October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Schedule: Bridging business and security sessions

11:20am–12:00pm Tuesday, 11/01/2016
Location: Mercury Ballroom Level: Non-technical
Jessy Irwin (Jessysaurusrex)
Average rating: ****.
(4.89, 9 ratings)
It happens to every security team: after explaining operational security to management, it feels like nothing stuck. Why do eyes glaze over when we talk about encryption? How can we make sense of defense in depth for others? Jessy Irwin shows you how to find common ground and truly share security with nontechnical users, helping better communicate the mindset behind security. Read more.
3:50pm–4:30pm Tuesday, 11/01/2016
Location: Mercury Ballroom Level: Beginner
Peter Hesse (10Pearls)
Average rating: ****.
(4.00, 1 rating)
It’s time to end the false choice that security must come at the expense of convenience. The reality is that considering security and usability at the same time yields better results for less money (and is faster too). Drawing on real-world examples, Peter Hesse demonstrates how to start the conversations, build the relationships, and get the results and security you need. Read more.
4:45pm–5:25pm Tuesday, 11/01/2016
Location: Mercury Ballroom Level: Non-technical
Andrea Limbago (Endgame)
Average rating: ****.
(4.00, 1 rating)
Humans are thought to be the weakest link in security, but this is not security’s only human challenge. Andrea Limbago explains why organizations must increasingly leverage a range of social science approaches and insights—from the C-suite translation gap to greater diversity to geopolitical insights to automated data analysis—to navigate the leading workforce challenges today and in the future. Read more.
11:20am–12:00pm Wednesday, 11/02/2016
Location: Mercury Ballroom Level: Beginner
Allan Liska (Recorded Future), Timothy Gallo (Symantec)
The best way to stop ransomware is to prevent it from ever executing within an environment, but protecting against most ransomware doesn't necessarily involve increasing security spending. Allan Liska and Timothy Gallo offer a practical guide to preventing ransomware, primarily using tools that are already available in most networks. Read more.
1:15pm–1:55pm Wednesday, 11/02/2016
Location: Mercury Ballroom Level: Intermediate
Chris Baker (Dyn)
Average rating: ****.
(4.60, 5 ratings)
One focus of defensive research is understanding how your service can be abused. Once you know "how," the next question you might ask is, what makes it worth it? Chris Baker explores the criminal’s cost model, covering research, data collection, and analysis from abuse identification, sinkholing, and crawling. Read more.
2:10pm–2:50pm Wednesday, 11/02/2016
Location: Trianon Ballroom Level: Intermediate
Erik Perotti (Plantronics)
Plantronics evolves its headsets to stay current with the flood of sensors and capabilities emerging in the wearables space. Erik Perotti highlights the countless lessons, pitfalls, and opportunities Plantronics has encountered on its journey around security and explores Plantronics's process and experiences in authentication tokens, biometrics, and beyond. Read more.
2:10pm–2:50pm Wednesday, 11/02/2016
Location: Mercury Ballroom Level: Intermediate
Timothy Sandage (Amazon Web Services)
Average rating: ***..
(3.75, 4 ratings)
Cloud computing is becoming the new normal. The question is no longer, if? It’s, how fast can we move and what are we going to move first? Timothy Sandage offers an overview of "secure by design" principles and shows how an AWS environment can be configured to provide a reliable operational security control capability across multiple industry verticals. Read more.
3:50pm–4:30pm Wednesday, 11/02/2016
Location: Mercury Ballroom Level: Non-technical
Alex Rice (HackerOne)
Average rating: ****.
(4.50, 2 ratings)
Software organizations and hackers are finally working together to find, report, and fix vulnerabilities using a range of incentive programs. But how effective are these programs? Alex Rice offers an overview of a weighted index that looks at six dimensions: hacker breadth, depth, vulnerabilities found, response efficiency, reward competitiveness, and signal ratio analysis. Read more.
4:45pm–5:25pm Wednesday, 11/02/2016
Location: Mercury Ballroom Level: Beginner
Mark Stanislav (Duo Security), Nick Merker (Ice Miller LLP)
Average rating: *****
(5.00, 1 rating)
As information security risks continue to become more of a focus for executives and legal teams, the methods used to reduce incident impact are moving beyond technical controls and into traditional business standbys. Mark Stanislav and Nick Merker explain the realities of cybersecurity insurance and its reliance on building a strong, defensive-oriented security program. Read more.