , Ramin Safai , Carter Lee , Golan Ben-oni | In a post-prevention world, security professionals are blind to targeted attacks and advanced malware, and ... | |
| Public-Key Encryption | Sherman s.m. Chow , Christoph Striecks , Irippuge Milinda Perera | Topic 1: A Generic View on Trace-and-Revoke Broadcast Encryption Schemes Authors: Dennis Hofheinz and Christoph ... | |
| Virtualization and Cloud: Orchestration, Automation and Security Gaps | Dave Shackleford | As enterprise virtualization and cloud deployments become more automated, leveraging orchestration platforms and scripting frameworks ... | |
| Cloud Computing in China: Opportunities, Challenges and Risks | James Lewis , Jim Reavis , Timothy Grance , Terry Graham , Yale Li | This presentation will outline the cloud computing landscape in China. It will describe the opportunities, ... | |
| Mission Impossible?: Building and Defending Zero-Knowledge Privacy Services | Nicko van Someren , Mike Janke , Sutha Kamal , Ethan Oberman | A panel of experts describe the new premium on “zero-knowledge” technology models keeping access to ... | |
| The Seven Most Dangerous New Attack Techniques and What's Coming Next | Ed Skoudis , Johannes Ullrich , Alan Paller , Mike Assante | Which are the most dangerous new attack techniques? How do they work? How can you ... | |
| Trust Us: How to Sleep Soundly with Your Data in the Cloud. | G. Mark Hardy , Bill Burns , Michael Hammer , Bruno Kurtic | How do you know your mission-critical data and apps are truly safe with someone else? ... | |
| Security Response in the Age of Mass Customized Attacks | Peleus Uhley , Karthik Raman | In recent zero-days, attackers are combining the features of mass malware with multiple unpatched vulnerabilities ... | |
| One Year Later: Lessons and Unintended Consequences of the APT1 Report | Martin Mckeay , Lance James , Nick Selby , Gal Shpantzer , John Prisco | Mandiant's APT1 report revealed a great deal about China's espionage efforts—but what has the industry ... | |
| The Sixth Man: How Cybersecurity Awareness Programs Strengthen Our Defense | Roberta Stempfley , Michael Kaiser , Jacqueline Beauchere , Kevin Kempskie | The “Stop.Think.Connect” Campaign and National Cyber Security Awareness Month recently celebrated their 10th year engaging ... | |
| Mock Trial Using Actual Case on Misrepresentation of Cloud Based Evidence | Andrew d. Peck , Frank Maas , John Jorgensen , Lucy Thomson , Serge Jorgensen | Electronically Stored Evidence (ESI) presented to the Court has become highly technical and therefore difficult ... | |
| New Frontiers in Security | Kevin Mandia , Ted Schlein , Kenneth Minihan , Nate Fick | A panel moderated by Ted Schlein (Kleiner Perkins Caufield & Byers) with Nate Fick (Founder ... | |
| What Is the Future of Data Privacy and Security in Mobile? | Tanya Forsheit , Charles Mccolgan | This session will cover the privacy challenges presented by mobile technology and the shifting legal ... | |
| OpenStack Clouds & PCI Compliance | Scott Carlson | Large corporations are moving quickly toward OpenStack with a variety of hypervisors (KVM, HyperV, Xen, ... | |
| Android in the Enterprise and the Future of Mobile Threats | Andrew Conway | Android is making significant inroads into the enterprise. According to IDC, Android recently broke the ... | |
| SecOps Alchemy - Turning Pb to Au | James Lugabihl | More and more organizations are shifting their attention from prevention to detection and response. With ... | |
| Risk-based Authentication: The Future of Guarding your Network, Systems and Data | Irfan Saif | Traditional authentication and authorization tools have limited success in preventing sophisticated attackers from gaining unauthorized ... | |
| Facts vs. Fear: Foreign Technology Risks in Critical Industry Sectors | Jerry Caponera , Curtis Dukes , James Barnett , Nigel Jones , Roar Thon | Political rhetoric is stifling practical discussion among U.S. government and critical infrastructure buyers concerned with ... | |
| Harnessing Big Data for Application Security Intelligence | Tsvika Klein , Or Katz | Web app firewall data has increased exponentially, leaving security experts with a big data mess. ... | |
| Analyst Quadrants, Third-Party Tests, Vendor Data Sheets and YOU | Fred Kost , John Kindervag , John Maddison , Paul Yancey , Ryan Liles | How do organizations analyze their product selection options? Can they rely on analyst reports, vendor ... | |
| Good Guys vs. Bad Guys. Using Big Data to Counteract Advanced Threats | Joe Goldberg | Advanced threats skillfully use social engineering and custom malware to get into an organization and ... | |
| Anatomy of a Data Breach: What You Say (or Don’t Say) Can Hurt You | Tom Field , Alan Brill , Michael Bruemmer , Ronald Raether | Every breach response plan looks good on paper, but what about when it’s time for ... | |
| I Survived Rock’n’Roll: Security Incident Escalation | Winn Schwartau | The Show Must Go On! How Stevie Wonder, Paul Simon, Bob Marley and Charlie Daniels ... | |
| Are Mobile Devices the Answer to the Strong Authentication Problem? | Alphonse Pascual , Brett Mcdowell , Michael Barrett , Nils Puhlmann , Phillip Dunkelberger | Strong authentication is the key enabler for delivering web services on desktop or mobile environments. ... | |
| Making the Security Super Human: How to Effectively Train Anyone/Anything | Kati Rodzon | The security and productivity of an organization is largely a product of constant learning by ... | |
| CANCELLED: Using Big Data to Protect Big Data | Stephen Schmidt | AWS’s CISO will discuss how to leverage big data analysis to understand the behavior of ... | |
| Evaluating the Security of Purchased Software: Can We Find Common Ground? | Steven B. Lipner , Chris Wysopal , Howard Schmidt , Eric Baize , Nadya Bartol | Vulnerabilities in software continue to put customers at risk. So how can you tell if ... | |
| Large Corporation Chief Information Security Officers on Aligning Cyber Technologies, Personnel and Processes | Evan Wolff , Andrew Vautier , Gary Gagnon , Greg Schaffer , Michael Papay | Hear from three Chief Security Information Officers at large corporations about their experiences, strategies and ... | |
| Invited Talk | Antoine Joux | Discrete logarithms: Recent progress (and open problems) Read More → | |
| Survey of the Operating Landscape Investigating Incidents in the Cloud | Jacob Williams , Paul a. Henry | You’re moving data and operations to the cloud. Sooner or later you WILL have an ... | |
| From Data to Wisdom: Big Lessons in Small Data | Wade Baker , Jay Jacobs | The infosec industry has gone gaga over big data analytics—and with good reason. But in ... | |
| Hacking Exposed: The Art of Deterrence | Stuart Mcclure | We’ve been spending billions of dollars defending against the bad guys. What if you could ... | |
| Achieving and Exceeding Compliance Through Open Source Solutions | Zack Fasel , Erin “secbarbie” Jacobs | Obtaining and exceeding compliance regulations, especially PCI DSS, doesn't need to be a costly vendor-driven ... | |
| From Disclosing Existing Vulnerabilities to Discovering New Vulnerabilities | Qinglin Jiang | In this presentation, will first show how to use reverse engineering tools to uncover the ... | |
| Effects-based Targeting for Critical Infrastructure | Sean Mcbride | This session describes effects-based targeting per U.S. military doctrine. Relying on surprising ex-post OSINT analysis ... | |
