Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Sessions

Learn new skills and techniques from expert practitioners at the O'Reilly Security Conference. All sessions take place Tuesday, October 31 and Wednesday, November 1.

Tuesday, October 31

11:20am–12:00pm Tuesday, October 31, 2017
Location: Beekman
Bobby Filar (Endgame), Richard Seymour (Endgame)
Average rating: ****.
(4.00, 1 rating)
The security industry continues to struggle with alert fatigue as the talent shortage grows. Security has yet to fully embrace the power of UX to help security workers do more with less. Bobby Filar and Rich Seymour explain how they developed a chatbot, combining machine learning within an intuitive UI to expedite data search and discovery and enhance detection and response to security threats. Read more.
11:20am–12:00pm Tuesday, October 31, 2017
Location: Sutton North
Julian Wong (DataVisor)
Average rating: ****.
(4.00, 1 rating)
Using research from more than one billion users, 500 billion events, and 50 million malicious accounts collected from global online services, Julian Wong details some of the sophisticated attack techniques being used by modern day online criminals and demonstrates how these types of attacks can be detected and mitigated by leveraging artificial intelligence. Read more.
11:20am–12:00pm Tuesday, October 31, 2017
Location: Sutton South
Nir Valtman (NCR Corporation)
Average rating: ****.
(4.00, 1 rating)
Step outside the best practices comfort zone, as Nir Valtman walks you through a thought experiment to secure 100 products. Along the way, Nir explores procedural and technological challenges such as working with diverse software architectures, multiple development languages and platforms, a variety of development lifecycles, injecting security into continuous integration and delivery, and more. Read more.
11:20am–12:00pm Tuesday, October 31, 2017
Location: Regent
Yong-Gon Chon (Focal Point Data Risk), Wade Baker (Cyentia Institute)
Average rating: ****.
(4.50, 2 ratings)
Yong-Gon Chon and Wade Baker share the results of an original, in-depth survey project that interviewed current board members and senior cybersecurity professionals to find out whether cybersecurity is now a boardroom issue, and if it is, determine what security experts have been telling boards to care about. Read more.
11:20am–12:00pm Tuesday, October 31, 2017
Location: Sutton Center
Justin Fier (Darktrace)
From insiders to sophisticated external attackers, the reality of cybersecurity today is that the threat is already inside. Justin Fier explains why autonomous response and machine learning is the future of defense and shares the immune system approach to cybersecurity, which provides complete network visibility and the ability to prioritize threats to better allocate time and resources. Read more.
1:15pm–1:55pm Tuesday, October 31, 2017
Location: Beekman
Gwen Betts (Komand)
User experience is often a forgotten piece in the broader information security puzzle. Security is difficult, especially for the average user, and many believe it’s already baked into the day-to-day software products they use, which isn’t always the case. Gwen Betts explains how a design-driven approach to security products and measures can drive greater adoption and acceptance. Read more.
1:15pm–1:55pm Tuesday, October 31, 2017
Location: Sutton North
Quiessence Phillips (City of New York)
In a daily fight to secure organizations, security analysts are inundated with a massive log set (if one is so fortunate), but with it comes a high signal-to-noise ratio. Increase your signal by adding context to your logs. Join Quiessence Phillips to learn about the type of context that could be added and the value of its addition. Read more.
1:15pm–1:55pm Tuesday, October 31, 2017
Location: Sutton South
Christie Terrill (Bishop Fox)
Average rating: ****.
(4.33, 3 ratings)
How do you respond when your company's executives want you to go from an understaffed security team to a world-class security program in an unreasonably short time frame? Christie Terrill shares a case study from a prominent healthcare provider that describes how she met the charge, managed expectations, and built a security program to be proud of in only three (read: nine) months. Read more.
1:15pm–1:55pm Tuesday, October 31, 2017
Location: Regent
Ruchi Shah (Google), Michael Sinno (Google)
Average rating: **...
(2.50, 2 ratings)
Ruchi Shah and Michael Sinno share the top 15 things that Google Security worries about when acquiring or starting a company and explain how they address them in order to protect both the entity and Google itself. Read more.
1:15pm–1:55pm Tuesday, October 31, 2017
Location: Sutton Center
TJ Laher (Cloudera)
Security information event management (SIEM) systems have become the go-to application for cybersecurity practitioners, but they come with a hefty cost. TJ Laher explains how Cloudera empowers cybersecurity innovators to optimize SIEM deployments. Read more.
2:10pm–2:50pm Tuesday, October 31, 2017
Location: Beekman
Danielle Leong (GitHub)
Average rating: ****.
(4.50, 2 ratings)
