Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Schedule: The human element sessions

Add to your personal schedule
11:20–12:00 Thursday, 10 November, 2016
Location: G102 Level: Non-technical
Guy Podjarny (Snyk)
Average rating: *****
(5.00, 2 ratings)
From Heartbleed to ImageTragick, vulnerabilities in open source are repeatedly shaking the Web. But who is responsible for fixing these issues? OSS is a community feat, and so must securing it be. Guy Podjarny discusses the roles for authors, consumers, and tools in keeping open source secure. Read more.
Add to your personal schedule
13:15–13:55 Thursday, 10 November, 2016
Location: G102 Level: Non-technical
Average rating: ****.
(4.50, 2 ratings)
Why do certain devices, programs, or companies lead to utter frustration while others consistently delight us? What can we learn from these insights when dealing with human behavior related to security? Jelle Niemantsverdriet explores user-centered design methods in other disciplines like economy, psychology and marketing that can help us build security in a truly usable way. Read more.
Add to your personal schedule
14:10–14:50 Thursday, 10 November, 2016
Location: G102 Level: Non-technical
Kyle Rankin (Final, Inc.)
Average rating: ****.
(4.33, 3 ratings)
Capture the Flag tournaments have long been used to test hacker skills, but they can also serve as effective security training for developers. Kyle Rankin shares a case study where he turned teams of developers with no prior security training against each other in a CTF arena featuring their own applications and watched them rack up points as they popped shells in each other's applications. Read more.
Add to your personal schedule
15:50–16:30 Thursday, 10 November, 2016
Location: G102 Level: Non-technical
Brendan O'Connor (Malice Afterthought, Inc.)
Average rating: ****.
(4.00, 3 ratings)
Security people are "only members of the public who are paid to give full-time attention to duties which are incumbent on every citizen in the intent of the community welfare," but often the relationship between security and everyone else is fraught. Brendan O'Connor explores how another group charged with protecting everyone handled this problem with humor, kindness, and a commitment to service. Read more.
Add to your personal schedule
16:45–17:25 Thursday, 10 November, 2016
Location: G103
Dan Kaminsky (White Ops)
Average rating: *****
(5.00, 4 ratings)
Hacking is a game, and defense both makes the rules and is under no particular obligation to play fair. So cheat. Dan Kaminsky explores better ways to deploy cryptography, protect data, leverage clouds, and more. Read more.
Add to your personal schedule
13:15–13:55 Friday, 11 November, 2016
Location: G102 Level: Non-technical
Katrin Anna Ruecker (Facebook )
Average rating: ****.
(4.50, 4 ratings)
Katrin Anna Ruecker explains how Facebook's privacy managers work with product teams to build products with privacy in mind. Join Anna to learn about the privacy review process and how Facebook designs privacy controls and user education. Read more.
Add to your personal schedule
14:10–14:50 Friday, 11 November, 2016
Location: G102 Level: Intermediate
James Plouffe (MobileIron)
Average rating: ****.
(4.00, 1 rating)
We keep our whole lives on our mobile devices. If we use our personal devices for work, we have still more sensitive information in the form of company data. Many employees are concerned about what personal information is visible to their employers. James Plouffe explores whether it's possible to secure corporate data and respect privacy. Read more.
Add to your personal schedule
15:50–16:30 Friday, 11 November, 2016
Location: G102 Level: Beginner
Jennifer Martin (Covington & Burling)
Average rating: *****
(5.00, 2 ratings)
The single most important element to successful cybersecurity incident response is developing a holistic, cross-functional incident response process. Jennifer Martin provides guidance for building trust and educating stakeholders on each others' priorities, roles, and responsibilities to mitigate against internal confusion and strife during a crisis. Read more.
Add to your personal schedule
16:45–17:25 Friday, 11 November, 2016
Location: G102 Level: Intermediate
Average rating: *****
(5.00, 1 rating)
Frederic Branczyk offers an overview of rkt, a container runtime engine developed by CoreOS that was designed for security. rkt can run the same container with varying degrees of protection, from lightweight, OS-level namespace and capabilities isolation to heavier, VM-level hardware virtualization. Read more.