Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY
 
Beekman
11:20am Security + design * data science: A bot story Bobby Filar (Endgame), Richard Seymour (Endgame)
4:45pm Shifting to security awareness 2.0 Jason Hoenich (Habitu8)
Sutton North
11:20am Inside the bad actor's studio Julian Wong (DataVisor)
1:15pm Contextualizing your Splunk logs Quiessence Phillips (City of New York)
2:10pm Predicting exploitability with Amazon Machine Learning Michael Roytman (Kenna Security)
4:45pm Malicious CDNs: Tracking botnets using open source SSL data Thomas Mathew (Cisco Umbrella (OpenDNS)), DHIA MAHJOUB (Cisco Umbrella (OpenDNS))
Sutton South
11:20am The art of securing 100 products Nir Valtman (NCR Corporation)
1:15pm "Build me a world-class security program in three months" Christie Terrill (Bishop Fox)
2:10pm Securing existing AWS infrastructure Devina Dhawan (Etsy)
Regent
11:20am Cyber-risk decision making: How boardrooms view digital threats Yong-Gon Chon (Focal Point Data Risk), Wade Baker (Cyentia Institute)
1:15pm Top 15 things we wish every company had already done before acquisition Ruchi Shah (Google), Michael Sinno (Google)
4:45pm Security and privacy: Together in good times and bad Tom Cignarella (Adobe), Jennifer Ruehr (Adobe)
Sutton Center
1:15pm Supercharge your SIEM with Cloudera TJ Laher (Cloudera)
Grand Ballroom
9:00am Tuesday keynote welcome Rachel Roumeliotis (O'Reilly), Allison Miller (Google)
9:05am Great software is secure software Chris Wysopal (Veracode)
9:45am Enterprise security: A new hope Haroon Meer (Thinkst)
10:10am Empowering through security Fredrick Lee (Square)
10:30am Closing remarks Rachel Roumeliotis (O'Reilly), Allison Miller (Google)
10:45am Coffee break | Room: Grand Ballroom Foyer
2:50pm Afternoon break | Room: Grand Ballroom Foyer
12:00pm Tuesday lunch and Birds of a Feather sessions | Room: Americas Hall 1 & 2
8:15am Tuesday Speed Networking | Room: 3rd Level Promenade
5:25pm Sponsor Pavilion Reception | Room: Sponsor Pavillion
11:20am-12:00pm (40m) Security usability
Security + design * data science: A bot story
Bobby Filar (Endgame), Richard Seymour (Endgame)
The security industry continues to struggle with alert fatigue as the talent shortage grows. Security has yet to fully embrace the power of UX to help security workers do more with less. Bobby Filar and Rich Seymour explain how they developed a chatbot, combining machine learning within an intuitive UI to expedite data search and discovery and enhance detection and response to security threats.
1:15pm-1:55pm (40m) Bridging business and security
Security and UX: Making the digital world safer, one experience at a time
Gwen Betts (Komand)
User experience is often a forgotten piece in the broader information security puzzle. Security is difficult, especially for the average user, and many believe it’s already baked into the day-to-day software products they use, which isn’t always the case. Gwen Betts explains how a design-driven approach to security products and measures can drive greater adoption and acceptance.
2:10pm-2:50pm (40m) Tools and processes
Consensual software: Prioritizing user trust and safety
Danielle Leong (GitHub)
Online safety has become a huge problem in the world of oversharing. Real-name policies, automatic geolocation tracking, and photo tagging increase user adoption rates, but these features can be quickly abused by bad actors. Danielle Leong explains how to apply a "consent filter" to product decisions to create a safer user experience and help protect your most vulnerable users from harm.
3:50pm-4:30pm (40m) Security usability
Security by the numbers: Improving the security of online content through transparency reporting
Michee Smith (Google)
Since the launch of the Email Encryption in Transit transparency report, Google has seen a 40% increase in encrypted emails going in and out of Gmail. Can public accountability really be used to drive the adoption of security practices inside a company and the industry at large? Michee Smith explores the successes and pitfalls of sharing this type of data and how to approach similar endeavors.
4:45pm-5:25pm (40m) Security usability
Shifting to security awareness 2.0
Jason Hoenich (Habitu8)
Jason Hoenich explores the risks related to delivering poor awareness programs rather than adapting to changing needs and demands of the attack surface and learning behaviors of humans. Incorporating the key fundamental behavioral psychology nodes for establishing true culture change, and making the experience of the end user will move our programs to Security Awareness 2.0.
11:20am-12:00pm (40m) Security analytics
Inside the bad actor's studio
Julian Wong (DataVisor)
Using research from more than one billion users, 500 billion events, and 50 million malicious accounts collected from global online services, Julian Wong details some of the sophisticated attack techniques being used by modern day online criminals and demonstrates how these types of attacks can be detected and mitigated by leveraging artificial intelligence.
