Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Schedule: Bridging business and security sessions

9:05–9:35 Thursday, 10 November, 2016
Location: Auditorium Level: Non-technical
Katie Moussouris (Luta Security)
Average rating: ****.
(4.67, 9 ratings)
Katie Moussouris, Founder & CEO, Luta Security Read more.
11:20–12:00 Thursday, 10 November, 2016
Location: G106/107 Level: Beginner
Emily Schechter (Google)
Average rating: ****.
(4.20, 5 ratings)
HTTPS is no longer only for sensitive sites; it’s a critical piece of the web user experience and necessary for the long-term health of the Web. Google is methodically hunting and tackling major hurdles for TLS adoption to guide the Web toward HTTPS everywhere. Emily Schechter shares lessons learned on the road to ubiquitous HTTPS, focusing on the benefits of HTTPS. Read more.
14:10–14:50 Thursday, 10 November, 2016
Location: G106/107 Level: Intermediate
Stein Inge Morisbak (Bekk Consulting AS), Erlend Oftedal (Blank Oslo)
Average rating: ***..
(3.50, 2 ratings)
In a world of continuous everything, each discipline has to find ways to provide value fast and reliably—whether it's business people adapting to an ever-changing world, developers delivering software many times per day, or operations providing high-availability infrastructure in an instant. Stein Inge Morisbak and Erlend Oftedal explore how to integrate security into this work stream. Read more.
15:50–16:30 Thursday, 10 November, 2016
Location: G106/107 Level: Intermediate
Stephen de Vries (ContinuumSecurity)
Average rating: *****
(5.00, 2 ratings)
Current approaches to threat modeling emphasize manual analysis by trained teams, which can result in a bottleneck in the development process, reducing the appeal of performing this activity. Stephen de Vries presents a technique that uses reusable risk patterns to open the door to automated and scalable threat modeling. Read more.
16:45–17:25 Thursday, 10 November, 2016
Location: G106/107 Level: Non-technical
Jessy Irwin (Jessysaurusrex)
Average rating: ****.
(4.33, 3 ratings)
It happens to every security team: after explaining operational security to management, it feels like nothing stuck. Why do eyes glaze over when we talk about encryption? How can we make sense of defense in depth for others? Jessy Irwin shows you how to find common ground and truly share security with nontechnical users, helping better communicate the mindset behind security. Read more.
11:20–12:00 Friday, 11 November, 2016
Location: G106/107 Level: Non-technical
Chiara Rustici (Independent)
Average rating: ***..
(3.00, 2 ratings)
Security teams fought hard to get board attention and budget. Often they own the privacy/GDPR brief too, allocated to them as an afterthought. Chiara Rustici explains why it is impossible for GDPR implementation to go ahead unless the board has given a clear data business model and helps escalate the personal data cost/benefit equation to the C-suite. Read more.
13:15–13:55 Friday, 11 November, 2016
Location: G106/107 Level: Intermediate
Wayne Anderson (Avanade)
Global business offerings face a more complex regulatory environment than ever before. Wayne Anderson shares lessons learned from a multiyear program build to translate regulations and compliance obligations into practical security controls. Read more.
14:10–14:50 Friday, 11 November, 2016
Location: G106/107 Level: Intermediate
Dan Amiga (Fireglass), Dor Knafo (Fireglass)
Average rating: ***..
(3.50, 4 ratings)
Isolation is a new approach to security that is gaining momentum across many industries. Dan Amiga and Dor Knafo cover the important things you need to know about isolation: why now, how isolation can improve productivity, detection versus isolation, technologies, different approaches, caveats, evaluation criteria, live demos, and deployment strategies into the existing IT security environment. Read more.
15:50–16:30 Friday, 11 November, 2016
Location: G106/107 Level: Beginner
Don Bailey (Lab Mouse Security)
Average rating: *....
(1.00, 3 ratings)
We're all sick of hearing it. Day after day, another "junk hack" pops up in the news. The stories are tiring and repetitive, but what is a blue team to do? Don Bailey explains that defense in the IoT is less about the technology and more about the process of deploying, monitoring, and maintaining technology. With a well-defined set of processes, we can antiquate the concept of junk hacking. Read more.
16:45–17:25 Friday, 11 November, 2016
Location: G104/105 Level: Intermediate
Shannon Yavorsky (Kirkland & Ellis LLP)
Average rating: ****.
(4.00, 1 rating)
The failure of a target company to comply with applicable privacy and data security legislation, regulations, and standards can present a significant risk to the acquiring company. Shannon Yavorsky explains why understanding a target’s data privacy and data security profile has become a critical consideration in M&A transactions. Read more.
16:45–17:25 Friday, 11 November, 2016
Location: G106/107 Level: Non-technical
Nav Jagpal (Google)
Average rating: ****.
(4.00, 3 ratings)
Google’s Safe Browsing team obtains an outsider’s perspective of their systems by engaging with a spectrum of adversaries and allies. Nav Jagpal shares a combination of fun stories and lessons learned and offers recommendations on how to design systems and develop policies to deal with spectrums of behavior. Read more.