| Cognitive Injection: Reprogramming the Situation-Oriented Human OS | Andy Ellis | It's a trope among security professionals that other humans—mere mundanes—don't "get" security, and make foolish ... | |
| A Tale of Two Mocks—A Deep Dive Into the Issues Raised | Andrew d. Peck , John Facciola , Steven Teppler , Hoyt Kesterson , Jay Brudz , Frank Maas , Lucy Thomson | Although the mock trials are educational and entertaining, their format does not allow for a ... | |
| Monitoring and Filtering Your Child's Web Media Use in our Connected World | Kevin Bong | SynerComm helps enterprises implement controls to manage their employees’ web and social media use, but ... | |
| Assume a Hostile Environment: Securing Mobile Data in the App | Scott Alexander-bown | The large mobile attack surface can be seen as a hostile environment. This presentation will ... | |
| Finding Needles in a Needlestack with Graph Analytics and Predictive Models | Tim Wyatt , Kevin Mahaffey | Good or bad? Security systems answer this question daily: good code vs. malware, legit clients ... | |
| Understanding Geo Cyber Risk | Gregory Rattray | Despite the Internet’s global presence, cyber threats occur within localized environments. Organizations with global footprints ... | |
| Hardware-Level Attacks - Is Detection Possible? | Alfredo Ortega | Today firmware and BIOS-level malware are no longer theoretical. The purpose of this session is ... | |
| Identity & Access Management (IAM) Maturity: A Comparison Across Companies | Caedmon Bear | The need to connect and manage an increasing number of distributed digital identities across organizations ... | |
| Cybersecurity Economics: Tips, Tactics and Tradeoffs | Pete Lindstrom | Cybersecurity Economics is the practice of making decisions about technology-related risk, as constrained by resources ... | |
| Updating the Law on Government Access to Your Online Data | Richard P. Salgado , James Dempsey | The U.S. law covering government access to email and data stored online has been in ... | |
| Mind Over Matter: The Pragmatic, Strong, and Smart Approach to Security | Ammar Alkassar , Kim Nguyen | This session addresses the critical challenges of secure trustworthy applications with respect to Internet threats. ... | |
| Use Anomalies to Detect Advanced Attacks Before Bad Guys Use It Against You | Alexander Watson | Websense Security Labs research reveals new techniques for finding anomalies in application telemetry and error ... | |
| The World of Warbiking through the Streets of San Francisco | Chester Wisniewski , James Lyne | Come hear what happens when two cyber security experts explore just how secure is the ... | |
| Inflection: Security's Next 10 Years | Richard Mogull | We are now deep in the early edge of a major inflection point in security. ... | |
| Roadster Amongst the Tonka Trucks | Michele Guel | The goal is to encourage women to embrace their passion and excel in their fields, ... | |
| New Ideas on CAA, CT, and Public Key Pinning for a Safer Internet | Kirk Hall , Rick Andrews , Wayne Thayer | CAA and Public Key Pinning / HPKP allow websites to advertise which Certification Authorities may ... | |
| Social Gaming: Emerging Regulation (aka"Make Money and Avoid Jail") | Behnam Dayanim | Social gaming is exploding. Unlicensed gambling is prohibited. The boundaries between social casino gaming and ... | |
| Security Career Pro Tips | Jeff Combs | With over 13 years of security recruiting experience, Jeff Combs is an industry thought leader ... | |
| 2nd-Wave' Advanced Threats: Preparing for Tomorrow's Sophisticated Attacks | Nikolaos Triandopoulos | 2nd-Wave' advanced threats are emerging as sophisticated attacks in which attackers change the game they ... | |
| Scaling a Software Security Initiative: Lessons from the BSIMM | Gary Mcgraw | Everybody agrees that code review, architecture analysis and penetration testing are good things to do ... | |
| Privacy as a Growing Risk | Jeff Northrop | New privacy regulations in the EU, increased enforcement action by the FTC and tension around ... | |
| Cultivating the Global Workforce Landscape | Elise Yacobellis , Rae Hayward , Vehbi Tasar | The technology landscape is morphing rapidly, creating a knowledge and skills gap for information security ... | |
| Security Metrics: Can They Be Effectively Measured Across the Enterprise? | Alan Shimel , Andrew Mccullough , Ivana Cojbasic , Jody Brazil | Like every business function, security should be measured. The reality is that most have no ... | |
| Hardware Implementations | Duc-phong Le , Jeroen Delvaux , Vasily Mikhalev | Topic 1: Attacking PUF-Based Pattern Matching Key Generators via Helper Data Manipulation Authors: Jeroen Delvaux ... | |
| Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy | Bryan D. Payne | How does security factor into your selection of an IaaS provider? Do you know how ... | |
| Let Go of the Status Quo: Build an Effective Information Protection Program | Daniel Velez | The status quo of virus scans and dirty word searches no longer make an effective ... | |
| Hacking Exposed: Day of Destruction | George Kurtz , Dmitri Alperovitch | Destructive attacks remain a relatively rare occurrence; however, there is a growing interest among attackers ... | |
| Adventures in Insurance Land – Weaknesses in Risk Pricing and Alternatives | Jamie Gamble , Tim West | Cyber insurance is an over 1B industry and one the fastest growing specialty lines of ... | |
| Buy Candy, Lose Your Credit Card - Investigating PoS RAM Scraping Malware | Chester Wisniewski , Numaan Huq | In today's economy debit/credit card transactions have replaced cash. Payment cards are quick, convenient and ... | |
| A Deep Dive into the Security Threat Landscape of the Middle East | Timothy Rains | The Middle East has seen a number of high profile targeted attacks in the past ... | |
| Securing Boomers, Gen Xers and Gen Yers: Omg We Are So Different! | Todd Fitzgerald | We are in a unique age, where we have 4 generations working alongside each other ... | |
| Hot Topics in Information Security Law 2014 | Ben Tomhave , Peter Mclaughlin , Rebecca Matthias , Richard Abbott | The legal risk and regulatory environment for information security is in a state of constant ... | |
| Neuro-Hacking 101: Taming Your Inner Curmudgeon | Jennifer Minella , Mike Rothman | For self-proclaimed security curmudgeons and anyone else searching for better work/life balance, this session is ... | |
| Touchlogger on iOS and Android | Nathan Mccauley , Neal Hindocha | A major problem for online payments is keyloggers. Now that mobile devices are used for ... | |
| Implementing PCI DSS 3.0 for Success: Challenges and Best Practices | Troy Leach | How is your organization approaching implementation and maintenance of PCI DSS version 3.0 to reduce ... | |
| Privacy Enhancing Technologies: Pipe Dream or Unfulfilled Promise? | Naomi Lefkovitz | The National Strategy for Trusted Identities in Cyberspace envisions an “identity ecosystem” that doesn’t overshare ... | |
| You Shared WHAT?! Risks and Strategies of Securing Employee File Sharing | David Butcher | Employees are self-provisioning a variety of consumer grade file sharing tools to get their jobs ... | |
| Mobile Security in the Enterprise | Nathan King | Creating a mobile security policy and infrastructure in the Enterprise can be a daunting task. ... | |
| Securing Our Nation's Data Centers Against Advanced Adversaries | Mark Weatherford , Robert Carey , Jamie Dos Santos , Richard Schaeffer | In the world of Advanced Persistent Threats, cyber-delivered disruption and destruction of critical data center ... | |
