October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

O’Reilly Security 2016 Speakers

New speakers are added regularly. Please check back to see the latest updates to the agenda.

Filter

Search Speakers

Heather Adkins is a 14-year Google veteran and founding member of the Google Security team. As director of information security, Heather has built a global team responsible for maintaining the safety and security of Google’s networks, systems, and applications. The Google Security team, now numbering in the hundreds, is involved in every facet of the business, including launching new products, mergers and acquisitions, building security infrastructure, responding to security threats, and evangelism. Heather has an extensive background in systems and network administration with an emphasis on practical security and has worked to build and secure some of the world’s largest infrastructure for web information systems. She now focuses her time primarily on the defense of Google’s computing infrastructure and working with both the Google Incident Response team and outside entities to tackle some of the industry’s greatest security challenges.

Presentations

Educating the steel pipeline Session

The security community has called for more talent to fuel the roles we have lying empty; however, security has an unusually hardened pipeline that must be improved to support capable candidates getting through to promising security careers. Join in to hear the panel discuss their experiences encountering security's steel pipeline and share ways to improve it.

Once Upon A Future Keynote

“Those who cannot remember the past are doomed to repeat it.” — George Santanaya, The Life of Reason We’ll time travel through various events in security history and come to understand how we need to alter our course to change the future.

James Arlen is Leviathan Security’s director of risk and advisory services, where he works on information security policy, process, and procedure improvements for internationally known manufacturing and financial organizations. Over the past 20 years, James has delivered information security solutions to Fortune 500, TSE 100, and major public-sector organizations. James is a frequent speaker at industry conferences and a prolific contributor to standards bodies and media. He is also a contributing analyst with Securosis and has a recurring column on Liquidmatrix Security Digest. He is best described as an infosec geek, hacker, social activist, author, speaker, and parent.

Presentations

Pragmatic cloud security (AWS edition) 2-Day Training

James Arlen leads a hands-on exploration of techniques for protecting the cloud, with extensive labs in Amazon Web Services. The first day focuses on root account security, virtual networking security, IAM, and logging/monitoring; the second day covers leveraging PaaS services, using immutable infrastructure, and automating security controls.

TRAINING: Pragmatic cloud security - AWS edition (Day 2) Training Day 2

James Arlen leads a hands-on exploration of techniques for protecting the cloud, with extensive labs in Amazon Web Services. The first day focuses on root account security, virtual networking security, IAM, and logging/monitoring; the second day covers leveraging PaaS services, using immutable infrastructure, and automating security controls.

Becky Bace is an internationally recognized expert in network security and intrusion detection. Becky is currently chief strategist for the Center for Forensics, Information Technology, and Security (CFITS) at the University of South Alabama and president and CEO of Infidel, Inc. Previously, she served as technical vice president of the Cyber Security practice for In-Q-Tel, the investment arm of the US intelligence community; venture consultant for Trident Capital, where she served as resident cybersecurity technologist; and research program director and senior engineer for the National Security Agency. As a venture capitalist, Becky provided expert advice to a generation of security startups, including Qualys, Sygate, Tablus, iRobot, Arxan, HyTrust, Airtight, Neohapsis, and Thor Technologies, and she continues to advise a number of startups in modern IT. Becky also works with a number of organizations dedicated to increasing the participation of women and minorities in cybersecurity-related professions. She has written two textbooks, contributed chapters to five others (including the last three editions of the practice handbook for the information security profession), and participated in a NIST special publication on intrusion detection and response. Becky has been honored as one of the most influential women in IT security on numerous occasions over the last decade (most recently as one of 2014’s Five Most Influential Women in Security by SC magazine).

Presentations

A vision for future cybersecurity Keynote

Cybersecurity is a hot topic today. Rebecca Bace explains what we need to do to consolidate our efforts in this area, in hopes of instigating a new generation of cybersecurity.

Chris Baker is an Internet cartographer, data analyst, and wanderlust researcher at Dyn, where he is responsible for an array of data analysis and research projects ranging from business intelligence to Internet measurements and communication analysis. Previously, Chris worked at Fidelity Investments as a senior data analyst. He graduated from Worcester Polytechnic Institute with a master’s degree in system dynamics and a bachelor’s degree in management of information systems and philosophy.

Presentations

Criminal cost modeling Session

One focus of defensive research is understanding how your service can be abused. Once you know "how," the next question you might ask is, what makes it worth it? Chris Baker explores the criminal’s cost model, covering research, data collection, and analysis from abuse identification, sinkholing, and crawling.

Scott Behrens is a senior application security engineer for Netflix. Previously, Scott worked as a senior security consultant at Neohapsis and an adjunct professor at DePaul University. Scott’s expertise lies in security automation for application security, penetration testing, and security research. An avid coder and breaker, he has authored and contributed to a number of open source tools for both attack and defense. Scott has presented security research at ShmooCon, DEF CON, DerbyCon, Shakacon, Security Forum Hagenberg, Security BSides Chicago, and others.

Presentations

Cleaning your application's dirty laundry with Scumblr Session

Andy Hoernecke and Scott Behrens introduce Scumblr, an open source framework that has been successful in tackling a broad range of security challenges, and explain how to use Scumblr for vulnerability management, application risk tracking, and more.

Office Hour with Scott Behrens and Andy Hoernecke Office Hours

In this office hour, Scott and Andy will host a Q&A session on 'Cleaning your application's dirty laundry with Scumblr'.

Jerry Bell has worked in the IT industry for over 20 years, holding a variety of roles, including executive IT security positions at both Internet Security Systems and IBM. Jerry founded and cohosts the Defensive Security Podcast with Andrew Kalat.

Presentations

Ignite Security (sponsored by GitHub) Event

If you had five minutes on stage, what would you say? What if you only got 20 slides and they rotated automatically after 15 seconds? Would you pitch a project? Launch a website? Teach a hack? We’ll find out again at this year's Ignite Security.

Sara “Scout” Brody is the executive director of Simply Secure. Scout has long been passionate about improving the usability of security tools. As a product manager at Google, she worked on projects such as two-step verification, the Android operating system, and uProxy. When not working directly on software, she enjoys dabbling in graphic design, fiber artistry, and woodworking. Scout holds a PhD in computer science. Her dissertation, Access Control in and for the Real World, focused on the mis-integration of classic security mechanisms with modern human organizations.

Presentations

Privacy and threat in practice: Lessons from at-risk user populations Session

The security community has spent decades trying to define what secure systems look like in theory and how to achieve them in practice. This effort has largely focused on the machine components of the systems rather than the human needs and processes they are meant to enable. Scout Brody explores the mismatch between security wisdom and user realities and offers best practices for secure systems.

John Bullard is a technical entrepreneur focused on the enterprise security space. At Distil Networks, he leads the Dev and Biz-Dev teams to ensure customers and partners are protected from content scraping, click fraud, competitive data mining, and a host of other bot-related mischief.

Presentations

Infrastructure is code: A DevOps approach to PCI compliance Session

When John Bullard and Benji Taylor were faced with the challenge of achieving PCI compliance in 90 days flat, they used what they had on hand: modern DevOps practices and tools. They not only passed but built a reusable set of PCI tools to help anyone through the process. You'll receive early access to this DevOps PCI toolkit and learn must-know tips before starting a PCI compliance project.

Office Hour with John Bullard and Benji Taylor Office Hours

In this office hour, John and Benji will host a Q&A session on 'The DevOps approach to PCI compliance.'

Audrey Crane is a partner at DesignMap, where she designs web and mobile apps for clients like Docker, eBay, and Salesforce. Audrey started in high tech 18 years ago as an executive producer at Netscape, where she managed high-profile products such as Net Search and Netscape’s advertising program. Previously, she worked at Dubberly Design Office with clients like Sun, Palm, Stanford, Revolution Health, and Opsware and served as the vice president of design at the Magellan Network, where her team won NNG’s Top 10 Best UI Awards. Audrey studied mathematics, English, and theater during her undergraduate work and studied design at UC Berkeley and California College of Arts (CCA). She tweets at @audcrane.

Presentations

Office Hour with Audrey Crane and Scott Cronin Office Hours

In this office hour, Audrey and Scott will discuss how everyone can (and should) talk to end-users, how design can impact a company’s bottom line, and what you can demand of your vendors UI, and why.

The future UX of security software Session

There is a gap between cybersecurity jobs and the people trained to do them, and this gap will grow in the near-term. The user experience of cybersecurity systems will be a factor in mitigating the inexperience of future security specialists. Audrey Crane and Scott Cronin explore primary user research, present archetypal personas, and share prototypes of potential near-future security software.

Scott Cronin is a senior researcher at DesignMap, where he designs web and mobile apps for clients like Docker, eBay, and Salesforce. Seven years into a counseling career, Scott decided to transition to working in technology. His experience includes benchmark usability, rapid iterative testing, CRM, and mobile research, as well as design for CRM and mobile at SAP. Previously, he worked for design agencies in both research and design.

Presentations

Office Hour with Audrey Crane and Scott Cronin Office Hours

In this office hour, Audrey and Scott will discuss how everyone can (and should) talk to end-users, how design can impact a company’s bottom line, and what you can demand of your vendors UI, and why.

The future UX of security software Session

There is a gap between cybersecurity jobs and the people trained to do them, and this gap will grow in the near-term. The user experience of cybersecurity systems will be a factor in mitigating the inexperience of future security specialists. Audrey Crane and Scott Cronin explore primary user research, present archetypal personas, and share prototypes of potential near-future security software.

Macy Cronkrite is a senior architect at Splunk, where she supports the development and implementation of enterprise sensor networks by providing high-quality analysis from captured machine data in logs, enabling big data analysis as a capability of enterprise IT and SOC operations. Macy is an enterprise-security-focused systems analyst and developer with 15 years of IT experience as well as a coconspirator of Security BSides Boston. Macy holds a BS and MS in information science.

