October 30–31, 2016: Training
October 31–November 2, 2016: Tutorials & Conference
New York, NY

Schedule: Security in context (security datasci) sessions

9:00am–12:30pm Monday, 10/31/2016
Location: Mercury Ballroom Level: Intermediate
Jim Manico (Manicode Security)
Average rating: ***..
(3.33, 3 ratings)
Modern identity and access management (IAM) on the Web is complex, putting a great burden on developers who have to integrate with modern authentication or access control layers. Jim Manico demystifies the relationship between modern protocols and frameworks such as OIDC, SAML, and OAuth that make up the core of modern web IAM. Read more.
11:20am–12:00pm Tuesday, 11/01/2016
Location: Rendezvous Trianon
Jay Jacobs (BitSight Technologies)
Average rating: ***..
(3.33, 3 ratings)
Jay Jacobs dives into data from tens of thousands of organizations and shares techniques that pick out the relationships and identify patterns of risky behavior—once we start to find these indicators, we can actually test and prove what separates good from the mediocre when it comes to security. Read more.
1:15pm–1:55pm Tuesday, 11/01/2016
Location: Rendezvous Trianon Level: Intermediate
Adrian Ludwig (Google)
Average rating: ****.
(4.67, 6 ratings)
The Android ecosystem has more than one billion active devices worldwide—representing 85% of smartphones in the market. Adrian Ludwig, lead engineer for Android security at Google, is in charge of securing this network. Adrian explains how he thinks about the problem and shares real-life case studies with lessons learned that you can apply in your own organization. Read more.
2:10pm–2:50pm Tuesday, 11/01/2016
Location: Rendezvous Trianon
Jeff Henrikson (Groovescale)
Average rating: ***..
(3.75, 4 ratings)
The next challenge in developing an intrusion detection system becomes finding the tiny amount of relevant information in a very large stream—and doing so efficiently. Jeff Henrikson presents a data pipeline for digesting useful analytics for intrusion detection from aggregated PCAP, with an emphasis on its highest throughput stage: conversion of PCAP to a netflow-like format. Read more.
3:50pm–4:30pm Tuesday, 11/01/2016
Location: Rendezvous Trianon Level: Beginner
Macy Cronkrite (Splunk)
Average rating: **...
(2.67, 6 ratings)
Big data has reached security practitioners' desktops, but security knowledge workers are not data scientists by training. One of the most important technology decisions they face is finding easy-to-implement machine-learning tools. Macy Cronkrite offers an overview of existing toolkits applied to data exfiltration and port/traffic analysis security use cases. Read more.
4:45pm–5:25pm Tuesday, 11/01/2016
Location: Rendezvous Trianon Level: Intermediate
Stina Ehrensvard (Yubico, Inc.)
Average rating: ***..
(3.80, 5 ratings)
After OATH for one-time passwords and PIV for smart cards, FIDO U2F is winning support in leading platforms and browsers. Stina Ehrensvard explains how Google users, global dissidents, and UK citizens are using these open standards to secure access to accounts while preserving privacy and how FIDO U2F complements the open identity standards SAML and OIDC. Read more.
11:20am–12:00pm Wednesday, 11/02/2016
Location: Trianon Ballroom Level: Intermediate
Kelly Harrington (Google)
Average rating: *****
(5.00, 6 ratings)
Despite advances in security, sophisticated attacks still leave many users at risk on the Web. Kelly Harrington reviews modern threats such as drive-by downloads, social engineering, and unwanted software distribution. Kelly then presents advances in detection and policy, focusing specifically on Google Safe Browsing’s recent efforts to keep the Web safe. Read more.
1:15pm–1:55pm Wednesday, 11/02/2016
Location: Trianon Ballroom Level: Beginner
Kyle Ehmke (ThreatConnect)
Average rating: ***..
(3.33, 3 ratings)
Kyle Ehmke draws on information identified in ThreatConnect research on the Anthem hack to demonstrate how an organization can leverage threat intelligence in conjunction with domain registration data to further bolster its defensive efforts and details the process by which ThreatConnect identified potential Chinese APT activity against the pharmaceutical sector. Read more.
3:50pm–4:30pm Wednesday, 11/02/2016
Location: Trianon Ballroom Level: Intermediate
David Evans (University of Virginia)
Average rating: ****.
(4.33, 3 ratings)
Machine-learning classifiers are widely used in security applications and often achieve outstanding performance in testing. When deployed, however, classifiers can often be thwarted by motivated adversaries. David Evans offers an overview of work investigating classifiers under attack and methods to automatically evaluate the robustness of a deployed classifier in the presence of adversaries. Read more.
4:45pm–5:25pm Wednesday, 11/02/2016
Location: Trianon Ballroom Level: Intermediate
' grecs (NovaInfosec Consulting)
In the aftermath of the fall of Evernote as an inexpensive threat intel platform, low-cost solutions have awoken from the remains to give hope to defenders everywhere. S. Grec continues his threat intel series, covering lessons learned from his Evernote experiment before pivoting toward improved data structures and newly discovered enterprise-friendly intel platforms to support them. Read more.