| Implementing a Quantitative Risk-Based Approach to Cyber Security | Scott Borg | A risk-based approach to cyber security can yield credible estimates of annualized expected losses under ... | |
| Intelligence Driven Security | Adam Meyers | Simply securing the enterprise by having the latest in IDS/IPS, Anti-Virus, SIEM and perimeter security ... | |
| The Future of Authentication: Different Approaches to the Same Goal | Bob Blakley , Brett Mcdowell , Michael Barrett , Eve Maler , Mayank Upadhyay | Customer satisfaction and growing online fraud are major factors in driving the uptake of strong ... | |
| Project 2020: Preparing Your Organization for Future Threats … Today | Rik Ferguson | Hear the results of Project 2020, which is an ICSPA initiative, driven by Trend Micro ... | |
| Big Data's Potential in Helping to Secure the Internet of Things | Jim Kobielus | This session addresses the security challenges of IoT. Understand IoT vulnerabilities at the device, application ... | |
| New Foundations for Threat Modeling | Adam Shostack | Everyone knows you ought to threat model, but in practical reality it turns out to ... | |
| Why Cyber Incident Response Teams Get No Respect | Mark Weatherford , Larry Ponemon , Christopher Pierson , Jill Phillips , Thomas Cross | As security breaches continue to plague companies, a great cyber incident response team is essential. ... | |
| Side-Channel Attacks | Thomas Roche , Carolyn Whitnall , Lubos Gaspar | Dueling Banjos - Cloud v Enterprise Security: Using Automation & DevOps NOW | |
| Honeywords: A New Tool for Protection from Password Database Breach | Ronald l. Rivest , Kevin d. Bowers | Is your company next in line to be breached? Password breaches are becoming an everyday ... | IncludeThinkstScapes |
| Gumshoes – Security Investigative Journalists Speak Out | Dan Hubbard , Kevin Poulsen , Brian Krebs , Nicole Perlroth | Financial fraud, advanced malware, APTs, nation state attacks, cyber warfare, they’ve covered it. In this ... | |
| To Regulate or Not to Regulate Cyber Security: That Is the Question | James Lewis , Irving Lachow , Evan Wolff , Paul Rosenzweig | There is growing evidence that the private sector cannot adequately respond to state-sponsored cyber attacks ... | |
| C U SRF with Cross USer Request Forgery | Amichai Shulman | Will present a new, practical type of CSRF, the “Cross USer Request Forgery” (CUSRF, pronounced ... | |
| An Arms Race: Using Banking Trojan and Exploit Kit Tactics for Defense | Ryan C. Barnett , Ziv Mador | During this talk we will show how security products can use hackers' advanced obfuscation tactics ... | |
| Keeping Up with the Joneses: How Does Your Insider Threat Program Stack Up? | Dawn Cappelli , Randall Trzeciak | None of us want our trade secrets taken to a competitor, confidential information exposed, customer ... | |
| Search, Warrants and the Right to Privacy: Are We In Post-Constitutional America? | Andrew d. Peck , John Facciola , Steven Teppler , Frank Maas | What are the American citizens’ expectations of privacy for information generated, transmitted through or stored ... | |
| Security Education for the New Generation | Jacob West , Matt Bishop | How will we educate a new generation of computer scientists on security? We tackle topics ... | |
| Hero to Zero: Can Government Catch-up in Mobility? | Luke Berndt | Government was one of the first enterprises to embrace mobility. However the marketplace has become ... | |
| Training CIRTs for the IRL Trenches | Alissa Torres | The time to realize that your Incident Response team's SOPs are broken is NOT when ... | |
| Baseline Security: A Risk-Based ISMS Implementation | Peter Kunz | Implementing InfoSec policies for a baseline level of protection is one of the key pillars ... | |
| Enterprise IAM Strategies in Banking | Jim Weaver | What are the key components of an IAM strategy in banking? What puzzle pieces do ... | |
| An Overview of the EO Cybersecurity Framework | Matthew Scholl , Kevin Stine , Samara Moore , Peter Allor , Adam Sedgewick | Under Executive Order 13636, Improving Critical Infrastructure Cybersecurity, the President directed NIST to work with ... | |
| Continuous Monitoring with the 20 Critical Security Controls (CSC) | Wolfgang Kandek | The 20 CSC outline a practical approach to implementing security technologies by providing proven guidelines ... | |
| One Step Ahead of Advanced Attacks and Malware | Jon Paterson | Signature-based approaches offer excellent precision and efficiency, but lack the depth needed to protect against ... | |
| Handling Zero Day Disclosures: You're Doing it Wrong | Brian Gorenc , Jewel Timpe | Do you think handling vulnerability disclosures is hard? It shouldn’t be. We share the Zero ... | |
| Security of Large Complex Technical Systems | Marcus Sachs | Early industrial methods of mechanization and automation led to highly complex systems that required new ... | |
| Mobile App Privacy: Gone in 6 seconds | Kevin Watkins | This presentation will demonstrate just how easy app privacy theft is to perpetrate with popular ... | |
| A Penetration Testing Maturity and Scoring Model | Dave Shackleford | What value does pen testing really provide to your organization? What constitutes a “good” pen ... | |
| Hacking Exposed Mobile | Joel Scambray | N/A | |
| Beginners Guide to Reverse Engineering Android Apps | Pau Oliva Fora | Ever wondered what this black magic that hackers and security analysts use to reverse engineer ... | |
| Data-Driven Security (Brand New Book Launch) | Bob Rudis , Jay Jacobs | N/A | |
| Mobile Analysis Kung Fu, Santoku Style | Andrew Hoog , Sebastian Guerrero Selma | Santoku Linux is a F/OSS distro dedicated to mobile forensics, security and malware analysis. This ... | |
| DevOps/Security Myths Debunked | David Mortman , Gene H. Kim , Josh Corman , Nick Galbreath , Dwayne Melançon | As DevOps has become more popular a lot of myths have arisen with regards to ... | |
| Surviving a Security Firestorm: Tales from Those Who've Lived through It | Roland Cloutier , Ronald Woerner , Bill Downes , Kostas Georgakopoulos , Rocco Grillo | Imagine you’re in the middle of a major security breach. What do you do and ... | |
| Symmetric Encryption & Cryptanalysis | Jean-Philippe Aumasson , Vesselin Velichkov | Topic 1: Automatic Search for Differential Trails in ARX Ciphers Authors: Alex Biryukov and Vesselin ... | |
| Let Your Users Go Rogue | Sanjay Beri , Alan Boehme , Arthur Lessard , Mike Kail | Shadow IT is scary! But maybe letting people "go rogue" is a good thing. Join ... | |
| Is the Cloud Really More Secure Than On-Premise? | Bruce Schneier , Wade Baker , John Pescatore , Eran Feigenbaum , Bret Arsenault | Scalability, low cost and fast deployment are attracting organizations to adopt cloud services. But some ... | |
| Castles in the Air: Data Protection in the Consumer Age | Jason Clark , John Johnson | The consumerization of IT (CoIT) involves what Gartner calls the 'Nexus of Forces': Social, Cloud, ... | |
| Hot Topics in Privacy | Michelle Dennedy , J Trevor Hughes , Brendon Lynch , Keith Enright | The explosion of social media, mobile devices and internet sharing has pushed privacy to the ... | |
| Your Product is Made WHERE? | David Doughty | Increasingly companies and governments are focusing on where products are made as a means of ... | |
| Pass-the-Hash: How Attackers Spread and How to Stop Them | Mark Russinovich , Nathan Ide | Pass-the-hash transforms the breach of one machine into a total compromise of infrastructure. The publication ... | |