Presentations

Security analytics: Machine learning applied in the SOC Session

Big data has reached security practitioners' desktops, but security knowledge workers are not data scientists by training. One of the most important technology decisions they face is finding easy-to-implement machine-learning tools. Macy Cronkrite offers an overview of existing toolkits applied to data exfiltration and port/traffic analysis security use cases.

Tom Daly is vice president of infrastructure at Fastly. Previously, Tom cofounded Dyn Inc. and served as its president, chief technology officer, and chief scientist. Tom holds a BS in electrical and computer engineering from Worcester Polytechnic Institute and an MBA from Bentley University.

Presentations

Incident Command: The far side of the edge Session

Fastly operates the edge for many large web properties. To deal with emerging threats to its network, Fastly created a process that allows it to respond effectively to incidents: Incident Command, which rapidly coordinates teams during an incident. Maarten Van Horenbeeck, Lisa Phillips, and Tom Daly take you to the far side of the edge, demonstrating the protocols that work during an incident.

Office Hour with Maarten Van Horenbeeck, Lisa Phillips and Tom Daly Office Hours

In this office hour, Maarten, Lisa and Tom will host a Q&A session on 'Implementing incident management programs', and provide any necessary demos to answer your questions.

Samantha Davison was recently the security awareness and education program manager at Uber, where she lead the development of security awareness for employees in over 350 cities globally. Before Uber, Samantha codesigned and implemented highly acclaimed security awareness programs at Fortune 500 companies. She presents at conferences around the world, as well as leading roundtable discussions for security professionals on security awareness, and has been featured in several major security industry publications. Samantha holds a master’s degree in security technologies, where, as part of her academic research, she conducted an extensive comparison of security awareness programs, determining critical success factors in the effectiveness of the programs.

Presentations

Users cannot change on phish alone: Building simulations for your targeted behaviors Session

Security education's ultimate goal is to influence user behavior, ideally in an engaging way that allows us to collect metrics on our efficacy. Why then do most programs rely only on phishing to teach and test? Samantha Davison explores how to build simulations to test your users on secure behaviors, provide teachable moments, and stage your tests to collect meaningful data.

Rocky DeStefano is Cloudera’s subject matter expert on cybersecurity and IANS Faculty. Mr. DeStefano was a member of the USAF and subsequently supported AFCERT as part of the Incident Response Team. Rocky founded and led the Global Security Operations Center for EDS and has supported cybersecurity advancement in notable companies such as ArcSight, NetWitness, RSA and Visible Risk. At every step in his career, Rocky’s focus has been to continually enhance visibility and detection solutions to defend the enterprise.

Presentations

Moving cybersecurity forward: Introducing Apache Spot Session

Rocky DeStefano outlines a more scalable and future-proof platform for detecting security threats based on Apache Hadoop and Apache Spot (incubating), exploring real-world examples of how to accomplish a more scalable, flexible, and complete approach to finding advanced threats than the traditional SIEM-based approached in use today.

Danny Dhillon currently leads the Security Development Lifecycle program at EMC Corporation. Danny has 15 years of diverse experience in security engineering. He has given dozens of training workshops on threat modeling, published on the topic in IEEE Security & Privacy, and presented at Microsoft’s BlueHat conference and RSA’s conference. Danny is a founding member of the IEEE Center for Secure Design.

Presentations

Applying threat modeling to building secure software Tutorial

Threat modeling is an essential element in building secure software that is resilient to attack. Yet threat modeling is often seen as too specialized and time consuming to include in the software development process. Andrea Doherty and Danny Dhillon walk you through a pragmatic approach to threat modeling that can be applied within your existing structured and Agile processes.

Cory Doctorow is a science fiction novelist, blogger, and technology activist. Cory is the coeditor of the popular blog Boing Boing and a contributor to the Guardian, the New York Times, Publishers Weekly, Wired, and many other newspapers, magazines, and websites. He was formerly director of European affairs for the Electronic Frontier Foundation, a nonprofit civil liberties group that defends freedom in technology law, policy, standards, and treaties. Cory holds an honorary doctorate in computer science from the Open University (UK), where he is a visiting senior lecturer; in 2007, he served as the Fulbright Chair at the Annenberg Center for Public Diplomacy at the University of Southern California.

Cory’s novels have been translated into dozens of languages and are published by Tor Books and simultaneously released on the Internet under Creative Commons licenses that encourage their reuse and sharing, a move that increases his sales by enlisting his readers to help promote his work. He has won the Locus and Sunburst Awards and been nominated for the Hugo, Nebula, and British Science Fiction Awards. His latest young adult novel is Pirate Cinema, a story of mashup guerrillas who declare war on the entertainment industry. His latest novel for adults is Rapture of the Nerds, written with Charles Stross and published in 2012. His New York Times bestseller Little brother was published in 2008. Its sequel, Homeland, was published in 2013. His latest short story collection is With a Little Help, available in paperback, ebook, audiobook, and limited edition hardcover. In 2011, Tachyon Books published a collection of his essays, Context: Further Selected Essays on Productivity, Creativity, Parenting, and Politics in the 21st Century (with an introduction by Tim O’Reilly), and IDW published a collection of comic books inspired by his short fiction called Cory Doctorow’s Futuristic Tales of the Here and Now. The Great Big Beautiful Tomorrow, a PM Press Outspoken Authors chapbook, was also published in 2011. His forthcoming books include Anda’s Game, a graphic novel from FirstSecond.

Cory cofounded the open source peer-to-peer software company Opencola, sold to OpenText in 2003, and presently serves on the boards and advisory boards of the Participatory Culture Foundation, the Clarion Foundation, the Glenn Gould Foundation, and the Chabot Space & Science Center’s SpaceTime project. In 2007, Entertainment Weekly called him “the William Gibson of his generation.” He was also named one of Forbes magazine’s Web Celebrities every year from 2007 to 2010 and one of the World Economic Forum’s Young Global Leaders for 2007. On February 3, 2008, Cory became a father. The little girl is called Poesy Emmeline Fibonacci Nautilus Taylor Doctorow and is a marvel that puts all the works of technology and artifice to shame.

Presentations

Office Hour with Cory Doctorow Office Hours

In this office hour, Cory will discuss topics around EFF, DRM and Jailbreaking and the law.

Security and feudalism: Own or be pwned Keynote

Cory Doctorow explains how EFF is battling the perfect storm of bad security, abusive business practices, and threats to the very nature of property itself, fighting for a future where our devices can be configured to do our bidding and where security researchers are always free to tell us what they've learned.

Andrea Doherty is a consultant product security engineer at EMC Corporation, working for the EMC Product Security office as a security advisor for several product development teams. Andrea has been a security champion, security architect, and security advisor for the past 21 years. Previously, Andrea specified and built security applications for 13 years at RSA, the security division of EMC. Andrea represented RSA in the IETF KEYPROV working group and was editor of RFC6063. In 2015, she led the SAFECode Threat Modeling Tool BoF comprised of representatives from seven member companies. Andrea has presented on threat modeling and security testing at a number of regional security conferences, including Cisco SecCon 2013 and Source Boston 2014.

Presentations

Applying threat modeling to building secure software Tutorial

Threat modeling is an essential element in building secure software that is resilient to attack. Yet threat modeling is often seen as too specialized and time consuming to include in the software development process. Andrea Doherty and Danny Dhillon walk you through a pragmatic approach to threat modeling that can be applied within your existing structured and Agile processes.

Kyle Ehmke is a threat intelligence researcher with ThreatConnect. Kyle has seven years of experience as a cyber intelligence analyst in the intelligence community and within the healthcare sector. Kyle has followed a wide range of cyberthreats ranging from extremists in the Middle East to, more recently, those specifically affecting the healthcare and pharmaceutical sector. He is currently ThreatConnect’s main contributor for the medical and healthcare community, where he focuses on providing healthcare-specific threat intelligence that can facilitate members’ defensive efforts.

Presentations

Deriving actionable intelligence from spoofed domain registrations Session

Kyle Ehmke draws on information identified in ThreatConnect research on the Anthem hack to demonstrate how an organization can leverage threat intelligence in conjunction with domain registration data to further bolster its defensive efforts and details the process by which ThreatConnect identified potential Chinese APT activity against the pharmaceutical sector.

Stina Ehrensvard is the CEO and founder of Yubico and coinventor of the YubiKey—a small device that makes strong two-factor authentication easy and affordable for everyone. She is a visionary IT entrepreneur with a proven track record of creating and bringing new technology innovations to global markets. Stina is an accomplished speaker on Internet identity, security, and entrepreneurship and was most recently named one of Inc.’s 2013 Woman to Watch in Tech.

Presentations

The future of strong online identities: Simple, open, and mobile Session

After OATH for one-time passwords and PIV for smart cards, FIDO U2F is winning support in leading platforms and browsers. Stina Ehrensvard explains how Google users, global dissidents, and UK citizens are using these open standards to secure access to accounts while preserving privacy and how FIDO U2F complements the open identity standards SAML and OIDC.

Margus Ernits is a CTO at RangeForce, where he is the architect of the RangeForce.com Cyber Simulator platform, which discovers, develops, and recruits cyber-talent using a cloud-based e-learning platform that enables users to simulate cyberattacks in complex networks for hands-on, gamified, and adaptive learning. He is also a lecturer at the Estonian IT College. Margus has in-depth experience in GNU Linux and IT security and robotics. He has been nominated three times as a Lecturer of the Year in the Estonian IT College. Margus holds a master of science in engineering in cybersecurity, a joint curriculum from Tallinn University of Technology and the University of Tartu. He is a Barclays TechStar New York 2015 class alumni and a PhD student at Tallinn University of Technology.

Presentations

TRAINING: Web application defense essentials (Day 2) Training Day 2

Margus Ernits leads you through practical exercises to defend a small enterprise IT infrastructure. Everyone begins with a pre­designed IT environment with different ­built-in vulnerabilities. As simulated cybercriminals start to attack that environment, your task will be to keep all the IT services up and running and defend the infrastructure.