Online safety has become a huge problem in the world of oversharing. Real-name policies, automatic geolocation tracking, and photo tagging increase user adoption rates, but these features can be quickly abused by bad actors. Danielle Leong explains how to apply a "consent filter" to product decisions to create a safer user experience and help protect your most vulnerable users from harm. Read more.
2:10pm–2:50pm Tuesday, October 31, 2017
Location: Sutton North
Michael Roytman (Kenna Security)
Security is all about reacting. It's time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable. Read more.
2:10pm–2:50pm Tuesday, October 31, 2017
Location: Sutton South
Devina Dhawan (Etsy)
Average rating: ***..
(3.00, 1 rating)
Devina Dhawan explains how to improve your existing AWS infrastructure by bringing in external tooling, mastering the AWS command-line interface, and improving communication with the rest of your organization. Read more.
2:10pm–2:50pm Tuesday, October 31, 2017
Location: Regent
Josiah Dykstra (Department of Defense)
Every day, people considering security solutions and products are misled, manipulated, or deceived by real and bogus science, wild claims, and marketing trickery. Drawing on his book Essential Cybersecurity Science, Josiah Dykstra shares questions to ask and new techniques to help you spot and challenge these tactics before you buy or build another security product. Read more.
3:50pm–4:30pm Tuesday, October 31, 2017
Location: Beekman
Michee Smith (Google)
Since the launch of the Email Encryption in Transit transparency report, Google has seen a 40% increase in encrypted emails going in and out of Gmail. Can public accountability really be used to drive the adoption of security practices inside a company and the industry at large? Michee Smith explores the successes and pitfalls of sharing this type of data and how to approach similar endeavors. Read more.
3:50pm–4:30pm Tuesday, October 31, 2017
Location: Sutton North
Alex Pinto (Niddel)
Average rating: ***..
(3.00, 1 rating)
Alex Pinto shares an automation model that elevates the quality of data available to automation processes to efficiently simulate analyst intuition and significantly augment human analysts. The hunting automation maturity model (HAMM) organizes these techniques around capability milestones, including internal and external context and analytical tooling. Read more.
3:50pm–4:30pm Tuesday, October 31, 2017
Location: Sutton South
Pieter Ockers (Adobe)
Average rating: *****
(5.00, 1 rating)
Internal bug hunts, in which employees compete for prizes by finding and reporting security bugs, enable security teams to harness the creativity and problem-solving skills of the workforce while reducing security bugs in their applications. Pieter Ockers explains how bug hunts promote a culture of security awareness by involving participants outside of the security team. Read more.
3:50pm–4:30pm Tuesday, October 31, 2017
Location: Regent
Jay Kelath (Dow Jones)
Legacy software in big companies is a security nightmare. Jay Kelath explains how the product security team at Dow Jones successfully integrated security into the Agile software development cycle while dealing with problems in legacy architectures—outlining a plan you can follow in your own security transformation. Read more.
4:45pm–5:25pm Tuesday, October 31, 2017
Location: Beekman
Jason Hoenich (Habitu8)
Jason Hoenich explores the risks related to delivering poor awareness programs rather than adapting to changing needs and demands of the attack surface and learning behaviors of humans. Incorporating the key fundamental behavioral psychology nodes for establishing true culture change, and making the experience of the end user will move our programs to Security Awareness 2.0. Read more.
4:45pm–5:25pm Tuesday, October 31, 2017
Location: Sutton North
Thomas Mathew (Cisco Umbrella (OpenDNS)), DHIA MAHJOUB (Cisco Umbrella (OpenDNS))
Average rating: ****.
(4.00, 2 ratings)
Open source datasets contain a wealth of information that can aid security practitioners. However, large public datasets are usually unstructured and noisy, posing difficulties for researchers trying to extract useful information. Thomas Mathew and Dhia Mahjoub explain how they used graph and clustering analytics on an SSL scan dataset to identify domains associated with the Zbot botnet. Read more.
4:45pm–5:25pm Tuesday, October 31, 2017
Location: Sutton South
Kelly Harrington (Google)
Kelly Harrington explores how web security initiatives work with webmasters to clean up malware attacks and fix other security issues that affect the web ecosystem. Along the way, Kelly explains how to strike the right balance between providing help to site owners and protecting data from bad actors. Read more.
4:45pm–5:25pm Tuesday, October 31, 2017
Location: Regent
Tom Cignarella (Adobe), Jennifer Ruehr (Adobe)
Tom Cignarella and Jennifer Ruehr explain how you can leverage the strengths of both security experts and privacy experts to constantly deliver what customers will expect from you, even through organizational shifts, divisions, and challenges. Read more.