| Cybersecurity the Old Fashioned Way: Pass Known Good Content | Peter Fonash , Ann Barron-dicamillo , Boyd Fletcher , Brian Done , Thomas Ruoff | This panel will present security benefits of filtering processes in cross domain solution (CDS) technologies ... | |
| It’s Time to Offer Facebook Logon to Your Customers | Daniel Killmer , Kevin Moulton | Fear and uncertainty has ruled decisions to NOT offer Facebook authentication. In this session, we ... | |
| How Good Is Your Predictive Coding Poker Face? | Andrew d. Peck , Steven Teppler , Matthew Nelson | Predictive coding technology is like the poker game Texas Hold ‘em. Both can be risky ... | |
| CANCELLED: Why We Need a Cybermilitia (and How to Get One) | Siobhan Macdermott | The need for comprehensive cybersecurity legislation is obvious and urgent but neither governmental nor business ... | |
| Predatory Hacking of Mobile: Real Demos | Jeff "rfp" Forristal | Sneak behind enemy lines to learn how hackers can grab data off mobile devices. Live ... | |
| The 900 Days: Battles with NAC and Access Control | Jennifer Minella | War stories, roadblocks and recovery plans. In the last 3 years, we’ve dumped volumes of ... | |
| How to Quickly Achieve the HIPAA Compliance Now Required for Most Companies | Michael Mcalpen | HIPAA now covers a surprising swath of businesses. Who is covered? What does achieving compliance ... | |
| Mobile Payments: Winning the Fraud Battle | Rajesh Ramanand | Explore how technologies like single sign in, one-click payments and the disposability of mobile devices ... | |
| Big Data and Hadoop: New Security Challenge | Seshadri Ramaswami | A discussion around the new type of approach necessary in order for organizations to take ... | |
| Meet the PCLOB: An Introduction to the Independent US Privacy and Civil Liberties Oversight Board | Ari Schwartz , James Dempsey , David Medine , Elisebeth Cook , Rachel Brand | The newly formed independent PCLOB began its work in the summer of 2013 only to ... | |
| Raising the Security Bar with Windows 8.1 | Chris Hallum | Windows 8.1 offers a huge leap forward in security by including the largest set of ... | |
| Building a Mystery: Threat Intelligence in Modern Security | Christopher Elisan , Rick Holland , Berk Veral , Andrew Bjerken , Daniel Cohen | Today’s cyber threats make actionable intelligence and intelligence sharing crucial to a new security approach: ... | |
| Threat Centric Security | Martin Roesch | If you knew you were going to be compromised would you do security differently? It’s ... | |
| 10 Dimensions of Security Performance for Agility & Rapid Learning | David Severski , Russell Cameron Thomas | Information security is an innovation arms race. We need agility and rapid learning to stay ... | |
| It’s a Jungle Out There: The Security State of CMS Platforms | Maty Siman | Most likely your organization is using a CMS-based site—whether for blogging, site delivery or user-engagement. ... | |
| Smart Grid Security: A Look to the Future | Gib Sorebo | Drawing on his recently published book, the speaker will discuss the future of security for ... | |
| Social Media Single Sign-On: Could You Be Sharing More than Your Password | Tom Smith | In today’s social media environment, a single sign-on to social sites is quite appealing. However, ... | |
| Foreign Spies and Facebook: The Undeniable Truth | Hila Meller , Menny Barzilay | It is strange to acknowledge that almost every country in the world would like to ... | |
| The Steps Zurich Took to Build an “Effective” Information Security Program | James Shira | This session will present the major challenges of Zurich Insurance Group’s security team and the ... | |
| Using Data Breadcrumbs to ID Targeted Attacks | Dan Hubbard | Without copies, samples or details how can one possibly prevent, contain and inform on targeted ... | |
| Beyond Information Warfare: The History of the Future of Security | Winn Schwartau | We will weaponize it. Humans will soon share Earth with 100B intelligent IP endpoints. We ... | |
| Targeted Security Analytics: You Know Where They are Going. Be Waiting | Andrey Dulkin | As perimeter defenses fail to defend against targeted attacks, the mitigation focus has shifted to ... | |
| DHS Cybersecurity Future Technology : Where We Go From Here | Brendan Goode | This session will focus on understanding the development of the next five-year cybersecurity engineering and ... | |
| Getting Your Security Budget Approved Without FUD | John Dickson | Getting a security budget approved is a challenge, but it is arguably the single most ... | |
| Hijacking the Cloud: Systematic Risk in Datacenter Management Networks | Michael Cotton | This session will focus on the unique security challenges of securing the baseboard management network ... | |
| Third-Party Cyber Security & Data Loss Prevention | Brad Keller , Jonathan Dambrot | While companies may do an effective job of their cyber security and data protection, the ... | |
| Cybersecurity in a World of Borders | Michael Daniel | Most people describe cyberspace as a place with few borders: great for commerce and the ... | |
| Information Security Policy for Users (Not Auditors) | Michael Scheu | Corporate Information Security Policies have grown into unwieldy documents of 50 pages or more. While ... | |
| DLL Side-Loading: A Thorn in the Side of the Anti-Virus (AV) Industry | Amanda Stewart | Advanced Persistent Threat (APT) developers use “DLL Side-Loading” to sneak malware past Anti-Virus (AV) scanners. ... | |
| Learning Malware Languages: Fun with Dick and Jane’s Malware | Terry Nelms | Recognizing the languages of today’s malware families requires an understanding of both their grammar and ... | |
| Helping People Walk the Narrow Path | Markus Jakobsson | While most people are honest, many occasionally stray from the truth, whether when filing taxes, ... | |
| Deciphering the Legal Framework that Governs Online Identity Systems | Tom Smedinghoff | The legal rules that govern online identity systems come from a variety of sources, and ... | |
| Crypto for Constrained Devices – A Talk with Whitfield Diffie | Ray Potter , Whitfield Diffie | Technology continues to get faster, smaller and more deeply integrated. This creates a challenge for ... | |
| OTT, Virtual Carriers and the New Wave of Spam Threats in the 4G/LTE World | Simeon Coney | The rise of new applications and services in the U.S. and globally is unintentionally causing ... | |
| Riding the Tiger – Harnessing the Power of Industry in Cyber Security | Dag Stroman , David Martin | Common Criteria, the widely used international standard for IT product security, is evolving—new technologies, threats, ... | |
| How Joshua DoSed Jericho: Cybersecrets of the Bible | Mary Ann Davidson | “There is nothing new under the sun”— Ecclesiastes. Who knew the Bible is a security ... | |
| Criticality Analysis & Supply Chain: Providing "Representational Assurance" | Daniel Reddy | Acquirers of technology want to know from their suppliers which components are most critical in ... | |
| Integrating Any Smartphone Into Your Mobile ID Strategy | Kevin Gillick | Industry association, GlobalPlatform, details how the secure element, smart card and trusted execution environment are ... | |
| Tinker Bell SSL: Avoiding the Neverland Security Infrastructure | Errol Lloyd | Too much of a good thing can be bad for your security infrastructure; specifically high ... | |
| Break That Code Trivia Game | Hugh Thompson | Join Hugh Thompson as he hosts a security themed trivia game in The Sandbox! Show ... | |
