Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Speakers

These leading defensive practitioners will share real-life successes (and failures), practical how-tos, and proven best practices that you can apply immediately. New speakers are added regularly. Please check back to see the latest updates to the agenda.

Filter

Search Speakers

Venky Anant is a partner at McKinsey & Company and a member of Digital McKinsey, where he focuses on cybersecurity, software, startups, and next-generation infrastructure. Venky also coleads the healthcare CISO roundtable, a group of 50+ CISOs who meet regularly to discuss key security related topics. Venky holds an MBA from INSEAD, France, and a master’s degree in computer science.

Presentations

Cyber-crises: Bridging the response gap between the board and the front line Tutorial

The lack of transparency between executive decisions and those who implement them can muddle the response to a fast-moving cyber-crisis. Venky Anant and Joy Smith take you through a crisis, from the response from the board and executive members to the experience of front-line responders, giving you an opportunity to question and ultimately improve the harmony between the respective approaches.

James Arlen is a member of Heroku’s security team assisting customers in understanding how Heroku enables security programs and reduces the impact of compliance and security operations allowing them to move fast and focus on their apps. Over the past 20 years, James has delivered information security solutions to Fortune 500, TSE 100, and major public-sector organizations. James is a frequent speaker at industry conferences and a prolific contributor to standards bodies and media. He is also a contributing analyst with Securosis and has a recurring column in Liquidmatrix Security Digest. He is best described as an infosec geek, hacker, social activist, author, speaker, and parent.

Presentations

Pragmatic cloud security: AWS edition 2-Day Training

James Arlen leads a hands-on exploration of techniques for protecting the cloud, with extensive labs in Amazon Web Services. The first day focuses on root account security, virtual networking security, IAM, and logging and monitoring; the second day covers leveraging PaaS services, using immutable infrastructure, and automating security controls.

TRAINING: Pragmatic cloud security: AWS edition Training Day 2

James Arlen leads a hands-on exploration of techniques for protecting the cloud, with extensive labs in Amazon Web Services. The first day focuses on root account security, virtual networking security, IAM, and logging and monitoring; the second day covers leveraging PaaS services, using immutable infrastructure, and automating security controls.

Wade Baker is cofounder of the Cyentia Institute, where he leads custom research and analysis efforts for clients in security fields across different industries. A business leader and researcher with a deep-seated passion for using data to improve cybersecurity decisions, practice, and products, Wade is perhaps best known for creating and leading Verizon’s annual Data Breach Investigations Report series, widely regarded as a gold standard among technical and business professionals for understanding threats and prioritizing defenses. Previously, he was vice president of strategy and risk analytics at ThreatConnect and managing director and CTO of security solutions at Verizon Enterprise Solutions. Wade is a member of RSA Conference’s advisory board and member of the FAIR Institute’s board of directors.

Presentations

Cyber-risk decision making: How boardrooms view digital threats Session

Yong-Gon Chon and Wade Baker share the results of an original, in-depth survey project that interviewed current board members and senior cybersecurity professionals to find out whether cybersecurity is now a boardroom issue, and if it is, determine what security experts have been telling boards to care about.

Amanda Berlin is an information security architect for NetWorks Group, a consulting firm in northern Ohio. Amanda has spent over a decade in technology, providing infrastructure support, triage, and design for a range of clients. Some of her successes include implementing a secure payment card industries (PCI) process and Health Insurance Portability and Accountability Act (HIPAA) compliance and building a comprehensive phishing and awards-based user education program. Amanda is the author of the blue team best practices guide Defensive Security Handbook: Best Practices for Securing Infrastructure (O’Reilly) and a cohost of the Brakeing Down Security podcast. She also writes for several blogs.

Presentations

Meet the Experts with Amanda Berlin Meet the Experts

Amanda answers your questions about the intrusion kill chain and how to protect your organization from the vast majority of threats.

Reversing the kill chain: An actionable framework for defending against common threats Tutorial

Everyone talks about the cyber kill chain, but much of it is misinformation and scare tactics. Amanda Berlin explores the most effective steps you can take to protect your organization from the vast majority of threats with defensive mitigation and monitoring.

Gwen Betts is director of customer experience at Komand, where she oversees both product design and marketing to achieve a compelling user experience across the brand. Gwen values the role of UX in security measures and adoption and is working to bridge the gap between UX and security products. A results-driven, user-centric designer focused on the end-to-end holistic picture, Gwen has held design and creative management positions in agencies and startups, and her work has contributed to revenue and company growth. She is spirited about building brands and making them successful, particularly with regard to experience design, products, marketing, and services.

Presentations

Security and UX: Making the digital world safer, one experience at a time Session

User experience is often a forgotten piece in the broader information security puzzle. Security is difficult, especially for the average user, and many believe it’s already baked into the day-to-day software products they use, which isn’t always the case. Gwen Betts explains how a design-driven approach to security products and measures can drive greater adoption and acceptance.

Austin Byers is a software engineer on the security team at Airbnb, where he contributes to Airbnb’s encryption services and incident response tools, including Cipher and StreamAlert, respectively. Most recently, he designed and implemented YARA as a service (YaaS), a soon-to-be open-sourced serverless binary analysis pipeline. Austin was the first security graduate from the University of Chicago computer science program, where his research focused on building a foundation for client-side web transparency by classifying JavaScript changes according to the scope of their impact.

Presentations

Going serverless: Security outside the box Session

The advent of serverless technologies and infrastructure as code has changed how we build and deploy security services, empowering teams to create low-cost, scalable, and secure services to protect organizations. Drawing on their real-world experiences, Jack Naglieri and Austin Byers explore tools and techniques for successfully building, deploying, and debugging serverless security applications.

Meet the Experts with Jack Naglieri and Austin Byers Meet the Experts

Austin and Jack are here to discuss their open source projects StreamAlert and BinaryAlert and answer your questions about serverless AWS infrastructure.

Brian Candlish is a security researcher at Telstra, Australia’s largest telecommunications company, where he spends his days and nights making the internet a safer place. His interests in information security include attack and detection techniques, intelligence, and active defense. He enjoys hunting adversaries on large corporate networks.

Presentations

Inside an active APT incident response Session

Brian Candlish and Christian Teutenberg discuss a security incident Telstra suffered as a result of an acquisition and the ongoing year of incident response that followed to evict the intruders.

Yong-Gon Chon is the CEO of Focal Point Data Risk, one of the largest pure-play cyber-services companies, and a member of Focal Point’s board, where he is responsible for all aspects of business growth and execution. Yong-Gon has more than 20 years of experience building and leading global security and risk management teams. Previously, he was CTO at SecureInfo Corporation; led the Cybersecurity Division at Kratos Defense and Security Solutions after it acquired SecureInfo Corporation; and held senior leadership positions across cybersecurity organizations, where he executed professional services for Fortune 1000 and government clients. He has served as an adjunct professor at George Washington and Georgetown Universities. Yong-Gon holds a BS in management from George Washington University.

Presentations

Cyber-risk decision making: How boardrooms view digital threats Session

Yong-Gon Chon and Wade Baker share the results of an original, in-depth survey project that interviewed current board members and senior cybersecurity professionals to find out whether cybersecurity is now a boardroom issue, and if it is, determine what security experts have been telling boards to care about.

Tom Cignarella is the director of the Security Coordination Center at Adobe, where he is responsible for security monitoring, incident response, and threat intelligence for all Adobe products and services, as well as the Adobe enterprise, and sets the strategy and builds out the framework for day-to-day operations for how teams monitor environments, investigate incidents, and communicate with internal stakeholders and customers. Previously, Tom was the director of product operations for Adobe’s CloudOps Group and technical operations for Adobe eSign (now part of Adobe Document Cloud). Prior to joining Adobe, Tom held technical operations leadership positions at Limelight Networks, Clickability, Symantec, BEA, Autodesk, Ariba, and Excite.

Presentations

Security and privacy: Together in good times and bad Session

Tom Cignarella and Jennifer Ruehr explain how you can leverage the strengths of both security experts and privacy experts to constantly deliver what customers will expect from you, even through organizational shifts, divisions, and challenges.