Web application defense essentials 2-Day Training

Margus Ernits leads you through practical exercises to defend a small enterprise IT infrastructure. Everyone begins with a pre­designed IT environment with different ­built-in vulnerabilities. As simulated cybercriminals start to attack that environment, your task will be to keep all the IT services up and running and defend the infrastructure.

David Evans is a professor of computer science at the University of Virginia and leader of the Security Research Group. His research focuses on privacy and security for computing systems and empowering individuals and organizations to control how their data is used and shared. He is the author of an open computer science textbook and a children’s book on combinatorics and computability and teacher of one of the world’s most popular MOOCs. He won the Outstanding Faculty Award from the State Council of Higher Education for Virginia, an all-university teaching award, and was program co-chair for the 31st and 32nd IEEE Symposia on Security and Privacy and will be program co-chair for ACM CCS 2017. He holds SB, SM, and PhD degrees in computer science from MIT.

Presentations

Classifiers under attack Session

Machine-learning classifiers are widely used in security applications and often achieve outstanding performance in testing. When deployed, however, classifiers can often be thwarted by motivated adversaries. David Evans offers an overview of work investigating classifiers under attack and methods to automatically evaluate the robustness of a deployed classifier in the presence of adversaries.

Christopher Federico is the lead solutions architect at PerimeterX. Previously, Christopher held roles as a product manager at CloudFlare for web application firewalls and enterprise CDN logging; manager of the solution center for the Americas at Check Point Software Technologies, where he led presale escalations and major proofs of concept; and various roles in VeriSign’s managed services division. Chris loves working on problems at scale, cooking great food, and backpacking California.

Presentations

The industrial age of website bots: How to detect and block automated attacks Tutorial

Bots are a reality, and it’s hard to separate your users and good bots (e.g., search) from the bad ones (brute force, fraud, scrapers, etc.). Ido Safruti and Chris Federico review how bots work, explain how to operate a few common bots, and, most importantly, show what you can do to detect and block malicious activity while enabling your users and good bots to work uninterrupted.

Jamesha Fisher is a security operations engineer at GitHub. Jamesha has worked in the tech industry for over 10 years, with a special interest in security. Graduating with a degree in information assurance and security engineering, she lent her experience to operations and systems engineering at companies like Google and CloudPassage. In her spare time, Jamesha is a maker of things musical or delicious and objects that use binary numbers.

Presentations

Educating the steel pipeline Session

The security community has called for more talent to fuel the roles we have lying empty; however, security has an unusually hardened pipeline that must be improved to support capable candidates getting through to promising security careers. Join in to hear the panel discuss their experiences encountering security's steel pipeline and share ways to improve it.

Jessica Frazelle is a software engineer at Microsoft, where she works with Linux and containers. Jess loves all things involving Linux namespaces and cgroups and is probably most well known for running desktop applications in containers. Jessica has been a maintainer of Docker and a contributor to RunC, Kubernetes, Linux, and Golang, among other projects and maintained the AppArmor, seccomp, and SELinux bits in Docker. She is quite familiar with locking down containers.

Presentations

Benefits of isolation provided by containers Session

Overall, your applications will be more secure running in containers than not, but a common misconception is that containers will prevent attacks—they will not. Jessica Frazelle covers the benefits gained by using containers and outlines the ways containers lessen the destruction from an application compromise.

Office Hour by Jessica Frazelle Office Hours

In this office hour, Jessica will hold a Q&A session on containers.

Timothy Gallo is a cyber security specialist engineer at Symantec. Tim has been working in IT security since 1999, but he’s also been a bouncer, a bartender, and a physicist. He loves finding new ways to do things, in particular by breaking them. Tim has been spending time lately tearing apart pumps, golf carts, and other items to rebuild them into something better, faster, and stronger.

Presentations

Protecting your organization against ransomware (while ensuring no one sends you a Christmas card) Session

The best way to stop ransomware is to prevent it from ever executing within an environment, but protecting against most ransomware doesn't necessarily involve increasing security spending. Allan Liska and Timothy Gallo offer a practical guide to preventing ransomware, primarily using tools that are already available in most networks.

Charles Givre is an unapologetic data geek who is passionate about helping others learn about data science and become passionate about it themselves. For the last five years, Charles has worked as a data scientist at Booz Allen Hamilton for various government clients and has done some really neat data science work along the way, hopefully saving US taxpayers some money. Most of his work has been in developing meaningful metrics to assess how well the workforce is performing. For the last two years, Charles has been part of the management team for one of Booze Allen Hamilton’s largest analytic contracts, where he was tasked with increasing the amount of data science on the contract—both in terms of tasks and people.

Even more than the data science work, Charles loves learning about and teaching new technologies and techniques. He has been instrumental in bringing Python scripting to both his government clients and the analytic workforce and has developed a 40-hour Introduction to Analytic Scripting class for that purpose. Additionally, Charles has developed a 60-hour Fundamentals of Data Science class, which he has taught to Booz Allen staff, government civilians, and US military personnel around the world. Charles has a master’s degree from Brandeis University, two bachelor’s degrees from the University of Arizona, and various IT security certifications. In his nonexistent spare time, he plays trombone, spends time with his family, and works on restoring British sports cars.

Presentations

Drilling into network data with Apache Drill Tutorial

Drill is an open source, schema-free SQL engine that can query all kinds of data. Applying Drill to network security problems potentially offers a leap forward in network analysis. Charles Givre demonstrates how to use Drill to query simple data, complex data, and data from databases and big data sources and walks you through writing your own functions to extend Drill's functionality.

Foundations of security data science 2-Day Training

Join Jay Jacobs, Charles Givre, and Bob Rudis for a hands-on, in-depth exploration into the foundations of security data science. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

Danny Grander is a veteran security researcher and the cofounder of Snyk.io, where he works on open source security and leads Snyk’s security research. Previously, Danny was the CTO of Gita and a lead researcher and developer for a few startups. Danny’s CTF team, Pasten, won both the Chaos Computer Club and Google’s latest CTFs.

Presentations

Writing secure Node code Tutorial

Some of the very things that make JavaScript awesome can also leave it exposed. Guy Podjarny and Danny Grander use (and abuse) a vulnerable Node.js application called Goof to demonstrate various common vulnerabilities and dependencies. For each item, Guy and Danny explain the issue, show an exploit on Goof, and, most importantly, demonstrate how to avoid or defend against it.

grecs has two decades of industry experience and holds undergraduate and graduate engineering degrees, as well as a really well-known security certification. Despite his formal training, grecs has always been more of a CS person at heart, going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days as a senior cyber intelligence analyst enhancing customer defenses through advanced analysis, customized training, and engineering improvements. In his free time, grecs is an international speaker and blogger, covering a range of topics, including incident response, malware analysis, and threat intelligence.

Presentations

Hello to the dark side: Understanding your adversaries without all those expensive threat intel tools Session

In the aftermath of the fall of Evernote as an inexpensive threat intel platform, low-cost solutions have awoken from the remains to give hope to defenders everywhere. S. Grec continues his threat intel series, covering lessons learned from his Evernote experiment before pivoting toward improved data structures and newly discovered enterprise-friendly intel platforms to support them.

Ben Hall is the founder of Ocelot Uproar, a company focused on building products loved by users. Ben has worked as a systems administrator, tester, and software developer and launched several companies. He still finds the time to publish books and speak at conferences. Ben enjoys looking for the next challenges to solve, usually over an occasional beer. Ben recently launched Katacoda, an online learning environment for developers that helps break down the barriers to learning new technologies such as Docker and containers.

Presentations

Applying Docker security Tutorial

Docker offers a lot of advantages, simplifying both development and production environments, but there is still uncertainty around the security of containers. Ben Hall shares his experiences while leading a hands-on demonstration of Docker and container security.

Mike Hanley is the director of Duo Labs, the advanced security research and analysis team at Duo Security. Prior to joining Duo, Mike was a senior member of the technical staff at CERT/CC, where he conducted applied R&D on a variety of cyber issues in support of the Department of Defense and the Intelligence community. He holds an MS in information security policy and management from Carnegie Mellon University and an undergraduate degree in economics from Michigan State University.

Presentations

Lessons learned from billions of authentication events Session

As an access security provider, Duo sees billions of authentication and access events each year from tens of thousands of customers across huge user and device populations. Mike Hanley presents the major trends and patterns at Internet scale emerging from Duo's unique visibility into the users, devices, networks, and services that make up enterprise remote access.

Jacob Hansen is the cofounder and CEO of Cobalt, which delivers crowdsourced pen tests and private bug bounties to modern organizations. Prior to founding Cobalt, Jacob was a consultant at Accenture in Copenhagen and London, where he delivered enterprise IT Solutions for Fortune 1000 clients. As an advocate of crowdsourcing and cybersecurity, Jacob has been featured in Forbes and The Verge and has spoken at various conferences internationally. Jacob’s passion for technology extends to his personal life, where he is a crypto enthusiast and cofounder of Bitcoinfilm.org, a nonprofit dedicated to sharing stories of bitcoin adoption around the world.

Presentations

Office Hour with Caroline Wong and Jacob Hansen Office Hours

In this office hour, Caroline and Jacob will discuss the evolution of pen testing, crowdsourced security, and security scanners vs. consultants vs. bug bounty vs. crowdsourced pen tests.

The third wave of application security

The first wave of appsec started with boutique consultancies in the '90s. The second wave brought automation and scale to the masses with security scanners. Rapid deployment and increasing complexity is driving the third wave, which features a liquid supply of globally sourced researchers. Jacob Hansen and Caroline Wong hold a forward-looking discussion on what’s coming next.

Kelly Hope Harrington is a senior software engineer on the safe browsing team at Google, where she focuses on detection of web-based threats and outreach to webmasters. In her 20% time, she coleads Google’s presence at the San Francisco Pride Parade. Kelly holds a BS in computer science from Carnegie Mellon University, where she took a special interest in computer security and linguistics.