| Cybersecurity Framework: A Practical Guide to Manage Cybersecurity Risk | Roberta Stempfley , Kevin Stine , Samara Moore , Ronald S. Ross , Robert Kolasky , Chris Boyer , Scott Saunders | The Cybersecurity Framework offers a prioritized, flexible, repeatable, performance-based and cost-effective approach to managing cyber ... | |
| TweetUp: Security & Privacy | Mark Stanislav , Brian Honan | Join us for a TweetUp at the Social Command Center (Moscone North/South Hallway) on Wed ... | |
| The FBI and the Private Sector: Closing the Gap in Cyber Security | James Comey | Director Comey will discuss cyber threats to our national security. We have made great strides, ... | |
| Stop Looking for the Silver Bullet: Start Thinking Like a Bad Guy | Art Gilliland | Organizations worldwide spent approximately $46B on cyber security in 2013, but successful breaches increased 20% ... | |
| Watching the Watchers: Privacy Officers Inside the U.S. Government | Ari Schwartz , Alexander Joel , Erika Brown Lee , Karen Neuman | The NSA revelations have sparked renewed interest in who is overseeing privacy inside the federal ... | |
| Operation Full Circle | Michael Fey | Intel Security's McAfee GM of Corporate Products & Worldwide CTO, Michael Fey, will present the ... | |
| Android Security Cookbook | Scott Alexander | N/A | |
| The Future of Security | Stephen Trilling | How do you stop a motivated attacker who has unlimited resources from compromising your enterprise’s ... | |
| Cyber Warfare 2E | Jason Andress | N/A | |
| The Boy Who Played with Fusion | Taylor Wilson | Taylor Wilson’s keen interest in science sparked at any early age. From the construction of ... | |
| Using Automated Cyber Threat Exchange to Turn the Tide against DDOS | Phyllis Schneck , Peter Fonash , Richard Struse , Joseph Demarest , Mark Clancy | The FS ISAC, the IT sector and the Federal Government have been working together to ... | |
| RESTing on Your Laurels Will Get You Pwned | Alvaro Muñoz , Abraham Kang | Public REST APIs have become mainstream. Now, almost every company that wants to expose services ... | |
| Cybersecurity: An Innovative Approach to Advanced Persistent Threats | Brent Conran | Understand the nature and evolution of APTs and why it is so difficult to deal ... | |
| Education and Engaging the C-Suite on Cybersecurity | Roland Cloutier , Michael Kaiser , Bill Coleman , Jenny Menna | Many small and medium companies often lack the resources and tools to protect against the ... | |
| End-to-End Analysis of a Domain Generating Algorithm Malware Family | Jason Geffner | Select malware families have used Domain Generating Algorithms (DGAs) over the past few years in ... | |
| Digital Signatures | Benoit Libert , Sherman s.m. Chow , Essam Ghadafi | Topic 1: Group Signatures with Message-Dependent Opening in the Standard Model Authors: Benoit Libert and ... | |
| Oh the PaaSabilities, Security in a Platform as a Service World | David Mortman | PaaS makes developers (and possibly operations) lives much easier. But what are the security implications ... | |
| Security vs. Privacy: Who is Winning? | Christopher Pierson , James Shreve | What is more important “Security” or “Privacy”? Surveillance, information sharing, website collection, merged media everywhere ... | |
| Public Cloud Security: Surviving in a Hostile Multitenant Environment | Mark Russinovich | The rise of public cloud computing has brought with it a new set of security ... | |
| Buyer Beware: How to Be a Better Consumer of Security Maturity Models | Julia Allen , Nader Mehravari | Maturity models are effective tools for improving an organization’s security capabilities and outcomes. But knowing ... | |
| Too Critical to Fail: Cyber-Attacks on ERP, CRM, SCM and HR Systems | Mariano Nunez | They run your business-critical processes and store your most sensitive information. However, you were told ... | |
| Cloud Ninja: Catch Me If You Can! | Rob Ragan , Oscar Salazar | What happens when computer criminals start using friendly cloud services such as Dropbox, Google Apps, ... | |
| Changing User Behavior: The Science of Awareness | Aaron Higbee , Lance Spitzner , Kati Rodzon , Frank Dimina | Humans are a creature of habit. Understanding the way users think and react is vital ... | |
| Dueling Perspectives: “Rules of the Road” or “Rule of Law” for Cyberspace | James Lewis , Catherine Lotrionte , Steven Chabinsky , Ary Brown , John Mallery | While cyber conflicts are likely to become more frequent and intense, events have outpaced the ... | |
| Android Security - Building a Secure Open Source Platform | Adrian Ludwig | Android has introduced a new model for securing a computing platform. This talk by the ... | |
| How Was Your Migration to RSA 2048-Bit? | Errol Lloyd | Did you complete your digital certificate migration to RSA 2048-bit? Are you still migrating internally? ... | |
| How to Overcome Security Challenges of Doing Business in China | Paul Harjung | Doing business in China can present unique IT security challenges. In this P2P session, attendees ... | |
| The Privileged User Discussion: Security Enforcer or Threat? | Roger Bache | Privileged Users are one of the greatest risks an organization faces today. Because of the ... | |
| “All About the Data”: Security Information and Event Analysis – Move from a Qualitative to Quantitative Approach | Corey Epps | Qualitative assessments of security risks are not as compelling as statistics on attacks detected, contained ... | |
| Cyber Legislation: National Security & Corporate Responsibility Collide | Robert F. Lentz , Clete Johnson , Adam Sedgewick , Byron Acohido , Ryan Gillis | Where does national security intersect with corporate responsibility, and should Washington push for legislation to ... | |
| Not Go Quietly: Surprising Strategies and Teammates to Adapt and Overcome | Josh Corman , David Etue | Nearly every aspect of our job as defenders has gotten more difficult and more complex—escalating ... | |
| Oh the Humanity! Building Reliable Cultural Firewalls | Lance Hayden | Security is a cultural as much as technological challenge. Culture is defined as shared values ... | |
| Is the Security Industry Ready for SSL Decryption? | John W. Pirc , David Desanto | This session will uncover research findings regarding issues with on-board SSL decryption with next generation ... | |
| Key Trends in Security: The Venture Capitalists' View | Joseph Menn , David Cowan , Asheem Chandna , Ray Rothrock | In this session, three distinguished venture capitalists from Bessemer, Greylock and Venrock will discuss the ... | |
| Words Matter: Eschew Obfuscation, Espouse Elucidation | Sari Greene | The language of security is replete with technical jargon, confusing acronyms, inconsistent terminology and negative ... | |
| Security by and for the People! | Joshua Davis , Leslie Lambert | Security by and for the people! Data protection and security awareness have amped up by ... | |
| The Game of Hide and Seek, Hidden Risks in Modern Software Development | Ryan Berg | Today's modern software is no longer written, it's assembled. It's time to take a hard ... | |
| iOS Security: The Neverending Story of Application-Security | Adi Sharabani , Yair Amit | iOS is probably the most security mobile operating system nowadays. However, is it enough? Last ... | |
| Protocols | Sarah Meiklejohn , Kaoru Kurosawa , Qiong Huang | Topic 1: Rethinking Verifiably Encrypted Signatures: A Gap in Functionality and Potential Solutions Authors: Theresa ... | |