Devina Dhawan is a security engineer at Etsy. In her spare time, she works with organizations such as Girls Who Code and Built by Girls to mentor young engineers.

Presentations

Securing existing AWS infrastructure Session

Devina Dhawan explains how to improve your existing AWS infrastructure by bringing in external tooling, mastering the AWS command-line interface, and improving communication with the rest of your organization.

Josiah Dykstra is a senior researcher at the Department of Defense. He is known in the DoD and forensics communities for his work on network security, intrusion detection, malware analysis, digital forensics, and cloud computing. Josiah holds a PhD in computer science from the University of Maryland, Baltimore County, where his research focused on the technical and legal challenges of digital forensics for cloud computing. He is the author of the O’Reilly book Essential Cybersecurity Science. In 2017, he was awarded the Presidential Early Career Award for Scientists and Engineers.

Presentations

She blinded me with science: Understanding misleading, manipulative, and deceptive cybersecurity Session

Every day, people considering security solutions and products are misled, manipulated, or deceived by real and bogus science, wild claims, and marketing trickery. Drawing on his book Essential Cybersecurity Science, Josiah Dykstra shares questions to ask and new techniques to help you spot and challenge these tactics before you buy or build another security product.

Jen Ellis is the vice president of community and public affairs at Rapid7, a leading provider of analytics for security and IT operations. Jen’s primary focus is on building productive collaboration between those in the security community and those operating outside it and helping security researchers, technology providers and operators, and various government entities understand and address cybersecurity challenges. She believes effective collaboration is our only path forward to reduce cybercrime and protect consumers and businesses. She has testified before Congress and spoken at a number of security industry events, including SXSW, RSA, DerbyCon, ShmooCon, SOURCE, UNITED, and various BSides.

Presentations

Weathering the storm: The art of crisis communications Session

It’s a widely held belief in security that at some point most organizations will fall victim to some kind of breach or significant security incident. Jen Ellis outlines the considerations for successful crisis communications to help you weather the storm, covering the key tenets of good communications strategies, from preparation to dealing with press and everything in between.

Carole Fennelly is a freelance information security management consultant in the greater NYC area. Carole has over 35 years of hands-on experience in the information security and technology fields and has authored several industry-standard security benchmarks based on her extensive experience in operating system platforms and security practices. As a consultant, Carole has defined security strategies and developed policies and procedures to implement strategies at numerous Fortune 500 clients in the NYC area.

Presentations

Incident response: From IT to business Session

The worst time to figure out how to respond to a security incident is when you’re in the middle of one. Carole Fennelly explains why an effective incident response plan requires that policies, plans, people, technologies, and processes be in place and tested before a security incident occurs.

Justin Fier is the director of cyber intelligence and analytics at Darktrace. With over 10 years of experience in cyberdefense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems, and Abraxas. He is a highly skilled technical officer and a specialist in cyber operations across both offensive and defensive arenas.

Presentations

Autonomous cyberdefense: AI and the immune system approach (sponsored by Darktrace) Session

From insiders to sophisticated external attackers, the reality of cybersecurity today is that the threat is already inside. Justin Fier explains why autonomous response and machine learning is the future of defense and shares the immune system approach to cybersecurity, which provides complete network visibility and the ability to prioritize threats to better allocate time and resources.

Bobby Filar is a senior data scientist at Endgame, where he employs natural language processing and machine learning to drive cutting-edge detection and contextual understanding capabilities in Endgame’s endpoint detection and response platform. Previously, Bobby worked on natural language understanding problems such as inference, conversational interfaces and topic modeling at a research nonprofit. Bobby has given talks at several industry conferences, including AISec and PyData.

Presentations

Security + design * data science: A bot story Session

The security industry continues to struggle with alert fatigue as the talent shortage grows. Security has yet to fully embrace the power of UX to help security workers do more with less. Bobby Filar and Rich Seymour explain how they developed a chatbot, combining machine learning within an intuitive UI to expedite data search and discovery and enhance detection and response to security threats.

Charles Givre is an unapologetic data geek who is passionate about helping others learn about data science and become passionate about it themselves. For the last five years, Charles has worked as a data scientist at Booz Allen Hamilton for various government clients and has done some really neat data science work along the way, hopefully saving US taxpayers some money. Most of his work has been in developing meaningful metrics to assess how well the workforce is performing. For the last two years, Charles has been part of the management team for one of Booze Allen Hamilton’s largest analytic contracts, where he was tasked with increasing the amount of data science on the contract—both in terms of tasks and people.

Even more than the data science work, Charles loves learning about and teaching new technologies and techniques. He has been instrumental in bringing Python scripting to both his government clients and the analytic workforce and has developed a 40-hour Introduction to Analytic Scripting class for that purpose. Additionally, Charles has developed a 60-hour Fundamentals of Data Science class, which he has taught to Booz Allen staff, government civilians, and US military personnel around the world. Charles has a master’s degree from Brandeis University, two bachelor’s degrees from the University of Arizona, and various IT security certifications. In his nonexistent spare time, he plays trombone, spends time with his family, and works on restoring British sports cars.

Presentations

Data analysis and machine learning for cybersecurity 2-Day Training

Join experts Jay Jacobs and Charles Givre for a hands-on, in-depth exploration of data analysis and machine learning in cybersecurity. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

TRAINING: Data analysis and machine learning for cybersecurity Training Day 2

Join experts Jay Jacobs and Charles Givre for a hands-on, in-depth exploration of data analysis and machine learning in cybersecurity. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

Jim Gumbley is a infrastructure and cloud consultant at ThoughtWorks, where he has worked across the finance, public sector, and healthcare areas. For the last few years, he’s been focused on improving information security outcomes in Agile and Lean development projects for ThoughtWorks in London, UK.

Presentations

Sensible Conversations about security Session

We want Agile software delivery teams to bake security into the work they deliver in every iteration. Jim Gumbley offers an overview of Sensible Conversations, an open source, low-fi, visual, collaborative set of materials and workshops about security, and shares what works (and doesn't), drawn from his experience working with a variety of public and private sector software delivery teams.

Ben Hall is the founder of Ocelot Uproar, a company focused on building products loved by users. Ben has worked as a system administrator, tester, and software developer and launched several companies. He still finds the time to publish books and speak at conferences. Ben enjoys looking for the next challenges to solve, usually over an occasional beer. Ben recently launched Katacoda, an online learning environment for developers that helps break down the barriers to learning new technologies such as Docker and containers.

Presentations

Applying container and Docker security Tutorial

Drawing on his experience building Katacoda, a platform that provides users with a sandboxed learning playground—with the side effect that they can execute malicious code and hack the system from inside the container—Ben Hall walks you through implementing Docker and container security. You'll learn about the Linux and Docker security model and how to maximize your container’s security.

Kelly Hope Harrington is a senior software engineer on the safe browsing team at Google, where she focuses on detection of web-based threats and outreach to webmasters. In her 20% time, she coleads Google’s presence at the San Francisco Pride Parade. Kelly holds a BS in computer science from Carnegie Mellon University, where she took a special interest in computer security and linguistics.

Presentations

Sharing is caring: Empowering webmasters for a safer web Session

Kelly Harrington explores how web security initiatives work with webmasters to clean up malware attacks and fix other security issues that affect the web ecosystem. Along the way, Kelly explains how to strike the right balance between providing help to site owners and protecting data from bad actors.

Christoph Hartmann is a cofounder and lead engineer at Chef, where he has spent the last decade building complex software and infrastructure systems. Previously, Christoph was responsible for automation at the innovation laboratory at Deutsche Telekom and created effective solutions managing the future their core networks. He is the cofounder of InSpec, Chef Compliance, and the dev-sec.io project.

Presentations

DevSec: Continuous compliance and security with InSpec Session

It's still very cumbersome to implement best practices for server hardening and patching. As a result, many servers are still unsecured. Christoph Hartmann and Dominik Richter offer an overview of InSpec—an open source tool for infrastructure, security, and compliance testing—and demonstrate how patch and security level can be assessed in CI/CD and production environments.

