October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Speaker slides & videos

Presentation slides will be made available after the session has concluded and the speaker has given us the files. Check back if you don't see the file you're looking for—it might be available later! (However, please note some speakers choose not to share their presentations.)

Humans are thought to be the weakest link in security, but this is not security’s only human challenge. Andrea Limbago explains why organizations must increasingly leverage a range of social science approaches and insights—from the C-suite translation gap to greater diversity to geopolitical insights to automated data analysis—to navigate the leading workforce challenges today and in the future.
Hacking is a game, and defense both makes the rules and is under no particular obligation to play fair. So cheat! Dan Kaminsky explores better ways to deploy cryptography, protect data, leverage clouds, and more.
Cybersecurity is a hot topic today. Rebecca Bace explains what we need to do to consolidate our efforts in this area, in hopes of instigating a new generation of cybersecurity.
Cloud computing is becoming the new normal. The question is no longer, if? It’s, how fast can we move and what are we going to move first? Timothy Sandage offers an overview of "secure by design" principles and shows how an AWS environment can be configured to provide a reliable operational security control capability across multiple industry verticals.
Need help managing security event logging? Looking for inspiration on how you can use logging to create a more agile security environment? Kenneth Lee and Kai Zhong introduce 411, a new open source tool to help build effective security alerts. Paired with ELK (Elasticsearch, Logstash, and Kibana), 411 allows you to quickly set up automated alerts on your infrastructure.
Machine-learning classifiers are widely used in security applications and often achieve outstanding performance in testing. When deployed, however, classifiers can often be thwarted by motivated adversaries. David Evans offers an overview of work investigating classifiers under attack and methods to automatically evaluate the robustness of a deployed classifier in the presence of adversaries.
Andy Hoernecke and Scott Behrens introduce Scumblr, an open source framework that has been successful in tackling a broad range of security challenges, and explain how to use Scumblr for vulnerability management, application risk tracking, and more.
The next challenge in developing an intrusion detection system becomes finding the tiny amount of relevant information in a very large stream—and doing so efficiently. Jeff Henrikson presents a data pipeline for digesting useful analytics for intrusion detection from aggregated PCAP, with an emphasis on its highest throughput stage: conversion of PCAP to a netflow-like format.
Plantronics evolves its headsets to stay current with the flood of sensors and capabilities emerging in the wearables space. Erik Perotti highlights the countless lessons, pitfalls, and opportunities Plantronics has encountered on its journey around security and explores Plantronics's process and experiences in authentication tokens, biometrics, and beyond.
Fastly operates the edge for many large web properties. To deal with emerging threats to its network, Fastly created a process that allows it to respond effectively to incidents: Incident Command, which rapidly coordinates teams during an incident. Maarten Van Horenbeeck, Lisa Phillips, and Tom Daly take you to the far side of the edge, demonstrating the protocols that work during an incident.
Security and privacy worries are scaring many people away from the Internet. In a world of increasingly hostile networks, we must deliver every site over HTTPS to help protect users and their information. Fortunately, moving to HTTPS has never been easier. From free HTTPS certificates to new browser features that ease the transition, Eric Lawrence demonstrates how to secure sites of any size.
Rocky DeStefano outlines a more scalable and future-proof platform for detecting security threats based on Apache Hadoop and Apache Spot (incubating), exploring real-world examples of how to accomplish a more scalable, flexible, and complete approach to finding advanced threats than the traditional SIEM-based approached in use today.
In this office hour, Audrey and Scott will discuss how everyone can (and should) talk to end-users, how design can impact a company’s bottom line, and what you can demand of your vendors UI, and why.
“Those who cannot remember the past are doomed to repeat it.” — George Santanaya, The Life of Reason We’ll time travel through various events in security history and come to understand how we need to alter our course to change the future.
This talk is about reality - the real facts of the matter and strategies needed for effective life-serving responses, a way to manage the paradoxical imperatives and identity-threatening pressures of our lives and work.
The best way to stop ransomware is to prevent it from ever executing within an environment, but protecting against most ransomware doesn't necessarily involve increasing security spending. Allan Liska and Timothy Gallo offer a practical guide to preventing ransomware, primarily using tools that are already available in most networks.
Susan Sons tells the story of the ongoing intervention to save the troubled but ubiquitous Network Time Protocol's reference implementation, explaining how social, technical, and resourcing challenges came together to threaten a core piece of Internet infrastructure and how these challenges were overcome.
In a multitenant CI/CD environment, developers trust and delegate CI/CD systems to deploy their applications to production. But what is the basis of this trust? What is the trustworthiness of the application deployed by CI/CD through automation? Binu Ramakrishnan highlights security risks with CI/CD deployments and offers solutions to mitigate those risks.
Security people are "only members of the public who are paid to give full-time attention to duties which are incumbent on every citizen in the intent of the community welfare," but often the relationship between security and everyone else is fraught. Brendan O'Connor explores how another group charged with protecting everyone handled this problem with humor, kindness, and a commitment to service.
It happens to every security team: after explaining operational security to management, it feels like nothing stuck. Why do eyes glaze over when we talk about encryption? How can we make sense of defense in depth for others? Jessy Irwin shows you how to find common ground and truly share security with nontechnical users, helping better communicate the mindset behind security.
Common security issues, such as user and software security or cybercrime, are affected by underlying economics—information asymmetry, market failures, cognitive biases, and so on. Thus, addressing security issues requires understanding how they can be seen as economics problems. Fernando Montenegro offers an overview of economics concepts and their application to cybersecurity.
Bots are a reality, and it’s hard to separate your users and good bots (e.g., search) from the bad ones (brute force, fraud, scrapers, etc.). Ido Safruti and Chris Federico review how bots work, explain how to operate a few common bots, and, most importantly, show what you can do to detect and block malicious activity while enabling your users and good bots to work uninterrupted.
The first wave of appsec started with boutique consultancies in the '90s. The second wave brought automation and scale to the masses with security scanners. Rapid deployment and increasing complexity is driving the third wave, which features a liquid supply of globally sourced researchers. Jacob Hansen and Caroline Wong hold a forward-looking discussion on what’s coming next.
It’s time to end the false choice that security must come at the expense of convenience. The reality is that considering security and usability at the same time yields better results for less money (and is faster too). Drawing on real-world examples, Peter Hesse demonstrates how to start the conversations, build the relationships, and get the results and security you need.
Philip Polstra offers an overview of Python basics and demonstrates how to leverage this popular scripting language in order to automate many common tasks found in forensic investigations. You'll gain a deeper understanding of FAT and NTFS filesystems and see firsthand how to glean pertinent information from a filesystem image in minutes with Python.
Some of the very things that make JavaScript awesome can also leave it exposed. Guy Podjarny and Danny Grander use (and abuse) a vulnerable Node.js application called Goof to demonstrate various common vulnerabilities and dependencies. For each item, Guy and Danny explain the issue, show an exploit on Goof, and, most importantly, demonstrate how to avoid or defend against it.