| The Boundary Between Privacy and Security: The NSA Prism Program | Jim Harper , Omer Tene , Chris Hoofnagle , Mary Ellen Callahan | Is there a reasonable expectation of privacy, even in issues of national security? In the ... | |
| 50 Shades of Security: Whipping Your Users Into Submission | Ira Winkler | While admittedly the title of this presentation started as a joke, the reality is that ... | |
| Measurement as a Key to Confidence: Providing Assurance | Robert Martin , Ron Ross , Sally Long , Daniel Reddy , Helmut Kurth | Providing security assurance relies on programs, schemes and assessors specifying and performing appropriate measurements. These ... | |
| Bitcoin Is Here: How to Become a Successful Bitcoin Thief!!! | Etay Maor , Uri Rivner | OK folks. You’ve all been hearing about Bitcoin—and now it’s time to leverage this amazing ... | |
| Whose IP Is It Anyway: Tales of IP Reputation Failures | Michael Hamelin | Throughout the history of security we've used many forms of reputation to identify adversaries. The ... | |
| Social Engineering: When the Phone is More Dangerous than Malware | Chris Hadnagy , Michele Fincher | Is social engineering (SE) the most dangerous security threat to your business? The Social-Engineer team ... | |
| Hackback? Claptrap! - An Active Defense Continuum for the Private Sector | Randy Sabett , Stewart a. Baker , James Denaro , Steven Chabinsky , Irving Lachow | Many commentators take a binary approach to active cyber defense (“hacking back”)—that it’s either OK ... | |
| Practical Attacks against MDM Solutions (and What Can You Do About It) | Michael Shaulov | How are mobile cyber-espionage attacks carried out? In this engaging session, we will show how ... | |
| International Data Breach Response | Ellen Giblin | Conversation will guided by Privacy Counsel’s experience in managing an international data breach spanning 34 ... | |
| SCADA Success Stories | Peter Lunk | SCADA and Industrial Control System security is becoming more important in the wake of Stuxnet ... | |
| Threat Modeling: How Do You Define It? How Do You Use It? | Dan Klinedinst | There are many different approaches to threat modeling: methodologies, visual attack graphs, red teaming, security ... | |
| Security Risk Assessments of Third-Party Service Providers | Robert Shullich | A common method in assessing risk about a third-party and their security practices is to ... | |
| Government x 2: State and Federal Collaboration on Cybersecurity | Cheri Caddy , Dan Lohrmann , Mike Sena , Tom Maclellan | Cybersecurity requires a unique—and challenging!—degree of collaboration among different government offices, particularly when responding to ... | |
| Bad Romance: 3 Reasons Hackers Love Your Web Apps & How to Break Them Up | Jd Sherry | Increased complexity & access to personal data has made web apps a prime target for ... | |
| Mutiny on the Bounty: The Epic Tale of How Data Defeated Dogma | Katie Moussouris | Nobody believed it would ever happen, yet in 2013 Microsoft launched not 1 but 3 ... | |
| How Microsoft IT "Does" Data Protection | Laura Hunter | In this informative and entertaining session, come and hear from a real-world architect within Microsoft's ... | |
| Make Way for the Internet of Things | Benjamin Jun | The coming wave of smart, connected “things” will explode your organization’s endpoints by a factor ... | |
| Should a National Cyber Safety Board Be Created to Help Report on Breaches? | Alex Hutton , Adam Shostack , Harry Sverdlove , Chris Wysopal , Jacob Olcott | When will the number of breaches per year start to come down and what will ... | |
| Security Business Intelligence– Big Data for Faster Detection/Response | Stacy Purcell | Intel’s Security Business Intelligence platform is a game changer for Intel’s security team. Our custom ... | |
| Hunting for OS X Rootkits in Memory | Cem Gurkok | The OS X Kernel has been increasingly targeted by malicious players due to the shrinking ... | |
| How We Implemented Security in Agile for 20 SCRUMs- and Lived to Tell | Yair Rovek | Not conforming to the traditional SDLC model, Agile sounds like a security nightmare. We opened ... | |
| Where in the World is xn--80atbrbl6f.xn--p1ai? | Chris Larsen , Tim Horst | Internationalized Domain Names (IDNs) allow registration and use of domains using non-ASCII characters. They have ... | |
| The PRNG Debate | Dan Boneh , Paul Kocher , Bart Preneel , Adi Shamir , Dan Shumow | Several high profile failures of Pseudo-Random Number Generators have recently been reported. In this panel ... | |
| The Future of Exploits, Developing Hidden C&C and Kittens | James Lyne | Writing an exploit to deploy malware with C&C to exfiltrate data. Have you ever seen ... | |
| Ending Risk Management Groundhog Day | Jack Jones | Ever wonder why risk management can make you feel like Bill Murray in the movie ... | |
| Turning Medical Device Hacks into Tools for Defenders | Jamie Gamble , Tim West | Much has been done to highlight weaknesses in medical devices in the past years. To ... | |
| How Microsoft, FS-ISAC & Agari Took Down the Citadel Cybercrime Ring | John Wilson , Patrick Peterson , Errol Weiss , Richard Boscovich | A global cybercrime ring was dealt a serious blow in June when over 1,500 command ... | |
| How to Catch an Insider Data Thief | Jonathan Grier | Insider data theft leaves no broken windows, making traditional forensics blind. But you can still ... | |
| Is the Liberty Reserve Money Laundering Case the New Face of Cyber Crime? | William Rogers , Eduard Goodman , Joseph Burton , Macdonnell Ulsch | The Rising Implications of Crypto-Currency in Crime and Commerce. The cyber criminal enterprise is increasingly ... | |
| Why Mobile Should Stop Worrying and Learn to Love the Root | Andrew Hoog | IT departments are locked out of mobile devices without rooting or jailbreaking them, a serious ... | |
| Not Playing Nice in the Sandbox; The Latest in Malware Evasion Techniques | Jeff Debrosse | Attendees will discuss the latest and greatest in sandbox evasion, research and detection techniques. Join ... | |
| Workshop on the Proposed NIST Cybersecurity Framework | Lawrence Dietz | This workshop will give participants a chance to evaluate the good, bad and the ugly ... | |
| U.S. and E.U. Competition to Regulate the Emerging Global Identity Architecture | Jane Winn | The convergence of various technical and business identity management models is fueling the emergence of ... | |
| Information Security Supply Chain - You, Your Partners and Nation States | James Deluccia | The interdependency of industry and technology has resulted in general real concern of trusting third ... | |
| Cyber Battlefield: The Future of Conflict | Dmitri Alperovitch , James Lewis , Jason Healey , Martin Libicki , Tom Corcoran | Panel of leading experts in the field will explore complex policy issues of conflict in ... | |
| Why SSL Is Better Than IPsec for Fully Transparent Mobile Network Access | Aidan Gogarty | Meet head on the challenge of secure remote access from anywhere, anytime. This presentation demonstrates ... | |
| EMM, Delivering Security Without Compromising the User Experience | Brian Robison | Securing Information with an Enterprise Mobility Management (EMM) solution for either personal or company issued ... | |
| Attacking Trust – The Next Evolution in Cyber Weaponry | Merike Kaeo , Jim Routh , John Kindervag , Kevin Bocek , Katie Bowen | Cybercrimals are fast learners. Adversaries have raced to build on powerful blueprints laid out in ... | |
| Where Do We Go from Here, Now That Our Internet Is Gone? | Rafal wh1t3rabbit Los , Benjamin Jun , Daniel Houser , David Melnick , Erik T Heidt | What should the answer be for the security practitioner in a post-Snowden world, where we ... | |