Elisa Heymann is a senior scientist within the NSF Cybersecurity Center of Excellence at the University of Wisconsin and an associate professor at the Autonomous University of Barcelona, where she codirects the MIST software vulnerability assessment. Elisa was also in charge of the Grid/Cloud Security Group at the UAB and participated in two major European grid projects: EGI-InSPIRE and the European Middleware Initiative (EMI). Elisa’s research interests include security and resource management for grid and cloud environments. Her research is supported by the NSF, the Spanish government, the European Commission, and NATO.

Presentations

Secure coding practices and automated assessment tools Tutorial

Drawing from their experience performing vulnerability assessments of critical middleware, Bart Miller and Elisa Heymann walk you through the programming practices that can lead to security vulnerabilities and demonstrate how to automate tools for finding security weaknesses. You'll learn skills critical for software developers and analysts concerned with security.

Jason Hoenich is founder and chief product officer at Habitu8. Jason is a leader in the security awareness arena. A well-known speaker and blogger on the subject, for over 10 years, Jason has been using normal words to help users understand risks on the internet. He is the creator of the popular Hashtag Awareness video series and brings over a decade of experience developing world-class awareness programs for companies including the Walt Disney Company, Activision Blizzard, and Sony Pictures Entertainment.

Presentations

Shifting to security awareness 2.0 Session

Jason Hoenich explores the risks related to delivering poor awareness programs rather than adapting to changing needs and demands of the attack surface and learning behaviors of humans. Incorporating the key fundamental behavioral psychology nodes for establishing true culture change, and making the experience of the end user will move our programs to Security Awareness 2.0.

Michael Horowitz is an independent computer consultant and blogger who works with small businesses and the self-employed, working on everything from websites, networks, software upgrades, backup strategies, and data recovery to tutoring and purchasing advice. Michael wrote his first computer program in 1973 and has been a computer nerd ever since. Previously, he spent more than 20 years working in an IBM mainframe (MVS) environment—developing applications in COBOL, Assembly Language, VSAM, CICS, and the ever-present batch environment; working with the IDMS database; and working with DB2 for MVS as a database administrator. He also worked in the Research and Development Group of a large Wall Street financial company and did some technical writing, producing manuals and the like for a mainframe software company. Michael holds a degree from New York University, where he minored in both computer science and mathematics.

Presentations

Router security Session

Routers are a perfect target both because of the important role they play and the generally insecure way they are configured. Michael Horowitz covers some interesting router bugs and explains how to configure a router to be as secure as possible, how to test a router, and what to look for when buying a router.

Michele Iacovone is senior vice president and chief information security and fraud officer at Intuit. Previously, he was a senior vice president and chief architect at Intuit, chief architect and senior vice president of global platforms at Dun & Bradstreet, and CTO for both LiveCapital and Collabria. He holds a BSEE from Boston University.

Presentations

Cloud security requires confidence and sensitivity. Session

Michele Iacovone outlines best practices to securely move customer data to the cloud through AWS while also keeping your customers' interests top of mind. Along the way, Michele explains how companies can successfully and securely harness the power of the cloud to ensure the speed of innovation.

Jessy Irwin is a security expert who excels in translating complex cybersecurity issues into simple, relatable terms for nontechnical audiences. Her current areas of interest include making security more accessible for the average person, advocating for strong privacy protections in education for students, building better models for digital security training, and building proactive security communications strategies for consumers, policymakers, small businesses, and Fortune500 companies. In her work as an consultant, security executive, and former security empress at 1Password, she has taught consumers how to better protect themselves, their data, and their identities online. Jessy regularly writes and presents internationally on human-centric security, student privacy, and security communication at events including O’Reilly Security, RSA Conference, TechSummit Amsterdam, Infosec Southwest, and ShmooCon. Her work has appeared in CSO Online, VICE Broadly, Mashable, BuzzFeed, TechCrunch, and CNN.

Presentations

It's us, not them: Exploring the weakest links in security Session

When a major security incident hits the news, security practitioners are quick to place the blame on users for being the weakest link in security. Jessy Irwin debunks the myth that users are the root of all failure and explores how security teams can even the playing field to transform people into an extra line of defense when we need them the most.

Meet the Experts with Jessy Irwin Meet the Experts

Come talk to Jessy about cybersecurity and how to better protect yourself, your data, and your identity online.

Jay Jacobs is the senior data scientist at BitSight Technologies. Previously, Jay spent four years as the lead data analyst for the Verizon Data Breach Investigations Report. Jay is the coauthor of Data-Driven Security, which covers data analysis and visualizations for information security, and hosts the Data-Driven Security and R World News podcast. Jay is also a cofounder of the Society of Information Risk Analysts and currently serves on its board of directors. Jay is active in the R community; he coordinates his local R user group for the greater Minneapolis area and contributes to local events and functions supporting data analysis.

Presentations

Data analysis and machine learning for cybersecurity 2-Day Training

Join experts Jay Jacobs and Charles Givre for a hands-on, in-depth exploration of data analysis and machine learning in cybersecurity. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

TRAINING: Data analysis and machine learning for cybersecurity Training Day 2

Join experts Jay Jacobs and Charles Givre for a hands-on, in-depth exploration of data analysis and machine learning in cybersecurity. You’ll learn how to explore and analyze data you probably already have and gain valuable exposure to and experience with tools and techniques to prepare, analyze, and visualize the knowledge hiding in your data.

Alex Kassirer is director of counterterrorism at Flashpoint and an on-air analyst for NBC. She has assisted law enforcement and intelligence agencies in terrorism investigations and prosecutions and consults private sector organizations on both physical and cybersecurity. Alex is a regular speaker on monitoring and addressing the threat that stems from jihadists. She holds an MS in global affairs with a concentration in transnational security from New York University and BA in international affairs with a concentration in conflict and security and a minor in religion from the Elliott School of International Affairs at George Washington University, where she also studied Arabic.

Presentations

What defenders need to know about jihadist threats Keynote

While the cyber skills of jihadists are often limited, the reach and impact of their physical incidents is, unfortunately, wide and well known. Alex Kassirer explains why synergy between physical security and cybersecurity teams is crucial to mitigate the hybrid risk posed by jihadists, particularly as it pertains to brand reputation, terror financing, execution protection, and insider threats.

Jay Kelath is director of product security at Dow Jones. Jay started his career in security setting up honeypots to profile attackers. The many interesting challenges in the field led him to become a penetration tester to help businesses expose their security weaknesses, first in network security and then in application security. He found his stride in helping develop and mature information security programs. Jay is passionate about building cross-functional teams between engineering and security and bringing security into every aspect of a company’s culture through a focus on automation, tooling, and processes.

Presentations

Strike back against legacy software vulnerabilities Session

Legacy software in big companies is a security nightmare. Jay Kelath explains how the product security team at Dow Jones successfully integrated security into the Agile software development cycle while dealing with problems in legacy architectures—outlining a plan you can follow in your own security transformation.

Julia Knecht manages product security and privacy engineering at Adobe, where she created and is responsible for the secure product lifecycle of Adobe’s digital marketing business. An integral and invaluable piece of the SPLC is her successful Security Champions program.

Presentations

Meet the Experts with Julia Knecht, Taylor Lobb, and Peleus Uhley. Meet the Experts

Julia Knecht, Taylor Lobb, and Peleus Uhley from Adobe are here to talk about everything from penetration testing to creating a successful secure product lifecycle (SPLC) program.

Using security champions and automation to create an effective SPLC Session

Taylor Lobb and Julia Knecht explain how a team of just two security analysts created a successful secure product lifecycle (SPLC) program by leveraging automation and establishing security ambassadors (champions) within the product engineering teams. This program has successfully scaled to support thousands of engineers due to the solid framework built on automation at its core.

Since discovering the cypherpunks mailing list in the early 1990s, Ryan Lackey has been fascinated by how security technologies can enhance individual liberty for people around the world. After dropping out of MIT to start an anonymous electronic cash company in Anguilla, he founded the world’s first offshore data haven, HavenCo, on the self-declared Principality of Sealand in the North Sea. After a decade spent in conflict zones around the world establishing satellite, cellular, wireless, and other networks for governments, militaries, NGOs, and companies, he founded CryptoSeal (acquired by CloudFlare in 2014) to bring tamper-responding secure computing to internet servers. More recently, Ryan founded Travel Fleet, a company dedicated to using tamper-responding secure computing technology to protect client-side computing devices, which provides organizations with secure laptops, phones, and other devices, plus network services, to protect and empower their personnel when they travel to high-risk or austere environments.

