Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY
 
Beekman
1:30pm
Sutton North
Add Secure coding practices and automated assessment tools to your personal schedule
9:00am Secure coding practices and automated assessment tools Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison)
Add Virtualized service-chained security controls within a layer 2 SDN to your personal schedule
1:30pm Virtualized service-chained security controls within a layer 2 SDN John Studarus (JHL Consulting), Cynthia Thomas (Midokura)
Sutton South
Add Applying container and Docker security to your personal schedule
9:00am Applying container and Docker security Ben Hall (Katacoda | Ocelot Uproar)
Add Web security analysis toolbox to your personal schedule
1:30pm Web security analysis toolbox Ido Safruti (PerimeterX), Amir Shaked (PerimeterX)
Regent
Add Finding the vulnerability first and fast to your personal schedule
9:00am Finding the vulnerability first and fast Kevin Poniatowski (Security Innovation)
Add Cyber-crises: Bridging the response gap between the board and the front line to your personal schedule
1:30pm Cyber-crises: Bridging the response gap between the board and the front line Venky Anant (McKinsey & Company), Joy Smith (McKinsey & Company)
12:30pm Lunch | Room: Rhinelander
Add Ignite Security (sponsored by Adobe) to your personal schedule
6:30pm Ignite Security (sponsored by Adobe) | Room: Sutton Center & South
5:00pm
10:30am Morning break | Room: 2nd Floor Foyer
3:00pm Afternoon break | Room: 2nd Floor Foyer
9:00am-12:30pm (3h 30m) Security usability
Reversing the kill chain: An actionable framework for defending against common threats
Amanda Berlin (NetWorks Group)
Everyone talks about the cyber kill chain, but much of it is misinformation and scare tactics. Amanda Berlin explores the most effective steps you can take to protect your organization from the vast majority of threats with defensive mitigation and monitoring.
1:30pm-5:00pm (3h 30m)
Session
9:00am-12:30pm (3h 30m) Teachable moments
Secure coding practices and automated assessment tools
Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison)
Drawing from their experience performing vulnerability assessments of critical middleware, Bart Miller and Elisa Heymann walk you through the programming practices that can lead to security vulnerabilities and demonstrate how to automate tools for finding security weaknesses. You'll learn skills critical for software developers and analysts concerned with security.
1:30pm-5:00pm (3h 30m) Tools and processes
Virtualized service-chained security controls within a layer 2 SDN
John Studarus (JHL Consulting), Cynthia Thomas (Midokura)
John Studarus and Cynthia Thomas demonstrate how to service-chain traffic through multiple security functions using virtualization and software-defined networking (SDN). John and Cynthia walk you through configuring and modifying layer 2 service chains with open source cloud security tools to monitor and block malicious traffic originating from a network of virtual machines.
9:00am-12:30pm (3h 30m) Tools and processes
Applying container and Docker security
Ben Hall (Katacoda | Ocelot Uproar)
Drawing on his experience building Katacoda, a platform that provides users with a sandboxed learning playground—with the side effect that they can execute malicious code and hack the system from inside the container—Ben Hall walks you through implementing Docker and container security. You'll learn about the Linux and Docker security model and how to maximize your container’s security.
1:30pm-5:00pm (3h 30m) Security analytics
Web security analysis toolbox
Ido Safruti (PerimeterX), Amir Shaked (PerimeterX)
Ido Safruti and Amir Shaked offer an overview of the data analysis tools that every web security analyst should be familiar with in their daily work, including ELK, BigQuery, and Python as well as other helpful online services. These tools will help you analyze incidents on your web application and network and alert you when an attack starts.
9:00am-12:30pm (3h 30m) Teachable moments
Finding the vulnerability first and fast
Kevin Poniatowski (Security Innovation)
Kevin Poniatowski teaches you how to shorten the time it takes to find common web vulnerabilities while also decreasing the risk of an OWASP Top 10 vulnerability making it into the production server, demonstrating how to collect useful data that will reveal where the vulnerabilities are hiding.
1:30pm-5:00pm (3h 30m) Bridging business and security
Cyber-crises: Bridging the response gap between the board and the front line
Venky Anant (McKinsey & Company), Joy Smith (McKinsey & Company)
The lack of transparency between executive decisions and those who implement them can muddle the response to a fast-moving cyber-crisis. Venky Anant and Joy Smith take you through a crisis, from the response from the board and executive members to the experience of front-line responders, giving you an opportunity to question and ultimately improve the harmony between the respective approaches.
12:30pm-1:30pm (1h)
Break: Lunch
6:30pm-8:00pm (1h 30m)
Ignite Security (sponsored by Adobe)
If you had five minutes on stage, what would you say? What if you only got 20 slides and they rotated automatically after 15 seconds? Would you pitch a project? Launch a website? Teach a hack? We’ll find out again at this year's Ignite Security.
5:00pm-6:30pm (1h 30m)
Plenary
10:30am-11:00am (30m)
Break: Morning break
3:00pm-3:30pm (30m)
Break: Afternoon break