| The "Fog of More" - A CyberSecurity Community Challenge | Tony Sager | As defenders, we have many resources: tools, technology, information, processes. But this leads to a ... | |
| SDN & Security: Why Take Over the Hosts When You Can Take Over the Network | Robert Hinden | Software Defined Networks (SDN) is the new hot networking technology that is taking the network ... | |
| Network Security Smackdown: Which Technologies Will Survive? | Christofer ( Hoff ) Hoff , Jon Oltsik , Bret Hartman , Martin Brown | We will have a lively debate on the future of network security. If you’re in ... | |
| Utilizing Threat Indicators & Context to Improve Security Response | John W. Pirc , Howard Schmidt , Phil Porras , Srinivas Kumar | The holy grail of security is knowledge of which attacks are targeting my organization and ... | |
| A Comfy Couch for Critical Assets | Todd Inskeep | Many organizations struggle to prioritize security elements to protect critical assets—why? Because they have failed ... | |
| A Human Factor Interface for SIEM | Bettina Wesselmann , Johannes Wiele | By correlating security log data from security devices with other security-related information, SIEM provides means ... | |
| Follow the Money: Security Researchers, Disclosure, Confidence and Profit | Carsten Eiram , Jake Kouns | If you want to understand security research and disclosure, just like in several other industries, ... | |
| viaForensics' Study Tracks Mobile App Data Security (viaForensics) | Andrew Hoog | Join viaForensics CEO Andrew Hoog as he discusses a 2014 study of application data and ... | |
| Fun with Proxmark3 | Daniel Ayoub | The Proxmark3 is a tool that enables the user to read, encode and emulate RFID ... | |
| Why AWS CloudHSM can Revolutionize AWS | Oleg Gryb , Subra Kumaraswamy , Todd Cignetti | As of today, a traditional mindset towards cloud environments can be formulated shortly as "we ... | |
| Is Your Browser a User Agent, or a Double Agent? | Mike Shema | Privacy shouldn't be an afterthought in the browser. Data security within web and mobile apps ... | |
| Privacy Reboot | J Trevor Hughes | Why should the security profession care about privacy? Is privacy the enemy of security? Do ... | |
| Reboot Your IT Threat Risk Assessment (TRA) Process in 20 Minutes | Olasupo Lawal | IT Threat Risk Assessments are important in reducing risks by ensuring that “security” is baked ... | |
| Hacking iOS on the Run: Using Cycript | Sebastian Guerrero Selma | Cycript is a javaskript interpreter which also understands Objective-C syntax. The goal will be to ... | |
| Disrupting the Progression of a Cyber Attack | Dwayne Melançon , Brian Honan | Before medieval marauders had any hope of capturing the castle, they first had to overcome ... | |
| Malicious Acrobatics on Social Media | Zejin Ding | Online social networks are dangerous places for users, as more attacks and malicious dimensions have ... | |
| Data Breach Resolution for Insurance Carriers | Paul Paray | This session will discuss a variety of actual data breach incidents involving insurance company clients. ... | IncludeThinkstScapes |
| Rogue Mobile Apps: Nuisance or Legit Threat? | John Lacour | With millions of mobile apps available and tens of thousands being released every month, it ... | |
| View from the Inside: DHS Priorities in Cybersecurity | Phyllis Schneck , Suzanne Spaulding | Suzanne Spaulding serves as Acting Under Secretary for the National Protection and Programs Directorate (NPPD). ... | |
| Lean Hacking: How Attackers Are Doing More with Less and How to Stop Them | Paul Judge | Lean is a popular approach in building startups. Hackers are learning to be lean as ... | |
| Babel Revisited: Lessons from an IPv6 Transition | Steven f. Fox , Jeffrey Wiley | The IRS orchestrated the documentation and implementation of IPv6 security requirements despite organizational and contractual ... | |
| Economic Impact of PRISM on Cloud Services & Safe Harbor | Craig Spiezle | In light of recent high profile events and news including WikiLeaks, NSA Prism as well ... | |
| Unmasking the Social Engineer and Social Engineering | Chris Hadnagy | N/A | |
| Little Bets: How Breakthrough Ideas Emerge from Small Discoveries | Peter Sims | Sims demonstrates that the linear problem-solving we were conditioned to embrace, actively thwarts creativity. Rather, ... | |
| Hacking Web Apps | Mike Shema | N/A | |
| The New Model of Security | Christopher Young , Padmasree Warrior | The pace of change in technology is accelerating and security is no different, with attackers ... | |
| The Cloud – Security Nightmare or Our Next Great Hope? | Philippe Courtot | Security professionals in general distrust the cloud—losing control, fly-by-night third party solutions, privacy and surveillance. ... | |
| The Privacy Engineer's Manifesto: Getting From Policy to Code to QA Value | Michelle Dennedy , Jonathan Fox | N/A | |
| State of the Hack: One Year after the APT1 Report | Kevin Mandia | The exposure of one of the world’s most prolific cyber espionage groups known as APT1 ... | |
| A Fierce Domain: Cyber Conflict, 1986 to 2012 | Jason Healey | N/A | |
| The Story of charity: water | Scott Harrison | Seven years ago Scott Harrison started charity: water with a mission to bring clean drinking ... | |
| Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats and Blackhatonomics: An Inside Look at the Economics of Cybercrime | John W. Pirc | N/A | |
| Malware Under the Hood – Keeping your Intellectual Property Safe | Mike Kendzierski , Marion Marschalek | The power of Reverse Engineering and Forensics can help keep your Intellectual Property safe from ... | |
| Software Liability?: The Worst Possible Idea (Except for all Others) | Jake Kouns , Josh Corman | While many had hoped that market competition would influence security improvements, customers are forced to ... | IncludeThinkstScapes |
| The Current State of Automotive Security | Chris Valasek | As automobiles become more connected, thoughts go towards their vulnerability to attack by malicious actors. ... | |
| Hash Function Cryptanalysis | Yu Sasaki , Gaoli Wang , Pierre Karpman | Topic 1: Analysis of BLAKE2 Authors: Jian Guo, Pierre Karpman, Ivica Nikolić, Lei Wang and ... | |
| Secure Cloud Development Resources with DevOps | Andrew Storms , Eric Hoffmann | Adoption of cloud resources by development teams has created a security problem. The self-service and ... | |
| Walking the Security & Privacy Talk; Moving from Compliance to Stewardship | Michael Hammer , Rick Andrews , Craig Spiezle , Jeff Wilbur | As privacy and security concerns mount compounded by big data, big losses and big challenges, ... | |
| Risky Business: Managing Risk across Industries in Today’s Global Economy | Christopher Mcclean , Larry Jensen , Russ Paulsen , Scott Knowles | Today’s headlines are rife with stories of security breaches, which have changed the way we ... | |
| Technical Metrics Aren’t Enough: 10 Strategic Security Measures | Julia Allen , Lisa Young | Learn how 10 strategic security measures, tied to business objectives, are more effective than tactical ... | |
| Hunting Mac Malware with Memory Forensics | Andrew Case | While Mac systems have historically been ignored during targeted attacks, within the last year these ... | |
| Operation Olympic Games Is the Tom Clancy Spy Story that Changed Everything | Richard Howard | The use of cyber weapons against the Iranian nuclear program changed the cyber landscape forever. ... | |