Presentations

Travel computing security: Old and new problems Session

As laptop bans, border searches, and filtering become more common, travel computing security—keeping your data and systems safe while traveling and keeping your home systems safe when you return—is a timely topic. Ryan Lackey explores the unique challenges for the traveling user and shares policy and technical solutions, as well as how security threats and technologies have evolved over time.

TJ Laher is cybersecurity marketing lead at Cloudera. TJ has worked with a variety of disruptive technology companies in the Bay Area, launching and positioning products and growing companies through data-driven marketing techniques. Previously, TJ worked with an early-stage AI startup Ayasdi, where he helped Fortune 500 companies mine high-dimensional data to deploy novel big data applications. This experience gave TJ firsthand knowledge of how intelligent use of data will have a positive and long-lasting impact on organizations and societies around the world.

Presentations

Supercharge your SIEM with Cloudera Session

Security information event management (SIEM) systems have become the go-to application for cybersecurity practitioners, but they come with a hefty cost. TJ Laher explains how Cloudera empowers cybersecurity innovators to optimize SIEM deployments.

Fredrick “Flee” Lee is the head of information security at Square. Fredrick has a history of solving security problems for a range of organizations all the way from large enterprises (Bank of America) to small startups (Twillio) and building and leading global security teams. He specializes in application security passionate but is passionate about all things security. He also finds time to indulge in hobbies, including road cycling, mountain biking, rock climbing, snowboarding, backpacking, and photography.

Presentations

Empowering through security Keynote

Traditionally we security professionals have been viewed as gate keepers, rule enforcers, and the people who say "no." Fredrick Lee shines a light on the ways security has allowed the world to do more and encourages security professionals to solve the difficult problems that will allow us to say "yes." Our profession needs to reach beyond being gatekeepers and move toward being gate openers.

Danielle Leong is an engineer on GitHub’s community and safety team who loves building tools to help make open source a more welcome and inclusive environment. Danielle is also the founder of Feerless, an app that provides trigger warnings for Netflix users with PTSD. She’s passionate about consensual software, inclusivity in tech, mental health awareness, and improving online good citizenship. In her spare time, she climbs rocks, rides motorcycles, and dresses up as a T-rex, occasionally all at the same time.

Presentations

Consensual software: Prioritizing user trust and safety Session

Online safety has become a huge problem in the world of oversharing. Real-name policies, automatic geolocation tracking, and photo tagging increase user adoption rates, but these features can be quickly abused by bad actors. Danielle Leong explains how to apply a "consent filter" to product decisions to create a safer user experience and help protect your most vulnerable users from harm.

Prakash Linga is the cofounder and CTO at Vera Security, where he oversees all products and technology and is responsible for developing the overall product strategy and technical vision of the company. Prakash is passionate about building game-changing products. He most recently served as CTO and cofounder at RAPsphere (acquired by AppSense in 2012). Prakash holds a PhD from Cornell University and a bachelor’s degree from IIT Madras, both in computer science.

Presentations

The new security playbook: New regulations, new threats, and a data-centric approach (sponsored by Vera Security) Session

Third-party providers are the newest weak link in our infrastructure; attacks are increasingly focused on damaging data integrity; and perimeter-based defenses are no longer a sufficient strategy. Prakash Linga explains how innovative companies are shifting to a more proactive, data-centric security model to protect their crown jewels.

Taylor Lobb is manager of security and privacy at Adobe, where he focuses finding vulnerabilities within Adobe’s products. He leads a team of penetration testers and is responsible for centralization and automation of many key security initiatives.

Presentations

Meet the Experts with Julia Knecht, Taylor Lobb, and Peleus Uhley. Meet the Experts

Julia Knecht, Taylor Lobb, and Peleus Uhley from Adobe are here to talk about everything from penetration testing to creating a successful secure product lifecycle (SPLC) program.

Using security champions and automation to create an effective SPLC Session

Taylor Lobb and Julia Knecht explain how a team of just two security analysts created a successful secure product lifecycle (SPLC) program by leveraging automation and establishing security ambassadors (champions) within the product engineering teams. This program has successfully scaled to support thousands of engineers due to the solid framework built on automation at its core.

Dhia Mahjoub is the head of security research at Cisco Umbrella (OpenDNS), where he leads the core research team focused on large-scale threat detection and threat intelligence and advises on R&D strategy. Dhia has a background in networks and security. He has coauthored patents with OpenDNS and regularly speaks at conferences worldwide, including Black Hat, DEF CON, Virus Bulletin, Botconf, ShmooCon, FloCon, Kaspersky SAS, Infosecurity Europe, RSA, Usenix Enigma, ACSC, NCSC International One Conference, and Les Assises de la sécurité. Dhia holds a PhD in graph algorithms applied to problems in wireless sensor networks.

Presentations

Malicious CDNs: Tracking botnets using open source SSL data Session

Open source datasets contain a wealth of information that can aid security practitioners. However, large public datasets are usually unstructured and noisy, posing difficulties for researchers trying to extract useful information. Thomas Mathew and Dhia Mahjoub explain how they used graph and clustering analytics on an SSL scan dataset to identify domains associated with the Zbot botnet.

Thomas Mathew is a security researcher at Cisco Umbrella (OpenDNS), where he focuses on implementing pattern recognition algorithms to classify malware and botnets. His main focus is using time series techniques on network sensor data to identify malicious threats. Previously, Thomas was a researcher at UC Santa Cruz and the US Naval Postgraduate School and a product and test engineer at Looxcie, a hands-free streaming video camera company. Thomas has coauthored a number of patents and is a frequent speaker at events such as ISOI APT, BruCon, FloCon, Kaspersky SAS, Black Hat, and DEF CON.

Presentations

Malicious CDNs: Tracking botnets using open source SSL data Session

Open source datasets contain a wealth of information that can aid security practitioners. However, large public datasets are usually unstructured and noisy, posing difficulties for researchers trying to extract useful information. Thomas Mathew and Dhia Mahjoub explain how they used graph and clustering analytics on an SSL scan dataset to identify domains associated with the Zbot botnet.

Taylor McCaslin is a mobile product manager at Duo Security. An Austin-based multidisciplinary technologist, for the past five years, Taylor has worked at enterprise-scale, hypergrowth technology companies such as WordPress Engine, Indeed.com, and Bazaarvoice. He holds a degree from the University of Texas at Austin, where he studied business, theatre, computer science, and digital art and media. When not pushing pixels, coding, or speaking at conferences about technology, Taylor can be found geeking out with the latest Apple gadget or enjoying the expansive Austin art scene. He also enjoys volunteering with local human rights and LGBTQ organizations around central Texas.

Presentations

Effective security in zero-trust environments (sponsored by Duo Security) Tutorial

Duo recently launched Duo Beyond, the first commercial implementation of Google’s BeyondCorp security model. Taylor McCaslin offers an overview of BeyondCorp and explains how a company that doesn’t have the resources of a company like Google can achieve a similar security posture.

Haroon Meer is the founder of Thinkst, the company behind the well-loved Thinkst Canary. Haroon has contributed to several books on information security and has published a number of papers on various topics related to the field. Over the past decade and a half, he has delivered research, talks, and keynotes at conferences around the world.

Presentations

Enterprise security: A new hope Keynote

The frequency and impact of recent high-profile breaches has been positively depressing. However, a new type of security engineering is taking root, which suggests hope for effective corporate security at enterprise scale. Haroon Meer highlights these hopeful examples in a bid to encourage more people to plot a course toward achievable security.

Allison Miller works in product management at Google, mitigating risks to Google and end users. Previously, Allison held technical and leadership roles in security, risk analytics, and payments/commerce at Electronic Arts, Tagged.com, PayPal/eBay, and Visa International. Allison is a proven innovator in the security industry and regularly presents research on risk analytics, cybersecurity, and economics. She is known for her expertise in designing and implementing real-time risk prevention and detection systems running at internet scale.