Presentations

Are we out of the woods? The current state of web malware Session

Despite advances in security, sophisticated attacks still leave many users at risk on the Web. Kelly Harrington reviews modern threats such as drive-by downloads, social engineering, and unwanted software distribution. Kelly then presents advances in detection and policy, focusing specifically on Google Safe Browsing’s recent efforts to keep the Web safe.

Lance Hayden is the chief privacy officer for ePatientFinder, responsible for the security and privacy of mission-critical enterprise information assets. A leading expert on security culture, strategy, and performance with over 25 years’ experience in information security, Lance focuses on helping organizations better leverage their human capital in support of information security goals and objectives. Over the course of his career, he has worked with companies and teams around the world to measure their security culture, identify sources of behavioral and cultural risk, and develop highly reliable security programs capable of both anticipating and responding to today’s security challenges—as well as tomorrow’s. Lance is the author of People-Centric Security and IT Security Metrics and a regular contributor to industry events and publications. Lance lives in Austin, where he teaches courses on security and privacy at the University of Texas School of Information.

Presentations

Security FORCE: A model for highly reliable security behaviors and cultures Session

Lance Hayden introduces Security FORCE, a model adapted from research on high-reliability organizations (HROs). HROs thrive in dangerous and uncertain environments through a culture that emphasizes failure, operations, resilience, complexity, and expertise. The FORCE model applies these traits to cybersecurity operations and provides metrics to support successful enterprise FORCE adoption.

Jeff Henrikson is a software consultant in the area of cybersecurity with 15 years of experience in data science and data engineering. Previously, Jeff worked at Amazon on the retail website page with the highest revenue per impression; productionized Intentional Software’s first product and coauthored the first reference manual with founder Charles Simonyi; and worked in computer vision, insurance catastrophe modeling, and manufacturing science. Jeff holds degrees in math from MIT and jazz composition from Berklee College of Music. Last spring, Jeff created and taught the course Building the Data Pipeline for the Big Data Certificate program offered by University of Washington Professional and Continuing Education.

Presentations

Detecting anomalies efficiently at scale: A cybersecurity streaming data pipeline using Kafka and Akka clustering Session

The next challenge in developing an intrusion detection system becomes finding the tiny amount of relevant information in a very large stream—and doing so efficiently. Jeff Henrikson presents a data pipeline for digesting useful analytics for intrusion detection from aggregated PCAP, with an emphasis on its highest throughput stage: conversion of PCAP to a netflow-like format.

Peter Hesse is the chief security officer of 10Pearls, where he focuses on avoiding the common break/fix mentality around security, instead finding ways to architect and build security into systems and products. For nearly two decades, Peter has leveraged his passion for technology and experience in security to develop successful solutions to interesting problems. From an exciting start developing the reference implementation of a standards-based certification authority for the National Institute of Standards and Technology (NIST) to overcoming obstacles and successfully demonstrating the system that formed the basis of the Federal PKI, Peter has built his reputation tackling complex challenges and explaining them to others. Previously, Peter founded and ran the successful information security consulting firm Gemini Security Solutions for over a dozen years.

Presentations

Office hour with Peter Hesse Office Hours

In this office hour, Peter will ask the questions, 'What are good security user stories to include in agile development processes?' and 'What examples of good security UX are worth emulating?'.

User experience and security: Enemies or allies? Session

It’s time to end the false choice that security must come at the expense of convenience. The reality is that considering security and usability at the same time yields better results for less money (and is faster too). Drawing on real-world examples, Peter Hesse demonstrates how to start the conversations, build the relationships, and get the results and security you need.

Andy Hoernecke is a senior application security engineer on the Product and Application Security team at Netflix, where he spends his time on security automation, identifying and driving systemic security improvements to the Netflix architecture, and developing open source security tools. Andy’s approach to security centers around finding practical solutions to long-standing, difficult problems. He couples his experience in security with his interest in data visualization to provide unique insight into today’s biggest security challenges. Previously, Andy built and ran the Application Security program for the Sears online business unit. He was also an adjunct professor at DePaul University, where he taught master’s-level courses in information security. Andy holds a master’s degree in computer engineering and information assurance at Iowa State University and is actively involved with information security efforts through multiple organizations.

Presentations

Cleaning your application's dirty laundry with Scumblr Session

Andy Hoernecke and Scott Behrens introduce Scumblr, an open source framework that has been successful in tackling a broad range of security challenges, and explain how to use Scumblr for vulnerability management, application risk tracking, and more.

Office Hour with Scott Behrens and Andy Hoernecke Office Hours

In this office hour, Scott and Andy will host a Q&A session on 'Cleaning your application's dirty laundry with Scumblr'.

Jessy Irwin is a security expert who excels in translating complex cybersecurity issues into simple, relatable terms for nontechnical audiences. Her current areas of interest include making security more accessible for the average person, advocating for strong privacy protections in education for students, building better models for digital security training, and building proactive security communications strategies for consumers, policymakers, small businesses, and Fortune500 companies. In her work as an consultant, security executive, and former security empress at 1Password, she has taught consumers how to better protect themselves, their data, and their identities online. Jessy regularly writes and presents internationally on human-centric security, student privacy, and security communication at events including O’Reilly Security, RSA Conference, TechSummit Amsterdam, Infosec Southwest, and ShmooCon. Her work has appeared in CSO Online, VICE Broadly, Mashable, BuzzFeed, TechCrunch, and CNN.

Presentations

Speak security and enter: Making security make sense for nontechnical users Session

It happens to every security team: after explaining operational security to management, it feels like nothing stuck. Why do eyes glaze over when we talk about encryption? How can we make sense of defense in depth for others? Jessy Irwin shows you how to find common ground and truly share security with nontechnical users, helping better communicate the mindset behind security.

Jay Jacobs is the senior data scientist at BitSight Technologies. Prior to joining BitSight, Jay spent four years as the lead data analyst for the Verizon Data Breach Investigations Report. Jay is the coauthor of Data-Driven Security, which covers data analysis and visualizations for information security, and hosts the Data-Driven Security and R World News podcast. Jay is also a cofounder of the Society of Information Risk Analysts and currently serves on its board of directors. Jay is also active in the R community; he coordinates his local R user group for the greater Minneapolis area and contributes to local events and functions supporting data analysis.

Presentations

Foundations of security data science 2-Day Training

Join Jay Jacobs, Charles Givre, and Bob Rudis for a hands-on, in-depth exploration into the foundations of security data science. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

Security data science beyond operations Session

Jay Jacobs dives into data from tens of thousands of organizations and shares techniques that pick out the relationships and identify patterns of risky behavior—once we start to find these indicators, we can actually test and prove what separates good from the mediocre when it comes to security.

TRAINING: Foundations of security data science (Day 2) Training Day 2

Join Jay Jacobs, Charles Givre, and Bob Rudis for a hands-on, in-depth exploration into the foundations of security data science. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

Andrew Kalat has been in the information security field for over 20 years, working in many roles, including operations, architecture, sales engineering, and consulting. Andrew currently works as a security architect at Elavon and is the cohost of the Defensive Security podcast with Jerry Bell.

Presentations

Ignite Security (sponsored by GitHub) Event

If you had five minutes on stage, what would you say? What if you only got 20 slides and they rotated automatically after 15 seconds? Would you pitch a project? Launch a website? Teach a hack? We’ll find out again at this year's Ignite Security.

Dan Kaminsky is cofounder and chief scientist of White Ops, a cybersecurity firm. Dan is an internationally respected technologist who has spent almost two decades protecting the Internet. He is is one of the seven key shareholders able to restore the Internet’s Domain Name System if necessary. An invited expert to the W3C, the guiding organization for the Web, Dan is known for his work in finding a core flaw in the Internet and then leading the charge to repair it.

Presentations

A technical dive into defensive trickery Session

Hacking is a game, and defense both makes the rules and is under no particular obligation to play fair. So cheat! Dan Kaminsky explores better ways to deploy cryptography, protect data, leverage clouds, and more.

Office hour by Dan Kaminsky Office Hours

In this office hour, Dan will discuss how to make security easier.

Eric Lawrence is a senior software engineer on the Google Chrome Security team, working on the #moarTLS effort. Eric is passionate about building tools to help developers and testers build better web applications. He built the Fiddler Web Debugger and spent a dozen years at Microsoft working on the Office Online and Internet Explorer engineering teams. You can find him on Twitter as @ericlaw and on his blog, Textslashplain.

Presentations

Migrating to HTTPS Session

Security and privacy worries are scaring many people away from the Internet. In a world of increasingly hostile networks, we must deliver every site over HTTPS to help protect users and their information. Fortunately, moving to HTTPS has never been easier. From free HTTPS certificates to new browser features that ease the transition, Eric Lawrence demonstrates how to secure sites of any size.

Office Hour by Eric Lawrence Office Hours

In this office hour with Eric, he will have an informal chat about Migrating to HTTPS.

Kenneth Lee is a senior product security engineer at Etsy working on everything from managing the bug bounty program to shattering the site with new vulnerabilities. Previously, Kenneth worked at FactSet Research Systems preventing hackers from stealing financial data. He holds an MS in computer science with a focus on computer security from Columbia. Between sweet hacks, Kenneth enjoys drinking tea and force-feeding Etsy’s operations team Japanese chocolates.

Presentations

Building effective security alerting Session

Need help managing security event logging? Looking for inspiration on how you can use logging to create a more agile security environment? Kenneth Lee and Kai Zhong introduce 411, a new open source tool to help build effective security alerts. Paired with ELK (Elasticsearch, Logstash, and Kibana), 411 allows you to quickly set up automated alerts on your infrastructure.