1:15pm-1:55pm (40m) Security analytics
Contextualizing your Splunk logs
Quiessence Phillips (City of New York)
In a daily fight to secure organizations, security analysts are inundated with a massive log set (if one is so fortunate), but with it comes a high signal-to-noise ratio. Increase your signal by adding context to your logs. Join Quiessence Phillips to learn about the type of context that could be added and the value of its addition.
2:10pm-2:50pm (40m) Security analytics
Predicting exploitability with Amazon Machine Learning
Michael Roytman (Kenna Security)
Security is all about reacting. It's time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable.
3:50pm-4:30pm (40m) Security analytics
Toward a threat-hunting automation maturity model
Alex Pinto (Niddel)
Alex Pinto shares an automation model that elevates the quality of data available to automation processes to efficiently simulate analyst intuition and significantly augment human analysts. The hunting automation maturity model (HAMM) organizes these techniques around capability milestones, including internal and external context and analytical tooling.
4:45pm-5:25pm (40m) Security analytics
Malicious CDNs: Tracking botnets using open source SSL data
Thomas Mathew (Cisco Umbrella (OpenDNS)), DHIA MAHJOUB (Cisco Umbrella (OpenDNS))
Open source datasets contain a wealth of information that can aid security practitioners. However, large public datasets are usually unstructured and noisy, posing difficulties for researchers trying to extract useful information. Thomas Mathew and Dhia Mahjoub explain how they used graph and clustering analytics on an SSL scan dataset to identify domains associated with the Zbot botnet.
11:20am-12:00pm (40m) Teachable moments
The art of securing 100 products
Nir Valtman (NCR Corporation)
Step outside the best practices comfort zone, as Nir Valtman walks you through a thought experiment to secure 100 products. Along the way, Nir explores procedural and technological challenges such as working with diverse software architectures, multiple development languages and platforms, a variety of development lifecycles, injecting security into continuous integration and delivery, and more.
1:15pm-1:55pm (40m) Teachable moments
"Build me a world-class security program in three months"
Christie Terrill (Bishop Fox)
How do you respond when your company's executives want you to go from an understaffed security team to a world-class security program in an unreasonably short time frame? Christie Terrill shares a case study from a prominent healthcare provider that describes how she met the charge, managed expectations, and built a security program to be proud of in only three (read: nine) months.
2:10pm-2:50pm (40m) Teachable moments
Securing existing AWS infrastructure
Devina Dhawan (Etsy)
Devina Dhawan explains how to improve your existing AWS infrastructure by bringing in external tooling, mastering the AWS command-line interface, and improving communication with the rest of your organization.
3:50pm-4:30pm (40m) Teachable moments
Internal bug hunts: Squashing security bugs on a budget
Pieter Ockers (Adobe)
Internal bug hunts, in which employees compete for prizes by finding and reporting security bugs, enable security teams to harness the creativity and problem-solving skills of the workforce while reducing security bugs in their applications. Pieter Ockers explains how bug hunts promote a culture of security awareness by involving participants outside of the security team.
4:45pm-5:25pm (40m) Security usability
Sharing is caring: Empowering webmasters for a safer web
Kelly Harrington (Google)
Kelly Harrington explores how web security initiatives work with webmasters to clean up malware attacks and fix other security issues that affect the web ecosystem. Along the way, Kelly explains how to strike the right balance between providing help to site owners and protecting data from bad actors.
11:20am-12:00pm (40m) Bridging business and security
Cyber-risk decision making: How boardrooms view digital threats
Yong-Gon Chon (Focal Point Data Risk), Wade Baker (Cyentia Institute)
Yong-Gon Chon and Wade Baker share the results of an original, in-depth survey project that interviewed current board members and senior cybersecurity professionals to find out whether cybersecurity is now a boardroom issue, and if it is, determine what security experts have been telling boards to care about.
1:15pm-1:55pm (40m) Bridging business and security
Top 15 things we wish every company had already done before acquisition
Ruchi Shah (Google), Michael Sinno (Google)
Ruchi Shah and Michael Sinno share the top 15 things that Google Security worries about when acquiring or starting a company and explain how they address them in order to protect both the entity and Google itself.
2:10pm-2:50pm (40m) Bridging business and security
She blinded me with science: Understanding misleading, manipulative, and deceptive cybersecurity
Josiah Dykstra (Department of Defense)
Every day, people considering security solutions and products are misled, manipulated, or deceived by real and bogus science, wild claims, and marketing trickery. Drawing on his book Essential Cybersecurity Science, Josiah Dykstra shares questions to ask and new techniques to help you spot and challenge these tactics before you buy or build another security product.