Presentations

2017 O'Reilly Defender Awards Keynote

The second annual O’Reilly Defender Awards acknowledge and celebrate our security heroes and heroines who have demonstrated exceptional leadership, creativity, and collaboration in the defensive security field. These honors will be presented during keynotes.

Closing remarks Keynote

Program chairs Rachel Roumeliotis and Allison Miller close the first day of keynotes.

Tuesday keynote welcome Keynote

Security Conference program chairs Rachel Roumeliotis and Allison Miller welcome you to the first day of keynotes.

Wednesday keynote welcome Keynote

Security Conference program chairs Rachel Roumeliotis and Allison Miller welcome you to the second day of keynotes.

Barton Miller is a professor of computer sciences at the University of Wisconsin, the chief scientist for the DHS Software Assurance Marketplace research facility, and software assurance lead on the NSF Cybersecurity Center of Excellence. Bart also codirects the MIST software vulnerability assessment project in collaboration with his colleagues at the Autonomous University of Barcelona and leads the Paradyn Parallel Performance Tool project, which is investigating performance and instrumentation technologies for parallel and distributed applications and systems. In 1988, Bart founded the field of fuzz random software testing—the foundation of many security and software engineering disciplines—and in 1992, working with his then-student Jeffrey Hollingsworth, founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation,” which forms the basis for his current efforts in malware analysis and instrumentation. His research interests include systems security, binary and malicious code analysis and instrumentation of extreme-scale systems, parallel and distributed program measurement and debugging, and mobile computing. Bart’s research is supported by the US Department of Homeland Security, the Department of Energy, the National Science Foundation, NATO, and various corporations.

Presentations

Secure coding practices and automated assessment tools Tutorial

Drawing from their experience performing vulnerability assessments of critical middleware, Bart Miller and Elisa Heymann walk you through the programming practices that can lead to security vulnerabilities and demonstrate how to automate tools for finding security weaknesses. You'll learn skills critical for software developers and analysts concerned with security.

Sara Mitchell is a recent graduate in security from Carnegie Mellon University, where her research focused on the role of modeling and simulation in threat intelligence.

Presentations

A system dynamics approach to CNO modeling Session

Sara Mitchell shares a model that attempts to explain the optimal resource allocation of advanced persistent threats (APTs) and targets based on the feedback loops present in system dynamics. The assumption is that in this allocation there is an optimal way to operate to either attack or defend infrastructure.

Mark Mossberg is a security engineer at Trail of Bits, where he develops and maintains open source binary analysis software.

Presentations

Symbolic execution for humans Session

Mark Mossberg offers a practical introduction to symbolic execution, exploring cutting-edge research in automated software testing, along with its strengths, weaknesses, and applications. Mark uses Manticore, a simple, usable, symbolic execution tool, to bridge theory and practice with concrete examples. You’ll walk away better prepared to make informed decisions about how to test your software.

Katie Moussouris is the founder and CEO of Luta Security, which specializes in helping businesses and governments work with hackers to better defend themselves from digital attacks. Katie is a noted authority on vulnerability disclosure and bug bounties and advises companies, lawmakers, and governments on the benefits of hacking and security research to help make the internet safer for everyone. Katie helped the US Department of Defense start the government’s first bug bounty program, Hack the Pentagon. Previously, at Microsoft, she worked on industry-leading initiatives such as Microsoft’s bug bounty programs and Microsoft vulnerability research. She is also a subject-matter expert for the US National Body of the International Standards Organization (ISO) in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). Katie is a visiting scholar with MIT’s Sloan School, doing research on the vulnerability economy and exploit market, a New America Foundation fellow, and a Harvard Belfer affiliate. Katie has served on the CFP review board for RSA, O’Reilly Security Conference, and Shakacon, and she is an advisor to the Center for Democracy and Technology. Katie is a frequent public speaker and has given keynotes and talks at many international conferences, including Hack in the Box Amsterdam 2014, Security Analyst Summit 2014, Nordic Security Con 2013, and BruCON 2012, to name just a few.

Presentations

The Dao of defense: Choosing battles based on the seven chakras of security Keynote

Computing has infiltrated society faster than we have been able to secure it. Defenders struggle with quantifying risk so that it translates into supported organizational changes and budget. Katie Moussouris explains how to transmute our suffering into kinetic and organizational changes and how to turn the forces that resist our defense activities into our biggest supporters in our organizations.

Neal Mueller is the product lead for Google Cloud Platform, where he focuses on security and BeyondCorp. Outside of Google, Neal is an adventurer. He has summitted Mount Everest unguided, sailed from Hawaii to San Francisco, swum the English Channel, and completed the first-ever row across the Arctic Ocean, for which he was awarded a Guinness World Record. Neal holds a BA from the University of Pennsylvania and an MBA from the University of Pennsylvania’s Wharton School, both with honors.

Presentations

BeyondCorp: Beyond “fortress” security Session

Most companies today use some variation of the firewall or “fortress” model for perimeter security. This model assumes everything on the outside is dangerous and everything in the inside is safe and worked well when employees worked on desktop computers at the company HQ. Neal Mueller and Max Saltonstall offer an overview of Google’s BeyondCorp, a new model for today's dispersed BYOD workforce.

Jack Naglieri is a security engineer at Airbnb. Jack has a passion for DevOps, security, and infrastructure. His exposure to information security began as an incident responder for Verisign. He spent several years at Yahoo as an incident responder before transitioning into a security engineering role, where he focused on deploying security monitoring tools at scale. Jack is the principal engineer on StreamAlert, a framework that enables serverless, real-time data analysis at scale. He holds a degree from George Mason University.

Presentations

Going serverless: Security outside the box Session

The advent of serverless technologies and infrastructure as code has changed how we build and deploy security services, empowering teams to create low-cost, scalable, and secure services to protect organizations. Drawing on their real-world experiences, Jack Naglieri and Austin Byers explore tools and techniques for successfully building, deploying, and debugging serverless security applications.

Meet the Experts with Jack Naglieri and Austin Byers Meet the Experts

Austin and Jack are here to discuss their open source projects StreamAlert and BinaryAlert and answer your questions about serverless AWS infrastructure.

Pieter Ockers is a senior security program manager and a member of Adobe’s product security incident response team (PSIRT). In an effort to bend the growth curve of application vulnerabilities reported to Adobe’s PSIRT by third-party security researchers, Pieter launched an internal bug hunt contest at Adobe as a cost-effective method to reduce security vulnerabilities while increasing security awareness and building a community of internal pen testers. Based in San Francisco, Pieter is passionate about engaging with the security research community to build a stronger, more secure and resilient ecosystem.

Presentations

Internal bug hunts: Squashing security bugs on a budget Session

Internal bug hunts, in which employees compete for prizes by finding and reporting security bugs, enable security teams to harness the creativity and problem-solving skills of the workforce while reducing security bugs in their applications. Pieter Ockers explains how bug hunts promote a culture of security awareness by involving participants outside of the security team.

Quiessence Phillips is the Threat Management Lead for New York City’s Cyber Command, where she leads the Security Operations Center, CERT and Threat Intelligence functions. A cybersecurity professional with 10 years of experience working within the financial industry as well as a mom, mentor, coder, hacker, and strategist.

Quiessence is the cofounder of a nonprofit EdTech organization – JOURNi, which is building an authentically inclusive tech ecosystem in Detroit.

In efforts to get more women into cybersecurity, she also started Securing Your Path – a community for women interested in forging their path in the industry.

Presentations

Contextualizing your Splunk logs Session

In a daily fight to secure organizations, security analysts are inundated with a massive log set (if one is so fortunate), but with it comes a high signal-to-noise ratio. Increase your signal by adding context to your logs. Join Quiessence Phillips to learn about the type of context that could be added and the value of its addition.

Alex Pinto is the chief data scientist of Niddel and the lead for the MLSec Project. Alex is currently dedicating his waking hours to the development of machine learning algorithms and data science techniques to automate threat hunting (I know) and making threat intelligence “actionable” (I know, I know). If you care about certifications at all, Alex is currently a CISSP-ISSAP, CISA, CISM, and PMP. He was also a PCI-QSA for almost seven years but is a mostly ok person in spite of that.