Andrea Little Limbago is the principal social scientist at Endgame. Andrea brings a background in quantitative social science and direct operational support to advance Endgame’s technical content and data science contributions across a range of markets, including cybersecurity, tech, and national security. She collaborates extensively with the data science and threat intelligence teams, guiding Endgame’s community engagement with industry, academia, think tanks, and tech. Andrea writes extensively on the geopolitics of the cyber domain, data science, and women in cybersecurity and the tech sector. She has previously worked in academia (NYU) and government (Joint Warfare Analysis Center), presenting at numerous conferences, including the American Political Science Association Annual Meeting, International Studies Association Annual Convention, SOCOM’s Global Synchronization Conference, the GEOINT Symposium, and the Military Operations Research Society Annual Symposium. While at JWAC, Andrea received the Reginald Gray Award, the Command’s top award for technical excellence for her analytic support to the Geographic Combatant Commands, Special Operations Command, Strategic Command, and the Joint Staff. Andrea holds a PhD in political science from the University of Colorado at Boulder, where she taught a variety of international relations and foreign policy courses, and a bachelor’s degree in government and romance languages from Bowdoin College.

Presentations

A social scientist’s perspective on how the intersection of humans and technology will shape the future workforce Session

Humans are thought to be the weakest link in security, but this is not security’s only human challenge. Andrea Limbago explains why organizations must increasingly leverage a range of social science approaches and insights—from the C-suite translation gap to greater diversity to geopolitical insights to automated data analysis—to navigate the leading workforce challenges today and in the future.

Office Hour with Andrea Limbago Office Hours

In this office hour, Jessica will hold a Q&A session on 'A social scientist’s perspective on how the intersection of humans and technology will shape the future workforce'.

Allan Liska is a consulting systems engineer at Recorded Future. Allan has more than 15 years’ experience in the world of security and has worked as both a security practitioner and an ethical hacker. Through his work at Symantec, iSIGHT Partners, FireEye, and Recorded Future, Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the coauthor of DNS Security and Ransomware: Defending Against Digital Extortion.

Presentations

Office Hour by Allan Liska Office Hours

In this office hour, Allan will go over trends in Ransomware (what's new), some of the best tools for defeating ransomware, and educating users to be on the lookout for ransomware.

Protecting your organization against ransomware (while ensuring no one sends you a Christmas card) Session

The best way to stop ransomware is to prevent it from ever executing within an environment, but protecting against most ransomware doesn't necessarily involve increasing security spending. Allan Liska and Timothy Gallo offer a practical guide to preventing ransomware, primarily using tools that are already available in most networks.

Adrian Ludwig is the lead engineer for Android security at Google, where he is responsible for the security of the Android platform and Google’s applications and services for Android. Prior to joining Google, Adrian held technical leadership positions at Joyent, Adobe, Macromedia, @stake, and the Department of Defense. He holds a BA in mathematics from Williams College and an MBA from the University of California, Berkeley.

Presentations

Securing 85% of the world’s smartphones: Notes from the field Session

The Android ecosystem has more than one billion active devices worldwide—representing 85% of smartphones in the market. Adrian Ludwig, lead engineer for Android security at Google, is in charge of securing this network. Adrian explains how he thinks about the problem and shares real-life case studies with lessons learned that you can apply in your own organization.

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and is an investor/advisor for Signal Sciences. He is a frequent speaker on secure software practices, a member of the JavaOne Rock Star speaker community, and a volunteer and former board member for the OWASP foundation. Jim is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill).

Presentations

Modern identity and access management for the Web Tutorial

Modern identity and access management (IAM) on the Web is complex, putting a great burden on developers who have to integrate with modern authentication or access control layers. Jim Manico demystifies the relationship between modern protocols and frameworks such as OIDC, SAML, and OAuth that make up the core of modern web IAM.

Office hour with Jim Manico Office Hours

In this office hour, Jim will host a Q&A session on 'Modern identity and access management for the Web'.

Chris Martin is the principal sales engineer at LogRhythm. Chris has over 15 years’ experience in information technology in network administration, infrastructure, and security. He has provided consultancy services in both private- and public-sector organizations with focus on compliance and security.

Presentations

Intrusion ≠ breach: Reducing risk via faster detection and response Session

Often, a multitude of activities and signals occur between an initial intrusion and a data breach. Chris Martin explains why detecting early indicators, such as compromised credentials, command-and-control activity, or suspicious lateral movement, can often provide the necessary lead time to respond to and neutralize a threat before it leads to a material breach.

Laura Mather is the founder and CEO of Unitive, where she combines expertise in technology, insights into human behavior, and an entrepreneurial savvy to address major challenges facing business and society and is developing a suite of software to transform the talent management landscape by bolstering traditional human resource processes with software to eliminate unconscious bias and get the right people into the right jobs.

Previously, Laura cofounded Silver Tail Systems and built it to a team of 100 that protected over one billion accounts before being acquired by RSA, the security division of EMC. Laura began her career at the National Security Agency and Britannica.com before pioneering antiphishing practices for eBay and PayPal in the early 2000s. Throughout these professional experiences, Laura became intrigued with how the most productive teams were formed and witnessed how a lack of diversity stunted innovation and effectiveness at organizations, whether big or small, government, startup, or Fortune 500. In 2012, Laura was 16th on Fast Company’s Most Creative People in Business list, 6th on Fortune’s list of Most Powerful Women Entrepreneurs, and 9th on Business Insider’s list of Most Powerful Women Engineers. In 2013, she was named to the top 50 Future Digital Strategists for Corporate Boards by Agenda magazine. Laura holds a PhD in computer science and a BS in applied mathematics.

Presentations

The groupthink vulnerability: Impacts and countermeasures Session

Groupthink is a serious vulnerability in which the desire for conformity within a group of people results in an irrational or dysfunctional decision-making outcome. Laura Mather describes lessons learned while designing teams to be resistant to groupthink at the NSA, eBay, Silver Tail Systems, and Unitive and outlines best practices for data-driven team building.

Nick Merker is a partner and cochair of Ice Miller’s Data Security and Privacy practice. With almost a decade of hands-on, prelegal computer systems, network, and security experience in the public and private sector, Nick bridges the gap between information technology and the law. Privacy law and technology are both constantly changing; Nick assists clients by analyzing laws against emerging technology and preparing clients to address regulatory and contractual audits, customer expectations, and assessment of risk. Nick also strives to educate others on trending privacy issues. He is a member of the faculty at the International Association of Privacy Professionals, where he leads privacy training across the globe to executives, engineers, lawyers, and managers. Nick teaches a Data Security and Privacy Law course at the Robert H. McKinney School of Law at Indiana University and is a frequent author and speaker on privacy issues at conferences and in multiple publications. Nick holds CISSP and CIPT certifications.

Presentations

No single answer: Balancing cybersecurity insurance and a strong security program Session

As information security risks continue to become more of a focus for executives and legal teams, the methods used to reduce incident impact are moving beyond technical controls and into traditional business standbys. Mark Stanislav and Nick Merker explain the realities of cybersecurity insurance and its reliance on building a strong, defensive-oriented security program.

Allison Miller works in product management at Google, mitigating risks to Google and end users. Previously, Allison held technical and leadership roles in security, risk analytics, and payments/commerce at Electronic Arts, Tagged.com, PayPal/eBay, and Visa International. Allison is a proven innovator in the security industry and regularly presents research on risk analytics, cybersecurity, and economics. She is known for her expertise in designing and implementing real-time risk prevention and detection systems running at internet scale.

Presentations

Tuesday opening welcome Keynote

Program chairs Courtney Nash and Allison Miller open the first day of keynotes.

Wednesday opening welcome Keynote

Program chairs Allison Miller and Courtney Nash open the second day of keynotes.

Fernando Montenegro is a security professional with a strong background in network and cloud security. He is currently an independent consultant working on multi-cloud security. His experience includes pre- and post-sales technical roles with vendors in areas such as microsegmentation, fraud detection, high performance network architecture, and enterprise computing. His work across enterprise customers in Canada, Latin America, and the US has provided insights into the underlying economic dynamics of common security scenarios. His areas of interest include security economics – particularly behaviour economics – data science, and cybercrime. He holds a bachelor’s degree in Computer Science and industry certifications.

Presentations

The economics of cybersecurity Session

Common security issues, such as user and software security or cybercrime, are affected by underlying economics—information asymmetry, market failures, cognitive biases, and so on. Thus, addressing security issues requires understanding how they can be seen as economics problems. Fernando Montenegro offers an overview of economics concepts and their application to cybersecurity.

Christina is an information security & tech nerd with a background in enterprise identity and access management and information security. By day she works @ Microsoft as a Senior Program Manager on the Azure Information Protection Cloud & Engineering team. 

She is also co-founded a community for women of color in tech which is best known for creating an open source collection of stock photos, to boost visual representation in the industry.  When she is not at work she enjoys spending time with family, attending Cryptoparties, traveling and reading. She also advises, speaks and mentors people, communities, and organizations who have an interest in technology. 
She lives in NYC with her husband and children.

Presentations

Educating the steel pipeline Session

The security community has called for more talent to fuel the roles we have lying empty; however, security has an unusually hardened pipeline that must be improved to support capable candidates getting through to promising security careers. Join in to hear the panel discuss their experiences encountering security's steel pipeline and share ways to improve it.

Courtney Nash chairs multiple conferences for O’Reilly Media and is the strategic content director focused on areas of modern web operations, high-performance applications, and security. An erstwhile academic neuroscientist, she is still fascinated by the brain and how it informs our interactions with and expectations of technology. She’s spent 17 years working in the technology industry in a wide variety of roles, ever since moving to Seattle to work at a burgeoning online bookstore. Outside work, Courtney can be found biking, hiking, skiing, and photographing the Cascade Mountains near her home in Bellingham, Washington.

Presentations

Tuesday opening welcome Keynote

Program chairs Courtney Nash and Allison Miller open the first day of keynotes.

Wednesday opening welcome Keynote

Program chairs Allison Miller and Courtney Nash open the second day of keynotes.