| The Social Networking Battleground: Growth vs. Security | Paul Judge | Social networks are popular for users and attackers. The demand for fast growth and high ... | |
| Practical Legal Aspects of BYOD | Lawrence Dietz , Francoise Gilbert | The exploding use of employee owned devices in the workplace is fraught with legal uncertainty. ... | |
| Lessons Learned from Physical Tamper-Response Applied to Client Devices | Ryan Lackey , Eric Michaud | Physical tamper-evidence and tamper-response can be applied to client devices (cellphones, tablets, laptops), particularly to ... | |
| Leading Cybersecurity: Technically Sexy, Programmatically Dowdy | Mischel Kwon , David Stender , Darren Van Booven , Vance Hitch | Continuous Monitoring in the Federal Government has broadened the security leaders’ job. CISO’s manage attack ... | |
| Eight Conflicts Which Changed Cyberspace | Jason Healey | The history of cyber conflict has been long ignored, leading us to make repeated mistakes. ... | |
| Utilities and Cybersecurity - Myth and Reality | Nadya Bartol , Scott Saunders , Doug Mcginnis , Michael Phillips | Is it true that the control systems that run our power grid are accessible from ... | |
| The Disaster Experts: Mastering Risk in Modern America | Scott Knowles | N/A | |
| Collaboration across the Threat Intelligence Landscape | Merike Kaeo | Varying islands of sharing exist that include industry regulatory organizations, structured executive CISO groups, global ... | IncludeThinkstScapes |
| Writing Secure Software Is Hard, but at Least Add Mitigations! | Simon Roses Femerling | The fact is that writing secure software is hard but modern compilers (Visual Studio, GCC ... | IncludeThinkstScapes |
| Stepping P3wns: Adventures in Full Spectrum Embedded Exploitation & Defense | Ang Cui , Michael Costello , Salvatore Stolfo , Jatin Kataria | We will present two demonstrations of exploitation and defense of embedded devices like printers, phones ... | |
| Applications of Cryptographic Primitives | Dmitry Khovratovich , Gareth T. Davies | Topic 1: KDM Security in the Hybrid Framework Authors: Gareth T. Davies and Martijn Stam ... | |
| Applying Cryptography as a Service to Mobile Applications | Peter Robinson | Deploying cryptographic keys on vulnerable end points such as mobile phones is risky. This presentation ... | |
| BYOD: An Interpretive Dance | Ellen Giblin , Constantine Karbaliotis | IT departments are being faced with an increasing demand for use of personal devices, to ... | |
| We Are All Intelligence Officers Now | Dan Geer | The concerns only of NSA in 1983 (the TCSEC/Orange Book year) are now the concerns ... | |
| Visualize This! Meaningful Metrics for Managing Risk | David Mortman , Alex Hutton , Caroline Wong , Jack Jones , John Johnson | Metrics are incredibly useful and a critical input for making risk decisions, but finding the ... | |
| Now You See Me – Attacks with Web Server Binaries and Modules | Vanja Svajcer | The session covers targeted attacks on Apache and other web servers such as nginx and ... | |
| They Did What?!? – How Your End Users Are Putting You at Risk | Mike Seifert | Informed users make better decisions. Your users can be social engineered and enable cyber crime. ... | |
| How to Make a Security Awareness Program FAIL! | Winn Schwartau | Security Awareness is often integral to a good security program. But is it worth it? ... | |
| Cyber Legislation & Policy Developments 2014 | Michael Aisenberg | Congress, government agencies, standards bodies and foreign nations all have developed new laws, regulations and ... | |
| Mobile Application Assessments by the Numbers: A Whole-istic View | Dan Cornell | Typically, mobile application assessments myopically test only the software living on the device. However, the ... | |
| Risk and Responsibility in a Hyper-Connected World | Chris Rezek , James Kaplan | Findings and perspective on the current state of the cyber security challenge and three potential ... | |
| A CISO's Perspective: Protecting with Enhanced Visibility and Response | Jay Leek | Most organizations are heavily focused on building taller wider walls thinking they can keep the ... | |
| Building and Extending Solutions with Hardware Trust | Steve Orrin , Doug Austin | CSC is extending our infrastructure and end-user solutions to incorporate hardware trust. This session will ... | |
| Securing Smart Machines: Where We Are, Where We Want to Be, and Challenges | Tadayoshi Kohno , Akshay Aggarwal , Dan Guido , Laura Berger | Using recent examples, panelists will examine the security challenges companies face when adding connectivity to ... | |
| Information Exchange on Targeted Incidents in Practice | Freddy Dezeure | Information exchange of IOC/TTPs used in targeted attacks is key to detecting intrusions earlier and ... | |
| Seven Habits of Highly Effective Security Products | Sandra Carielli | Time after time, we see security products not fully leveraged, used incorrectly, or end up ... | |
| Syrian Electronic Army: Their Methods and Your Responses | Ira Winkler | Having helped organizations respond to Syrian Electronic Army (SEA) attacks, we learned about their methods. ... | |
| Cloud Application Security Assessment, Guerilla Style | Adam Willard , Mark Orlando | This session will outline a low cost, non-intrusive “guerilla style” security assessment approach for cloud-based ... | |
| How to Discover if your Company's Files are on a Hacker's Shopping List | Christopher Burgess | In the 2013 Intellectual Property (IP) Commission report the U.S. is believed to have lost ... | |
| What Is Going on at NSA These Days | Richard George | As a former NSA insider, the speaker will focus on some of the stories about ... | |
| The Dichotomy of the System Administrator | Cliff Neve | Organizations spend a lot of time focusing on APTs and the lack of education of ... | |
| Eyes on IZON: Surveilling IP Camera Security | Mark Stanislav | If you have an IP camera at home or work, you may have wondered, "How ... | |
| A Hacker’s Perspective: How I Took Over Your City’s Power Grid | Andrew Whitaker | This war story session will share the techniques our penetration testing team has used in ... | |
| Top Attacks in Social Media | Gary Bahadur | How does a company protect itself and protect customer data from social media attack vectors? ... | |
| Applying International Law to Cyber Warfare | Jason Thelen | The Tallinn Manual answered a critically unanswered question “When is a cyber attack an act ... | |
| Smartphone Privacy | Daniel Ayoub | In this session, we will explore the permissions users often unknowingly grant on their smartphones ... | |
| Effects of Recent Federal Policies on Security and Resiliency Landscapes | Nader Mehravari | Recent executive orders, presidential policy directives and federal agency activities are affecting strategies and practices ... | |
| The Role of a Cyber Mercenary | Gunter Ollmann | Focusing on the evolution of information warfare specialists and their increasingly valuable role within mercenary ... | |
| Malware Defense Integration and Automation | Robert Fry | Demonstrate the value of Netflix's Open Source initiative FIDO (Fully Integrated Defense Operation) and how ... | |
| When Worlds Collide – the Fusion of Cloud and Embedded | Tim Skutt | The fusion of Cloud and Embedded has huge potential for transforming systems. This fusion brings ... | |
| Hugh Thompson and Guests | Hugh Thompson | Security guru and bestselling author Dr. Herbert “Hugh” Thompson has seen it all—hacked voting machines, ... |