Presentations

Toward a threat-hunting automation maturity model Session

Alex Pinto shares an automation model that elevates the quality of data available to automation processes to efficiently simulate analyst intuition and significantly augment human analysts. The hunting automation maturity model (HAMM) organizes these techniques around capability milestones, including internal and external context and analytical tooling.

Kevin Poniatowski is senior security instructor and engineer at Security Innovation. Kevin has spent the last 20 years teaching developers in 10 countries across a wide range of organizations—including the Department of Defense and major Fortune 500 companies such as HP, Amazon, VMware, Sophos, Intuit, SWIFT, Walgreens, TMX, and Liberty Mutual—the intricacies of how to create hack-resistant applications. Name a security problem. Not only has Kevin seen it, but he’s taught some of the best developers in the world how to prevent and defend against it.

Presentations

Finding the vulnerability first and fast Tutorial

Kevin Poniatowski teaches you how to shorten the time it takes to find common web vulnerabilities while also decreasing the risk of an OWASP Top 10 vulnerability making it into the production server, demonstrating how to collect useful data that will reveal where the vulnerabilities are hiding.

Kyle Randolph is the senior director for security, privacy, and compliance at Optimizely. Kyle has over 15 years of experience growing security teams from zero, building Twitter-scale defenses to protect millions of users, and scaling security programs at companies of all sizes.

Presentations

Enterprise SaaS startups: The business case for security Session

It's a huge act of trust for an established company to allow a startup access to its data and infrastructure. Kyle Randolph shares lessons learned building an enterprise SaaS startup, where security went from zero to paramount as the company scaled, and explains how to meet customers' needs, how to sell security to management, and how to build security into engineering.

Dominik Richter is a product manager at Chef, an entrepreneur, and a leading expert in both security and automation. Dominik honed his abilities at Deutsche Telekom, where he headed the security of Telekom’s first OpenStack Cloud. He is a cofounder of InSpec, Chef Compliance, and the dev-sec.io project.

Presentations

DevSec: Continuous compliance and security with InSpec Session

It's still very cumbersome to implement best practices for server hardening and patching. As a result, many servers are still unsecured. Christoph Hartmann and Dominik Richter offer an overview of InSpec—an open source tool for infrastructure, security, and compliance testing—and demonstrate how patch and security level can be assessed in CI/CD and production environments.

Rachel Roumeliotis is a strategic content director at O’Reilly Media, where she leads an editorial team that covers a wide variety of programming topics ranging from full stack to open source in the enterprise to emerging programming languages. Rachel is a programming chair of OSCON and O’Reilly’s Software Architecture Conference. She has been working in technical publishing for 10 years, acquiring content in many areas including mobile programming, UX, computer security, and AI.

Presentations

2017 O'Reilly Defender Awards Keynote

The second annual O’Reilly Defender Awards acknowledge and celebrate our security heroes and heroines who have demonstrated exceptional leadership, creativity, and collaboration in the defensive security field. These honors will be presented during keynotes.

Closing remarks Keynote

Program chairs Rachel Roumeliotis and Allison Miller close the first day of keynotes.

Tuesday keynote welcome Keynote

Security Conference program chairs Rachel Roumeliotis and Allison Miller welcome you to the first day of keynotes.

Wednesday keynote welcome Keynote

Security Conference program chairs Rachel Roumeliotis and Allison Miller welcome you to the second day of keynotes.

Michael Roytman is the chief data scientist at Kenna Security, where his work focuses on cybersecurity data science and Bayesian algorithms. Michael is also a technical advisor in the humanitarian space, having worked with Doctors Without Borders, the World Health Organization, and the UN. He has spoken at some of the top security conferences in the world, including RSA, SOURCE, BSides, Metricon, and SIRAcon, and has been published in the Advanced Computing Association journal USENIX. Michael is the author of three patents. He holds an MS in operations research from Georgia Tech. His home in Chicago is a mess of broken-down espresso machines.

Presentations

Meet the Experts with Michael Roytman Meet the Experts

Michael is here to discuss vulnerability prioritization and risk measurement.

Predicting exploitability with Amazon Machine Learning Session

Security is all about reacting. It's time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable.

Jennifer Ruehr is legal counsel for privacy and security at Adobe, where she works on global privacy issues related to vendor management (including cross-border data transfers and data processing agreements), employee information, customer escalations, and corporate marketing and manages projects related to data governance, HIPAA, and privacy and security incident response. Jennifer is currently a fellow with the Leadership Council on Legal Diversity. She holds a JD from the University of Akron School of Law, a certificate in intellectual property law and technology, and a BA in English from Washington State University. She is a member of the bar in Ohio.

Presentations

Security and privacy: Together in good times and bad Session

Tom Cignarella and Jennifer Ruehr explain how you can leverage the strengths of both security experts and privacy experts to constantly deliver what customers will expect from you, even through organizational shifts, divisions, and challenges.

Ido Safruti is the cofounder and CTO at PerimeterX, which is building a behavior-based web security service. Previously, Ido headed a product group in Akamai focusing on web performance and scalability. Ido joined Akamai through the acquisition of Cotendo, where he led product and strategy. His earlier roles include GM in charge of product engineering and operation, R&D manager, chief scientist, and head of engineering at various companies and the Israeli intelligence, where he focused on high-capacity, large-scale web and network services and cybersecurity systems.

Presentations

Web security analysis toolbox Tutorial

Ido Safruti and Amir Shaked offer an overview of the data analysis tools that every web security analyst should be familiar with in their daily work, including ELK, BigQuery, and Python as well as other helpful online services. These tools will help you analyze incidents on your web application and network and alert you when an attack starts.

Max Saltonstall is technical director of Google Cloud for the office of the CTO

Presentations

BeyondCorp: Beyond “fortress” security Session

Most companies today use some variation of the firewall or “fortress” model for perimeter security. This model assumes everything on the outside is dangerous and everything in the inside is safe and worked well when employees worked on desktop computers at the company HQ. Neal Mueller and Max Saltonstall offer an overview of Google’s BeyondCorp, a new model for today's dispersed BYOD workforce.

Runa Sandvik is the director of information security at the New York Times, where her primary focus over the past year has been the newsroom, helping reporters better understand the challenges they are facing. Runa loves to travel and has spoken at numerous conferences around the world, including Black Hat, RSA, DEF CON, Amazon ZonCon, and Hack in the Box. She is a former developer with the Tor Project, a technical advisor to the Freedom of the Press Foundation, and a member of the review board for Black Hat Europe. She tweets as @runasand.

Presentations

Building a culture of security at the New York Times Keynote

The New York Times has staked its future on being a destination for readers. As a result, the company is working to incrementally improve the security of its environment. Drawing on this work, Runa Sandvik shares practical lessons on how to build and foster a culture of security across an organization.

Jan Schaumann is an infrastructure and information security engineer and an adjunct professor of computer science. Jan has over 15 years of experience in both small-scale deployments and enormous high-availability infrastructures serving millions of users. Today he spends most of his time worrying about online privacy and infrastructure security and integrity. You can follow him on Twitter as @jschauma.

Presentations

The razor's edge: Cutting your TLS baggage Session

Jan Schaumann shares insights into TLS cipher specs and protocols and threat analysis of dozens of vulnerabilities and attacks and explains how to effect change across a diverse legacy stack, how to collaborate with a significant number of teams on goals that may not be directly in line with their roadmaps, and how to get buy-in from your executives.

Rich Seymour is a senior data scientist at Endgame, where he works on integrating R&D successes into the company’s platform and experimenting with new techniques to make security sensible. He holds a PhD in materials science and an MS in computer science, both from the University of Southern California, where he worked on high-performance computing simulations of nanoscale materials under stress.

Presentations

Security + design * data science: A bot story Session

The security industry continues to struggle with alert fatigue as the talent shortage grows. Security has yet to fully embrace the power of UX to help security workers do more with less. Bobby Filar and Rich Seymour explain how they developed a chatbot, combining machine learning within an intuitive UI to expedite data search and discovery and enhance detection and response to security threats.