Sam Newman is an independent consultant specializing in helping people ship software fast. Sam has worked extensively with the cloud, continuous delivery, and microservices and is especially preoccupied with understanding how to more easily deploy working software into production. For the last few years, he has been exploring the capabilities of microservice architectures. He has worked with a variety of companies in multiple domains around the world, often with one foot in the developer world and another in the IT operations space. Previously, he spent over a decade at ThoughtWorks and then another year with a startup. Sam speaks frequently at conferences. He is the author of Building Microservices (O’Reilly). If you would like to get in touch, please email him.

Presentations

Microservices and security Tutorial

Security is everyone’s job, even if you’re not a specialist. Sam Newman shares a model that shows how developers can think about application security and play their part. From there, Sam explores the specific challenges in microservice architectures and explains how application security principles can be applied to these often much more complex application architectures.

Described by coworkers as “not the lawyer we need, but the lawyer we deserve,” Brendan O’Connor is a security researcher, practitioner, and consultant based in Seattle, WA. While he is a lawyer, he is not your lawyer. Brendan is admitted to the Montana bar and serves as vice chair of the ABA’s Information Security Committee. He was awarded two DARPA Cyber Fast Track contracts for his security research, which focuses primarily on enabling access to security and privacy through development of disposable computing and sensing tools. He has taught at an information warfare school, played the violin, transmitted on amateur radio (K3QB), and tried to convince his cat not to eat him when he dies.

Presentations

Security by consent Session

Security people are "only members of the public who are paid to give full-time attention to duties which are incumbent on every citizen in the intent of the community welfare," but often the relationship between security and everyone else is fraught. Brendan O'Connor explores how another group charged with protecting everyone handled this problem with humor, kindness, and a commitment to service.

Krystall Parrington is currently an undergraduate student at DePaul University pursing a degree in information assurance and security engineering. This past year her interest in security has led her to opportunities that include a lab assistant position at the Network and Security Lab at DePaul and a security analyst internship at SAP Fieldglass. In her downtime, Krystall enjoys exploring new areas of Chicago and trying unique tea shops.

Presentations

Educating the steel pipeline Session

The security community has called for more talent to fuel the roles we have lying empty; however, security has an unusually hardened pipeline that must be improved to support capable candidates getting through to promising security careers. Join in to hear the panel discuss their experiences encountering security's steel pipeline and share ways to improve it.

Erik Perotti is senior manager of new ventures on Plantronics’s Innovation team, where his core mission is the ongoing analysis and evolution of online user engagement, resulting in end-user interface experiences that are intuitive, engaging, and purposeful. Erik’s background includes 20 years of dedicated work developing user interfaces, prototypes, and web interactions. Erik is profoundly interested in the evolution of the Internet as a communications platform. His current focus includes the investigation and assessment of the wearable device space and how to best harness WiFi, wearables, and web behavior—or a combination of all three—to enrich online conversations. Erik holds a master’s degree in human computer interaction from Carnegie Mellon University in Pittsburgh and holds multiple patents in mobile and web interaction innovation. Prior to joining Plantronics, Erik held key roles addressing user experience management for several Silicon Valley-based enterprise software firms. In his free time, Erik enjoys spending beach time with his family near his home in Santa Cruz, CA.

Presentations

How Plantronics honed its headsets to create secure wearables Session

Plantronics evolves its headsets to stay current with the flood of sensors and capabilities emerging in the wearables space. Erik Perotti highlights the countless lessons, pitfalls, and opportunities Plantronics has encountered on its journey around security and explores Plantronics's process and experiences in authentication tokens, biometrics, and beyond.

Lisa Phillips is vice president of site reliability engineering at Fastly. With 18 years of experience in Internet and Web technologies with emphasis on systems and database administration, architecture, engineering, and management, Lisa isn’t afraid of hard problems or scale. She brings extensive experience in implementation and management of Internet services to ensure highest levels of system availability and performance globally.

Presentations

Incident Command: The far side of the edge Session

Fastly operates the edge for many large web properties. To deal with emerging threats to its network, Fastly created a process that allows it to respond effectively to incidents: Incident Command, which rapidly coordinates teams during an incident. Maarten Van Horenbeeck, Lisa Phillips, and Tom Daly take you to the far side of the edge, demonstrating the protocols that work during an incident.

Office Hour with Maarten Van Horenbeeck, Lisa Phillips and Tom Daly Office Hours

In this office hour, Maarten, Lisa and Tom will host a Q&A session on 'Implementing incident management programs', and provide any necessary demos to answer your questions.

Quiessence Phillips’s personal motto is “polished exterior, techie interior.” A cybersecurity professional with 10 years of experience working within the financial industry, Quiessence is AVP of information security incident response at Barclays. She is the cofounder of JOURNi, an edtech nonprofit building an authentic tech ecosystem in the heart of Detroit, and the creator of Securing Your Path, a community of women in cybersecurity. She has also made significant strides in exposing youth to the world of technology through previous work with Urban Tech Alliance, Black Girls Code, and Qeyno Labs. Quiessence is a mom, mentor, coder, hacker, strategist, and change agent.

Presentations

Educating the steel pipeline Session

The security community has called for more talent to fuel the roles we have lying empty; however, security has an unusually hardened pipeline that must be improved to support capable candidates getting through to promising security careers. Join in to hear the panel discuss their experiences encountering security's steel pipeline and share ways to improve it.

Guy Podjarny is a cofounder and CEO at Snyk.io, where he focuses on securing open source code. He was previously CTO at Akamai and founder of Blaze.io. He also worked on the first web app firewall and security code analyzer. Guy is a frequent conference speaker, the author of Responsive & Fast, High Performance Images, and the upcoming Securing Third Party Code, and the creator of Mobitest. He also writes on Guypo.com and Medium.

Presentations

Writing secure Node code Tutorial

Some of the very things that make JavaScript awesome can also leave it exposed. Guy Podjarny and Danny Grander use (and abuse) a vulnerable Node.js application called Goof to demonstrate various common vulnerabilities and dependencies. For each item, Guy and Danny explain the issue, show an exploit on Goof, and, most importantly, demonstrate how to avoid or defend against it.

Paul Poh works at SecurityScorecard. Paul has 25 years of technology experience with a focus on information security, infrastructure operations, and software architecture. Previously, Paul led technology strategy and information security at the Investment Services division of Fiserv, where he was responsible for the security and integrity of over 4 million managed brokerage accounts, and held technology management roles at Dow Jones, State Street, and several innovative startups, including a managed security services provider, where he architected and built a proprietary distributed system for managing a custom intrusion-detection appliance. As a member of the Shared Assessments industry group on third­-party risk, Paul chaired the Certification committee in the development of the industry’s first certification for third­-party risk professionals.

Presentations

Why current security practices are ineffective against today's hackers Session

Securing the digital fortress has been a security best practice for the past few decades. However, a static point-in-time questionnaire during the procurement phase is no longer adequate. Paul Poh explores the techniques used to continuously measure the security posture and maturity of a third-party service provider.

Philip Polstra (aka Dr. Phil) is an internationally known hardware hacker and forensics specialist. Philip teaches computer security and digital forensics at Bloomsburg University of Pennsylvania, develops new penetration testing and forensics hardware, creates video courses for PentesterAcademy, O’Reilly, PluralSight, and others, and performs penetration tests on a consulting basis. Philip has made repeat performances at top conference around the world, including DEFCON, BlackHat, 44CON, GrrCON, BruCON, BSides, and ForenSecure, to name a few. He is also the author of several books, including Hacking and Penetration Testing with Low Power Devices (Syngress, 2014), Linux Forensics (Pentester Academy, 2015), Windows Forensics (Pentester Academy, 2016), and USB Forensics (Pentester Academy, 2017). When not teaching, pentesting, or speaking at a conference, Philip has been known to fly, teach others to fly, build aircraft, and create electronic devices with his children.

Presentations

Using Python to automate forensics Tutorial

Philip Polstra offers an overview of Python basics and demonstrates how to leverage this popular scripting language in order to automate many common tasks found in forensic investigations. You'll gain a deeper understanding of FAT and NTFS filesystems and see firsthand how to glean pertinent information from a filesystem image in minutes with Python.

Bruce Potter is the CTO of the KEYW Corporation. Bruce has over 20 years of experience tackling high-end information security research and engineering problems. Over his career, Bruce has built and lead teams focused on hard problems in information security, such as cybersecurity risk analysis, telecommunications security, system and network engineering, computer and information security, advanced software analysis techniques, wireless security, and IT operations best practices. Bruce is also the founder of the Shmoo Group, a nonprofit think tank comprising security, privacy, and crypto professionals who donate time to information security research and development. Bruce assists in the organization of ShmooCon, an annual computer security conference in Washington, DC. The most recent conference had over 2,000 attendees from a broad cross section of the security community and included presentations by industry professionals on a variety of contemporary security issues. Bruce has authored many publications and has delivered numerous presentations at various security and network conferences and private events, including DefCon, Black Hat USA, ShmooCon, the United States Military Academy, Johns Hopkins University, and the Library of Congress.

Presentations

Operationalizing risk Session

Performing a security risk analysis and documenting remediation actions is a critical step in every organization's security program. Unfortunately, there is no one single way to perform a risk analysis, and determining a process can be intimidating to new comers. Bruce Potter presents a simple assessment process that you can readily utilize to perform a risk assessment in your organization.

Kymberlee Price is the senior director of researcher operations at Bugcrowd, where she draws on her 14+ years of experience specializing in application security incident response and investigations to direct the efforts of over 35,000 crowd members in web app, mobile app, and IoT penetration testing. Previously, Kymberlee pioneered the first security researcher outreach program in the software industry, served as a principal investigator in the Zotob criminal investigation, analyzed APTs at Microsoft, and spent four years on BlackBerry’s Security Response Team investigating product vulnerabilities, specializing in third-party library security. Kymberlee cochairs the Department of Commerce NTIA Working Group on Multi-Party Vulnerability Disclosure and speaks regularly on vulnerability management and product incident response at Black Hat USA, RSA, Kaspersky Security Analyst Summit, and other events.