3:50pm-4:30pm (40m) Bridging business and security
Strike back against legacy software vulnerabilities
Jay Kelath (Dow Jones)
Legacy software in big companies is a security nightmare. Jay Kelath explains how the product security team at Dow Jones successfully integrated security into the Agile software development cycle while dealing with problems in legacy architectures—outlining a plan you can follow in your own security transformation.
4:45pm-5:25pm (40m) Teachable moments
Security and privacy: Together in good times and bad
Tom Cignarella (Adobe), Jennifer Ruehr (Adobe)
Tom Cignarella and Jennifer Ruehr explain how you can leverage the strengths of both security experts and privacy experts to constantly deliver what customers will expect from you, even through organizational shifts, divisions, and challenges.
11:20am-12:00pm (40m) Sponsored
Autonomous cyberdefense: AI and the immune system approach (sponsored by Darktrace)
Justin Fier (Darktrace)
From insiders to sophisticated external attackers, the reality of cybersecurity today is that the threat is already inside. Justin Fier explains why autonomous response and machine learning is the future of defense and shares the immune system approach to cybersecurity, which provides complete network visibility and the ability to prioritize threats to better allocate time and resources.
1:15pm-1:55pm (40m) Sponsored
Supercharge your SIEM with Cloudera
TJ Laher (Cloudera)
Security information event management (SIEM) systems have become the go-to application for cybersecurity practitioners, but they come with a hefty cost. TJ Laher explains how Cloudera empowers cybersecurity innovators to optimize SIEM deployments.
9:00am-9:05am (5m)
Tuesday keynote welcome
Rachel Roumeliotis (O'Reilly), Allison Miller (Google)
Security Conference program chairs Rachel Roumeliotis and Allison Miller welcome you to the first day of keynotes.
9:05am-9:25am (20m)
Great software is secure software
Chris Wysopal (Veracode)
If great software is secure software, why are there still so many vulnerabilities? Don’t architects and developers want to build great systems? Chris Wysopal details how defenders can enable developers to create secure software through coaching, shared code, and services.
9:25am-9:45am (20m)
The Dao of defense: Choosing battles based on the seven chakras of security
Katie Moussouris (Luta Security)
Computing has infiltrated society faster than we have been able to secure it. Defenders struggle with quantifying risk so that it translates into supported organizational changes and budget. Katie Moussouris explains how to transmute our suffering into kinetic and organizational changes and how to turn the forces that resist our defense activities into our biggest supporters in our organizations.
9:45am-10:05am (20m)
Enterprise security: A new hope
Haroon Meer (Thinkst)
The frequency and impact of recent high-profile breaches has been positively depressing. However, a new type of security engineering is taking root, which suggests hope for effective corporate security at enterprise scale. Haroon Meer highlights these hopeful examples in a bid to encourage more people to plot a course toward achievable security.
10:05am-10:10am (5m) Sponsored keynote
Why cloud-native enterprise security matters (sponsored by Pivotal)
Matt Stine (Pivotal)
Matt Stine offers an overview of the three principles of cloud-native security—rotate user credentials frequently, so they are only useful for a short time; repave servers and applications from a known good state often; and repair vulnerable software as soon as updates are available—and explains how this approach helps you deal with the exponentially increasing volume and velocity of threats.
10:10am-10:30am (20m)
Empowering through security
Fredrick Lee (Square)
Traditionally we security professionals have been viewed as gate keepers, rule enforcers, and the people who say "no." Fredrick Lee shines a light on the ways security has allowed the world to do more and encourages security professionals to solve the difficult problems that will allow us to say "yes." Our profession needs to reach beyond being gatekeepers and move toward being gate openers.
10:30am-10:35am (5m)
Closing remarks
Rachel Roumeliotis (O'Reilly), Allison Miller (Google)
Program chairs Rachel Roumeliotis and Allison Miller close the first day of keynotes.
10:45am-11:20am (35m)
Break: Coffee break
2:50pm-3:50pm (1h)
Break: Afternoon break
12:00pm-1:15pm (1h 15m)
Tuesday lunch and Birds of a Feather sessions
Birds of a Feather (BoF) sessions provide face-to-face exposure to those interested in the same projects and concepts. BoFs can be organized for individual projects or broader topics (best practices, open data, standards, etc.). BoFs are entirely up to you. We post your topic and provide the space and time. You provide the engaging topic.
8:15am-8:45am (30m)
Tuesday Speed Networking
Meet us before the opening keynotes on Tuesday morning to get to know fellow attendees in quick, 60-second discussions.
5:25pm-7:00pm (1h 35m)
Sponsor Pavilion Reception
The Security Sponsor Pavilion Reception is happening on Halloween night. Join us on Tuesday, October 31, from 5:25pm to 7:00pm for a chance to visit the exhibitors, mingle with other attendees, and enjoy great refreshments and drinks. Tasteful costumes encouraged.