Ruchi Shah is a senior technical program manager in security at Google, where she leads a team whose mission is to secure acquisitions and Alphabets. Ruchi has over 12 years of experience in security. Previously, she spun up the Subsidiary Security Program at Amazon and managed the product roadmap for AWS Identity and Access Management and AWS Key Management Services. Ruchi also worked at Deloitte and Touche LLP and Ernst & Young, where she helped clients implement security solutions ranging from identity and access management (IAM) and security information and event management (SIEM) to network security products.

Presentations

Top 15 things we wish every company had already done before acquisition Session

Ruchi Shah and Michael Sinno share the top 15 things that Google Security worries about when acquiring or starting a company and explain how they address them in order to protect both the entity and Google itself.

Amir Shaked is vice president of research at PerimeterX, where he fends off automated attacks from websites. A software engineer and security researcher, Amir specializes in web and data technologies, the IoT, and telecom and also coaches team leaders and project managers. He has been writing code from the age of 14 and has worked at a number of startups and enterprises in the years since.

Presentations

Web security analysis toolbox Tutorial

Ido Safruti and Amir Shaked offer an overview of the data analysis tools that every web security analyst should be familiar with in their daily work, including ELK, BigQuery, and Python as well as other helpful online services. These tools will help you analyze incidents on your web application and network and alert you when an attack starts.

Michael Sinno is a Manager on Google’s M&A Technology Integrations team, which is responsible for the onboarding and integration of all Google acquisitions. In his decade at Google, Michael has worked on both security- and nonsecurity-related technologies within Google’s corporate infrastructure. Previously, he worked at Microsoft and a number of financial services companies.

Presentations

Top 15 things we wish every company had already done before acquisition Session

Ruchi Shah and Michael Sinno share the top 15 things that Google Security worries about when acquiring or starting a company and explain how they address them in order to protect both the entity and Google itself.

Joy Smith is manager of cyber solutions at McKinsey & Company. With significant public sector and government experience in cybersecurity, Joy helps lead McKinsey’s efforts to bring its capabilities to more clients. Previously, she worked with Novetta and IBG, providing advanced analytics to conduct cybersecurity analysis, entity resolution, and multisource investigations. Joy holds an MBA from the University of Pennsylvania’s Wharton School and a BS in biomedical engineering from UNC-Chapel Hill.

Presentations

Cyber-crises: Bridging the response gap between the board and the front line Tutorial

The lack of transparency between executive decisions and those who implement them can muddle the response to a fast-moving cyber-crisis. Venky Anant and Joy Smith take you through a crisis, from the response from the board and executive members to the experience of front-line responders, giving you an opportunity to question and ultimately improve the harmony between the respective approaches.

Michee Smith is a product manager for security and privacy at Google, where she is responsible for infrastructure products that provide transparency to users and internal data governance operations on the handling of personal data. Michee is passionate about ensuring that privacy is embedded in every step of the product and data lifecycle. Previously, she spent 12 years in a variety of software development and program management roles at Microsoft.

Presentations

Security by the numbers: Improving the security of online content through transparency reporting Session

Since the launch of the Email Encryption in Transit transparency report, Google has seen a 40% increase in encrypted emails going in and out of Gmail. Can public accountability really be used to drive the adoption of security practices inside a company and the industry at large? Michee Smith explores the successes and pitfalls of sharing this type of data and how to approach similar endeavors.

Window Snyder is CSO at Fastly, where she oversees Fastly’s expanding security offerings through its global edge infrastructure platform. Window has been a key contributor to the evolution of security in our connected world. At Apple, she developed security and privacy strategies for iOS and OS X. While at Mozilla Corporation, she drove efforts to secure Mozilla’s web browser, Firefox. At Microsoft, she owned security sign-off for the Windows platform and helped the company open lines of communication between Windows developers and outside security researchers and vendors. She is the coauthor of Threat Modeling.

Presentations

An infinite set of security tools Keynote

You can spend your entire security budget on signal-based technologies (such as endpoint security, antimalware, and vulnerability detection) and incrementally improve the security of your environment. But the real value is in people. Join Window Snyder to learn why the basics are hard to implement consistently but will get you a lot further than yet another set of signal-based tools.

Matt Stine is the global CTO for architecture at Pivotal, where he spends much of his time helping customers develop cloud-native application architectures. Matt is a 17-year veteran of the enterprise IT industry, eight of them spent as consulting solutions architect for multiple Fortune 500 companies and the not-for-profit St. Jude Children’s Research Hospital. He is the author of Migrating to Cloud-Native Application Architectures (O’Reilly) and the host of the Software Architecture Radio podcast. Matt is obsessed with the idea that enterprise IT doesn’t have to suck. He focuses on Lean/Agile software development methodologies, DevOps, architectural principles, patterns, and practices, and programming paradigms in an attempt to find the perfect storm of techniques that will allow corporate IT departments to function like startup companies and create software that delights users while maintaining a high degree of conceptual integrity. Matt has spoken at conferences ranging from JavaOne to OSCON to YOW!, is a seven-year member of the No Fluff Just Stuff tour, and serves as technical editor of NFJS the Magazine. Matt is also the founder and past president of the Memphis Java User Group.

Presentations

Why cloud-native enterprise security matters (sponsored by Pivotal) Keynote

Matt Stine offers an overview of the three principles of cloud-native security—rotate user credentials frequently, so they are only useful for a short time; repave servers and applications from a known good state often; and repair vulnerable software as soon as updates are available—and explains how this approach helps you deal with the exponentially increasing volume and velocity of threats.

John Studarus is technical risk, compliance, and security advisor at JHL Consulting. John has more than 20 years of software product development across the finance, high tech, government and healthcare industries, which has included working with internal and external technical teams, business partners, customer, internal compliance and legal to lead the product direction of large-scale cloud-based solutions. John’s areas of focus include software and product development, security best practices, compliance and cloud computing, and operational security and technical risk management and auditing. Previously, he led development of security dashboards and portals for use within DISA and the US Department of State and software and product management for AT&T, Leidos, and Akamai.

Presentations

Virtualized service-chained security controls within a layer 2 SDN Tutorial

John Studarus and Cynthia Thomas demonstrate how to service-chain traffic through multiple security functions using virtualization and software-defined networking (SDN). John and Cynthia walk you through configuring and modifying layer 2 service chains with open source cloud security tools to monitor and block malicious traffic originating from a network of virtual machines.

Harry Sverdlove is founder and chief technology officer at Edgewise Networks, a cybersecurity startup that is transforming the way the industry approaches network security in the cloud and data center by stopping the progression of network-borne threats. Harry has been building and leading technology solutions for 25 years. Previously, he was CTO at Carbon Black (formerly Bit9), where he led the technical and strategic vision and helped establish Carbon Black as a major player in endpoint security; principal research scientist at McAfee, where he was responsible for the architecture of the company’s web safety rating engine; and chief scientist at SiteAdvisor (acquired by McAfee). He is frequently quoted as an expert on cybersecurity in leading media outlets such as the Wall Street Journal, the New York Times, CNN, and CNBC as well as trade and vertical market publications. Harry holds a bachelor’s degree in electrical engineering from the Massachusetts Institute of Technology.

Presentations

Meet the Experts with Harry Sverdlove Meet the Experts

Stop by and chat with Harry about zero-trust networking and network security in an age of dynamic and inherently untrustworthy networks.

Zero-trust networking: Never trust, always verify Session

In today's world of dynamic computing environments and advanced threats, the axiom "trust but verify" is not an effective strategy. The zero-trust model forces you to rethink the way you secure your networks. Harry Sverdlove breaks down zero-trust networking into simple principles that can be applied to any organization to both improve your security posture and simplify its management.

Christie Terrill is a partner at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups, where she provides engagement oversight, thought leadership, and client relationship management to Bishop Fox’s New York clients. She has more than a decade of information security experience in providing security advisory services. Previously, Christie worked in the security consulting practices at Accenture and Ernst & Young. Christie is a monthly contributor to Forbes, where her articles translate cybersecurity issues into business-relevant action. She is a frequent speaker at events around the country, including Dark Reading webinars, the Women in Cybersecurity Conference, Career Discovery in Cyber Security: A Women’s Symposium, and the BayThreat 2012 Conference. She was technical editor for the “Legal, Regulatory, and Standards Compliance” chapter in Information Security: The Complete Reference and has appeared in publications such as MarketWatch, eWeek, Infosecurity Magazine, and InfoWorld. Christie holds a BA with honors from the University of California, Santa Cruz.