Presentations

Building a product security incident response team: Lessons learned from the hivemind Session

To build and maintain secure products, organizations need to enable their incident response teams to receive and respond to vulnerability reports and effectively partner with development, customer support, and communications teams. Kymberlee Price shares best practices for supporting these teams' product incident response programs and offers several free templates you can put to use right away.

Binu Ramakrishnan is a principal security engineer at Yahoo with over a decade of experience in building Internet-scale systems, anti-abuse systems, and application security. He currently leads security engagements in Yahoo mail, working closely with product engineers and leaders to help define and implement strategic security programs. Binu is an active participant in the industry-wide initiative to secure mail delivery infrastructure and contributed to the recent SMTP STS efforts. He is also the author of a few open source tools.

Presentations

Office Hour with Binu Ramakrishnan Office Hours

In this office hour, Binu will host a Q&A session on 'Securing Application Deployments in Mulit-tenant CI/CD Environments.'

Securing application deployments in a multitenant CI/CD environment Session

In a multitenant CI/CD environment, developers trust and delegate CI/CD systems to deploy their applications to production. But what is the basis of this trust? What is the trustworthiness of the application deployed by CI/CD through automation? Binu Ramakrishnan highlights security risks with CI/CD deployments and offers solutions to mitigate those risks.

Alex Rice is a cofounder and chief technology officer at HackerOne, which provides a platform that enables organizations to build strong relationships with a community of security experts. Alex is responsible for developing the HackerOne technology vision, driving engineering efforts, and counseling customers as they build world-class security programs. Previously, Alex worked at Facebook for over six years, where he founded the product security team, built one of the industry’s most successful security programs, and introduced new transport layer encryption used by more than a billion users. Alex also serves on the board of the Internet Bug Bounty, a nonprofit organization that enables and encourages friendly hackers to help build a more secure Internet.

Presentations

Hacker quantified security Session

Software organizations and hackers are finally working together to find, report, and fix vulnerabilities using a range of incentive programs. But how effective are these programs? Alex Rice offers an overview of a weighted index that looks at six dimensions: hacker breadth, depth, vulnerabilities found, response efficiency, reward competitiveness, and signal ratio analysis.

Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies. Bob is currently (master) chief security data scientist at Rapid7. He was formerly a security data scientist and managing principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter, an avid blogger, the author of Data-Driven Security, a speaker, and a regular contributor to the open source community. He currently serves on the board of directors for the Society of Information Risk Analysts, is on the editorial board of the SANS Securing the Human program, and was cochair of the 2014 Metricon security metrics/analytics conference. Bob was chosen as one of SANS’s People Who Made a Difference in Security in 2015 and holds a bachelor’s degree in computer science from the University of Scranton.

Presentations

Foundations of security data science 2-Day Training

Join Jay Jacobs, Charles Givre, and Bob Rudis for a hands-on, in-depth exploration into the foundations of security data science. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

TRAINING: Foundations of security data science (Day 2) Training Day 2

Join Jay Jacobs, Charles Givre, and Bob Rudis for a hands-on, in-depth exploration into the foundations of security data science. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

Ido Safruti is the cofounder and CTO at PerimeterX, which is building a behavior-based web security service. Previously, Ido headed a product group in Akamai focusing on web performance and scalability. Ido joined Akamai through the acquisition of Cotendo, where he led product and strategy. His earlier roles include GM in charge of product engineering and operation, R&D manager, chief scientist, and head of engineering at various companies and the Israeli intelligence, where he focused on high-capacity, large-scale web and network services and cybersecurity systems.

Presentations

Office Hour with Ido Safruti Office Hours

In this office hour, Ido will discuss how to detect and block automated Web attacks.

The industrial age of website bots: How to detect and block automated attacks Tutorial

Bots are a reality, and it’s hard to separate your users and good bots (e.g., search) from the bad ones (brute force, fraud, scrapers, etc.). Ido Safruti and Chris Federico review how bots work, explain how to operate a few common bots, and, most importantly, show what you can do to detect and block malicious activity while enabling your users and good bots to work uninterrupted.

Tim Sandage is a senior security partner strategist for Amazon Web Services (AWS), where he is responsible for global strategic alignment of AWS cloud computing services with current and future compliance capabilities as well as external consulting with AWS customers, public policy organizations, and standard bodies across the globe. Tim is an active public speaker on secure cloud adoption at both internal and external workshops, conferences, and hands-on labs (boot camps) and a community advocate for organization using and promoting cloud technologies. Previously, Tim worked as a consultant supporting secure adoption of cloud services across multiple cloud services providers, such as Microsoft, Google, Salesforce, and HP. Tim’s work included the development of secure cloud computing practices, risk assessments, and secure/complaint cloud computing adoption. Tim has an extensive US federal government security background with over 25 years of service in the US Air Force running regional classified and unclassified military networks. Tim is the past president of the ISACA, Puget Sound Chapter in Seattle, WA, and holds multiple certifications, including Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), and Certificate of Cloud Security Knowledge (CCSK). Tim holds a bachelor’s degree in information technology from the University of Phoenix.

Presentations

Automating security in the cloud: Modernizing technology governance Session

Cloud computing is becoming the new normal. The question is no longer, if? It’s, how fast can we move and what are we going to move first? Timothy Sandage offers an overview of "secure by design" principles and shows how an AWS environment can be configured to provide a reliable operational security control capability across multiple industry verticals.

Susan Sons is a hacker, author, and miscreant based in Bloomington, Indiana. In her working life, she aids NSF- and DHS-funded projects in establishing and maintaining sound information security practices. In her off hours, Susan codes, writes, and leads ICEI, the Internet Civil Engineering Institute, a nonprofit that supports the open source software infrastructure upon which the internet and computing in general depend. When not rescuing software projects, Susan lifts weights, practices martial arts, and gives her time as a volunteer search and rescue worker.

Presentations

Office Hour by Susan Sons Office Hours

In this office hour, Susan will discuss securing scientific infrastructure, securing life-critical code, and infrastructure-critical code (e.g. NTP), and changing how we bring people into, and professionally develop our infosec workforce.

Saving time: How a few committed people helped hold up the Internet. . .again Session

Susan Sons tells the story of the ongoing intervention to save the troubled but ubiquitous Network Time Protocol's reference implementation, explaining how social, technical, and resourcing challenges came together to threaten a core piece of Internet infrastructure and how these challenges were overcome.

Mark Stanislav is the Director of Application Security for Duo Security. Mark has spoken internationally at over 100 events, including RSA, DEF CON, SOURCE Boston, Codegate, SecTor, and THOTCON. Mark’s security research and initiatives have been featured by news outlets such as the Wall Street Journal, the Associated Press, CNET, Good Morning America, and Forbes. Mark is the cofounder of the Internet of Things security research initiative BuildItSecure.ly. He is also the author of Two-Factor Authentication. Mark holds a BS in networking and IT administration and an MS in technology studies focused on information assurance, both from Eastern Michigan University. During his time at EMU, Mark built the curriculum for two courses focused on Linux administration and taught as an adjunct lecturer for two years. Mark holds CISSP, Security+, Linux+, and CCSK certifications.

Presentations

No single answer: Balancing cybersecurity insurance and a strong security program Session

As information security risks continue to become more of a focus for executives and legal teams, the methods used to reduce incident impact are moving beyond technical controls and into traditional business standbys. Mark Stanislav and Nick Merker explain the realities of cybersecurity insurance and its reliance on building a strong, defensive-oriented security program.

Benji Taylor is an engineer on the DevOps team at Distil Networks, where his primary focus is automation and scalability within Distil’s infrastructure. Benji currently resides in the Bay Area and can often be found championing proper release versioning in his free time.

Presentations

Infrastructure is code: A DevOps approach to PCI compliance Session

When John Bullard and Benji Taylor were faced with the challenge of achieving PCI compliance in 90 days flat, they used what they had on hand: modern DevOps practices and tools. They not only passed but built a reusable set of PCI tools to help anyone through the process. You'll receive early access to this DevOps PCI toolkit and learn must-know tips before starting a PCI compliance project.

Office Hour with John Bullard and Benji Taylor Office Hours

In this office hour, John and Benji will host a Q&A session on 'The DevOps approach to PCI compliance.'

Matt Tesauro is the application security lead engineer at Pearson and an adjunct professor for the University of Texas Computer Science Department, where he teaches the next generation of CS students about appsec. Matt has 15 years’ experience as a information security professional specializing in applications and cloud security. He was previously the senior product security engineer at Rackspace, and his work has included security consulting, penetration testing, threat modeling, code reviews, training, and university teaching. Matt has presented and provided trainings at various international industry events. He is a former board member of the OWASP Foundation and project lead for OWASP WTE project. Matt holds two degrees from Texas A&M University and several security and Linux certifications.

Presentations

You don’t need to be a unicorn to have great security: Appsec programs for the rest of us Session

A robust, scalable, and automated appsec program is not the sole province of Netflix and the other tech unicorns. Aaron Weaver and Matt Tesauro explain how you can achieve the automation and flow that you need to start paying down your company’s technical security debt by taking the best of DevOps, Agile development, and CI/CD into your appsec program.

Richard Thieme (www.thiemeworks.com) is an author and professional speaker who addresses the challenges posed by new technologies and the future, how to redesign ourselves to meet these challenges, and creativity in response to radical change. He has published hundreds of articles, dozens of short stories, five books with more coming, and has delivered hundreds of speeches. A novel, FOAM, was published in September 2015 and “A Richard Thieme Reader,” collecting fiction and non-fiction, was published on Amazon Kindle in 2016. His pre-blog column, “Islands in the Clickstream,” was distributed to thousands of subscribers in sixty countries before collection as a book in 2004. When a friend at the NSA told him, “The only way you can tell the truth [that we discuss} is through fiction,” he returned to writing short stories (35 published to date), one result of which is “Mind Games,” a collection of nineteen stories about anomalies, infosec, professional intelligence and edgy realities. More edgy realities are illuminated in the recently published and critically extolled “UFOs and Government: A Historical Inquiry” to which he contributed, a 5-year research project using material from inside the military and intelligence communities to document government responses to the phenomena from WW2 to the present. It is in the collections of 65 university libraries.

Many speeches address creativity, shifts in identities, and technology-related security and intelligence issues. He and Dan Geer, CISO of CIA’s In-Q-Tel, did a “fireside chat” as a keynote for Source Boston and he keynoted SOURCE Boston in 2016. He keynoted the first two Black Hats and spoke in 2016 at Def Con for the 21st year. He has keynoted conferences in Sydney, Brisbane, Canberra and Melbourne, Wellington and Auckland, Dublin and London, Berlin and Heidelberg, the Netherlands (Amsterdam, Rotterdam, and the Hague), Ghent Belgium, Dubai, Kuala Lumpur, Tokyo, Johannesburg SA, Lodz and Krakow Poland, and Israel. Clients range from GE, Microsoft and Medtronic to the National Security Agency, the Pentagon, FBI, US Dept of the Treasury. Los Alamos National Lab, and the US Secret Service.

His work has been taught at universities in Europe, Australia, Canada, and the United States, and he has guest lectured at numerous universities, including Purdue University (CERIAS), the Technology, Literacy and Culture Distinguished Speakers Series of the University of Texas, and the “Design Matters” lecture series at the University of Calgary (Alberta). He addressed the reinvention of “Europe” as a “cognitive artifact” for curators and artists at Museum Sztuki in Lodz, Poland, keynoted “The Real Truth: A World’s Fair” at Raven Row Gallery, London, and recently keynoted Code Blue in Tokyo.

Presentations

Playing Through the Pain - The Impact of Secrets and Dark Knowledge on Security and Intelligence Professionals Keynote

This talk is about reality - the real facts of the matter and strategies needed for effective life-serving responses, a way to manage the paradoxical imperatives and identity-threatening pressures of our lives and work.

Maarten Van Horenbeeck is vice president of security engineering at Fastly, a content delivery network that speeds up web properties around the world. He is also a board member and former chairman of the Forum of Incident Response and Security Teams (FIRST), the largest association of security teams, counting 300 members in over 70 countries. Previously, Maarten managed the Threat Intelligence team at Amazon and worked on the Security teams at Google and Microsoft. Maarten holds a master’s degree in information security from Edith Cowan University and a master’s degree in international relations from the Freie Universitat Berlin. When not working, he enjoys backpacking, sailing, and collecting first-edition travel literature.

Presentations

Incident Command: The far side of the edge Session

Fastly operates the edge for many large web properties. To deal with emerging threats to its network, Fastly created a process that allows it to respond effectively to incidents: Incident Command, which rapidly coordinates teams during an incident. Maarten Van Horenbeeck, Lisa Phillips, and Tom Daly take you to the far side of the edge, demonstrating the protocols that work during an incident.

Office Hour with Maarten Van Horenbeeck, Lisa Phillips and Tom Daly Office Hours

In this office hour, Maarten, Lisa and Tom will host a Q&A session on 'Implementing incident management programs', and provide any necessary demos to answer your questions.

Major General Suzanne “Zan” Vautrinot is universally respected as a motivational leader, speaker, and change agent. As a cyber subject-matter expert, she addresses technical, business, and university forums, guides key task forces, and provides testimony before Congress. She currently advises industry, academia, and government agencies and laboratories on cyber security strategy, technology innovation, and workforce development.

Suzanne “Zan” Vautrinot is President of Kilovolt Consulting Inc. and a retired Major General of the U.S. Air Force, with three decades of experience in space and cyber operations. She retired as Commander, 24th Air Force and Air Forces Cyber Command where she oversaw a multi-billion dollar cyber enterprise; leading a workforce of 14,000 military, civilian and contractor personnel while supporting 850,000 customers and conducting cyber operations worldwide. Zan previously served as Deputy Commander for the nation’s Network Warfare Command and was instrumental in the establishment and early operation of US Cyber Command. She is universally respected as a motivational leader and change agent. As a cyber subject matter expert, she addresses technical, business and university forums, guides key task forces, and has testified before Congress. She currently advises industry, academia as well as government agencies and laboratories on Cybersecurity strategy, technology innovation and workforce development.

Zan presently serves on the Boards of Directors for Wells Fargo, Symantec Corporation, ECOLAB Inc., and Parsons Corporation. She is also an advisor to the Air Force Doctrine Advisory Group, America300, the University of Texas Pre-Freshman Engineering Program, and serves on the Board of Directors for the Uniformed Services Benefit Association.

Presentations

Swapping the poles Keynote

Suzanne Vautrinot explores the shift as the private sector moves to "positive" leadership and as individuals, corporations, and governments increase the magnetic strength of their demand for information and cybersecurity solutions. The sky is not the limit—the need for your innovative ideas is universal.

Mike Walker is a program manager in DARPA’s Information Innovation Office. Mike’s research interests relate to machine reasoning about software in situ and the automation of application security life-cycles. Previously, Mike was a security software developer, red team analyst, enterprise security architect, and research lab leader. As part of the CSC “Strikeforce” red team, he helped develop the HEAT Vulnerability Scanner and performed red team engagements. As a principal at the Intrepidus Group, he worked on red teams that tested America’s financial and energy infrastructure for security weaknesses. As part of the DARPA SAFER red team, he discovered flaws in prototype communications technologies. Mike has participated in various roles in numerous applied computer security competitions: he contributed challenges to DEF CON Capture the Flag (CTF) and competed on and led CTF teams at the highest levels of international competition. Mike was formerly a mentor of the Computer Security Competition Club at Thomas Jefferson High School for Science & Technology (TJHSST).

Presentations

Meet the world's first autonomous computer security systems Keynote

Michael Walker offers an overview of DARPA’s Cyber Grand Challenge (CGC), a global contest to develop first-generation autonomous cyber defense systems over an aggressive two-year competition timeline, and explains why the automation pioneered at CGC challenges conventional wisdom about the structural advantages of cyberattack and is poised to change the way we defend the code that runs our world.

Aaron Weaver is the application security manager at Cengage. Over his career, Aaron has played various roles, including software developer, system engineer, and embedded developer with IT security. Previously, Aaron was the application security manager at Pearson, a learning and publishing company. He has worked on developer and QA awareness to increase security in the software development life-cycle and leads OWASP Philadelphia. When he has time, Aaron likes to make sawdust in his workshop.

Presentations

You don’t need to be a unicorn to have great security: Appsec programs for the rest of us Session

A robust, scalable, and automated appsec program is not the sole province of Netflix and the other tech unicorns. Aaron Weaver and Matt Tesauro explain how you can achieve the automation and flow that you need to start paying down your company’s technical security debt by taking the best of DevOps, Agile development, and CI/CD into your appsec program.

Caroline Wong is the vice president of security strategy at Cobalt, which delivers crowdsourced pen tests and private bug bounties to modern organizations. Caroline’s close and practical information security knowledge stems from broad experience as a Cigital consultant and a Symantec product manager as well as day-to-day leadership roles at eBay and Zynga. She is a well-known thought leader on the topic of security metrics and has been featured at industry conferences including RSA (USA and Europe), IT Web Summit (South Africa), OWASP AppSec, Metricon, the Executive Women’s Forum, ISC2, and the Information Security Forum. Caroline received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner’s Guide (McGraw-Hill, 2011). She graduated from UC Berkeley with a BS in electrical engineering and computer sciences.

Presentations

Office Hour with Caroline Wong and Jacob Hansen Office Hours

In this office hour, Caroline and Jacob will discuss the evolution of pen testing, crowdsourced security, and security scanners vs. consultants vs. bug bounty vs. crowdsourced pen tests.

The third wave of application security

The first wave of appsec started with boutique consultancies in the '90s. The second wave brought automation and scale to the masses with security scanners. Rapid deployment and increasing complexity is driving the third wave, which features a liquid supply of globally sourced researchers. Jacob Hansen and Caroline Wong hold a forward-looking discussion on what’s coming next.

Lenny Zeltser is a seasoned business and tech leader with extensive experience in information technology and security. As a product management director at NCR Corp, he heads the software and services group that addresses customers’ data protection needs. He also trains professionals in digital forensics and malware combat at SANS Institute. Before NCR, Lenny led the enterprise security consulting practice at a major cloud services provider. Lenny’s expertise is strongest at the intersection of business, technology, and information security and includes incident response, cloud services, and product management. He frequently speaks at conferences, writes articles, and has coauthored books on network security and malicious software. Lenny is a member of the board of directors at SANS Technology Institute. He holds an MBA from MIT Sloan, a computer science degree from the University of Pennsylvania, and the prestigious GIAC Security Expert designation from SANS Institute.

Presentations

Open source intelligence (OSINT) tips for malware investigations Session

If you're responding to a malware incident, you need to quickly derive relevant and actionable information about the malicious program and the context within which it was employed. Lenny Zeltser explains how to gather such open source intelligence. You'll expand your incident response skill-set and learn how to turn public data about adversaries and malicious programs into useful details.

Kai Zhong is a security engineer at Etsy. At work, he maintains security features on the site, works on 411, does the occasional code review, and breaks the login page. Kai spends his free time playing video games, participating in CTFs, and trying to learn abstract algebra. He prefers cats, but dogs are fine too.

Presentations

Building effective security alerting Session

Need help managing security event logging? Looking for inspiration on how you can use logging to create a more agile security environment? Kenneth Lee and Kai Zhong introduce 411, a new open source tool to help build effective security alerts. Paired with ELK (Elasticsearch, Logstash, and Kibana), 411 allows you to quickly set up automated alerts on your infrastructure.