Presentations

"Build me a world-class security program in three months" Session

How do you respond when your company's executives want you to go from an understaffed security team to a world-class security program in an unreasonably short time frame? Christie Terrill shares a case study from a prominent healthcare provider that describes how she met the charge, managed expectations, and built a security program to be proud of in only three (read: nine) months.

Christian Teutenberg is a security researcher at Telstra, Australia’s largest telecommunications provider, where he specializes in hunting for evidence of breach with endpoint, network, and log data. He has over a decade of experience in information security, with a background focusing on intrusion detection, incident response, and computer forensics for the enterprise.

Presentations

Inside an active APT incident response Session

Brian Candlish and Christian Teutenberg discuss a security incident Telstra suffered as a result of an acquisition and the ongoing year of incident response that followed to evict the intruders.

Cynthia Thomas is a member of the systems engineering team at Midokura, where she focuses on emerging technologies in network virtualization to address evolving application requirements. Cynthia’s background in networking hardware spans from telecommunications to data center, campus, and enterprise solutions. Cynthia holds an MSc in engineering from Queen’s University as well as a number of professional certifications, including Alcatel-Lucent Network Routing Specialist II (NRS II), Brocade Certified Ethernet Fabric Professional (BCEFP), Brocade Certified IP Network Professional (BCNP), and VMware Technical Sales Professional (VTSP) 5.

Presentations

Virtualized service-chained security controls within a layer 2 SDN Tutorial

John Studarus and Cynthia Thomas demonstrate how to service-chain traffic through multiple security functions using virtualization and software-defined networking (SDN). John and Cynthia walk you through configuring and modifying layer 2 service chains with open source cloud security tools to monitor and block malicious traffic originating from a network of virtual machines.

Peleus Uhley is the lead security strategist at Adobe, where he assists the company with proactive and reactive security. Peleus has been a part of the security industry for more than 15 years. Previously, he was a senior developer at Anonymizer and a security consultant for @stake and Symantec.

Presentations

Assessing your public security exposure without sending a single packet Session

An accurate understanding of your public network and application exposure is necessary for everything from scalable security automation to red team exercises, but it can be overwhelming trying to keep up with a large organization. Peleus Uhley shares techniques for leveraging freely available data to create complete network graphs, track best practices, and identify security issues.

Meet the Experts with Julia Knecht, Taylor Lobb, and Peleus Uhley. Meet the Experts

Julia Knecht, Taylor Lobb, and Peleus Uhley from Adobe are here to talk about everything from penetration testing to creating a successful secure product lifecycle (SPLC) program.

Alexandra Ulsh is an information security engineer at Mapbox, a mapping platform that supports more than a quarter billion end users worldwide, where she makes sure the company’s cloud infrastructure is secure, stable, and able to perform under high demand in any part of the world. A founding member of Mapbox’s security team, Alex launched the company’s public bug bounty program and works on everything from application security to platform security on AWS to making sure every team member has a password manager and knows how to use it. Previously, Alex built, configured, and secured large SharePoint-based intranets for the Department of Defense with a specialization in automating the entire DIACAP STIG process via PowerShell scripts. Alex is a director of Women Who Code DC and an active organizer and participant in the larger DC Tech community, including DCFemTech and Code for DC.

Presentations

How to launch and run a successful bug bounty program: A security team perspective Session

Launching a bug bounty program is hard. Running and maintaining a successful bug bounty program is even harder. Using real-world stories of both failure and success, Alexandra Ulsh details how Mapbox's security team used tools, processes, automation, and empathy to decrease response time by 90%, reduce noise, and improve average report quality for its bug bounty program.

Nir Valtman heads the application security of the software solutions for NCR Corporation. Previously, Nir led security for R&D at Retalix (acquired by NCR) and held several application security, penetration testing, and systems infrastructure security positions. Nir is a frequent speaker at leading conferences around the world, including Black Hat, DEF CON, BSides, RSA, and OWASP. He holds a BS in computer science, but his knowledge is mainly based on cowboy learning and information sharing with techno-oriented communities such as bloggers and the open source community (particularly for the AntiDef, Cloudefigo, and SAPIA tools).

Presentations

The art of securing 100 products Session

Step outside the best practices comfort zone, as Nir Valtman walks you through a thought experiment to secure 100 products. Along the way, Nir explores procedural and technological challenges such as working with diverse software architectures, multiple development languages and platforms, a variety of development lifecycles, injecting security into continuous integration and delivery, and more.

Steven Wierckx is a consultant at Toreon. A software and security tester with 15 years of experience in programming, security testing, source code review, test automation, functional and technical analysis, development, and database design, Steven shares his passion for web application security through his articles in professional magazines and his courses on testing software for security problems, secure coding, security awareness, security testing, and threat modeling. He is the project leader for the OWASP Threat Modeling Project and organizes the BruCON student CTF. This year, he spoke at Hack in the Box Amsterdam on the topic of magic mirrors and will host a workshop at the BruCON conference.

Presentations

TRAINING: Whiteboard hacking: Hands-on threat modeling Training Day 2

Drawing on real-world use cases—including hotel booking web and mobile applications that share the same REST backend, an internet of things deployment with an on-premises gateway and secure update service, and an HR services OAuth scenario for mobile and web applications—Steven Wierckx walks you through performing practical threat modeling and discusses privacy threats and privacy by design.

Whiteboard hacking: Hands-on threat modeling 2-Day Training

Drawing on real-world use cases—including hotel booking web and mobile applications that share the same REST backend, an internet of things deployment with an on-premises gateway and secure update service, and an HR services OAuth scenario for mobile and web applications—Steven Wierckx walks you through performing practical threat modeling and discusses privacy threats and privacy by design.

Chester Wisniewski is a principal research scientist in the office of the CTO at Sophos. Chester has been involved in the information security space since the late 1980s. He divides his time between research, public speaking, writing, and attempting to communicate the complexities of security to the press and public in a way they can understand. Chester has spoken at RSA, InfoSec Europe, LISA, USENIX, Virus Bulletin, and many Security BSides events around the world. He also regularly consults with NPR, CNN, CBC, the New York Times, and a number of other media outlets.

Presentations

Embracing security as a culture: Users aren't the problem; they're remotely deployed sensors. Session

Users aren't just part of the problem; they're part of the solution. Creating a security culture takes more than security awareness training. It takes commitment from all parts of an organization. Chester Wisniewski explains why we need users to take an active part in helping manage security risk in order to improve security and better defend against and respond to phishing attacks.

Julian Wong is an architect at DataVisor. A fraud and security detection industry veteran, Julien was previously head of trust and safety at Indiegogo and Etsy; risk management leader at Upwork, where he developed scalable systems and teams for mitigating fraud and risks; and the lead for Google’s engineering team responsible for building algorithms to prevent fraud on its ad platform. Julian holds a bachelor’s degree in engineering from the University of California, Berkeley, and an MBA from NYU’s Stern School of Business.

Presentations

Inside the bad actor's studio Session

Using research from more than one billion users, 500 billion events, and 50 million malicious accounts collected from global online services, Julian Wong details some of the sophisticated attack techniques being used by modern day online criminals and demonstrates how these types of attacks can be detected and mitigated by leveraging artificial intelligence.

Chris Wysopal is cofounder and CTO of SaaS application security company Veracode, which was recently acquired by CA Technologies. Chris is one of the original vulnerability researchers and a member of the hacker think tank the L0pht. He has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. Chris published his first security advisory in 1996 on parameter tampering in IBM’s Lotus Notes and has been trying to help people not repeat this type of mistake for 20 years. He is also the author of The Art of Software Security Testing (Addison-Wesley).

Presentations

Great software is secure software Keynote

If great software is secure software, why are there still so many vulnerabilities? Don’t architects and developers want to build great systems? Chris Wysopal details how defenders can enable developers to create secure software through coaching, shared code, and services.