Wednesday, November 1

11:20am–12:00pm Wednesday, November 1, 2017
Location: Beekman
brian candlish (Telstra), Christian Teutenberg (Telstra)
Brian Candlish and Christian Teutenberg discuss a security incident Telstra suffered as a result of an acquisition and the ongoing year of incident response that followed to evict the intruders. Read more.
11:20am–12:00pm Wednesday, November 1, 2017
Location: Sutton North
Harry Sverdlove (Edgewise Networks)
In today's world of dynamic computing environments and advanced threats, the axiom "trust but verify" is not an effective strategy. The zero-trust model forces you to rethink the way you secure your networks. Harry Sverdlove breaks down zero-trust networking into simple principles that can be applied to any organization to both improve your security posture and simplify its management. Read more.
11:20am–12:00pm Wednesday, November 1, 2017
Location: Sutton South
Alexandra Ulsh (Mapbox)
Average rating: *****
(5.00, 1 rating)
Launching a bug bounty program is hard. Running and maintaining a successful bug bounty program is even harder. Using real-world stories of both failure and success, Alexandra Ulsh details how Mapbox's security team used tools, processes, automation, and empathy to decrease response time by 90%, reduce noise, and improve average report quality for its bug bounty program. Read more.
11:20am–12:00pm Wednesday, November 1, 2017
Location: Regent
Jen Ellis (Rapid7)
It’s a widely held belief in security that at some point most organizations will fall victim to some kind of breach or significant security incident. Jen Ellis outlines the considerations for successful crisis communications to help you weather the storm, covering the key tenets of good communications strategies, from preparation to dealing with press and everything in between. Read more.
11:20am–12:00pm Wednesday, November 1, 2017
Location: Sutton Center
Prakash Linga (Vera Security)
Third-party providers are the newest weak link in our infrastructure; attacks are increasingly focused on damaging data integrity; and perimeter-based defenses are no longer a sufficient strategy. Prakash Linga explains how innovative companies are shifting to a more proactive, data-centric security model to protect their crown jewels. Read more.
1:15pm–1:55pm Wednesday, November 1, 2017
Location: Beekman
Christoph Hartmann (Chef Software), Dominik Richter (Chef Software)
It's still very cumbersome to implement best practices for server hardening and patching. As a result, many servers are still unsecured. Christoph Hartmann and Dominik Richter offer an overview of InSpec—an open source tool for infrastructure, security, and compliance testing—and demonstrate how patch and security level can be assessed in CI/CD and production environments. Read more.
1:15pm–1:55pm Wednesday, November 1, 2017
Location: Sutton North
Jessy Irwin (Jessysaurusrex)
Average rating: *****
(5.00, 2 ratings)
When a major security incident hits the news, security practitioners are quick to place the blame on users for being the weakest link in security. Jessy Irwin debunks the myth that users are the root of all failure and explores how security teams can even the playing field to transform people into an extra line of defense when we need them the most. Read more.
1:15pm–1:55pm Wednesday, November 1, 2017
Location: Sutton South
Neal Mueller (Google), Max Saltonstall (Google)
Average rating: *****
(5.00, 2 ratings)
Most companies today use some variation of the firewall or “fortress” model for perimeter security. This model assumes everything on the outside is dangerous and everything in the inside is safe and worked well when employees worked on desktop computers at the company HQ. Neal Mueller and Max Saltonstall offer an overview of Google’s BeyondCorp, a new model for today's dispersed BYOD workforce. Read more.
1:15pm–1:55pm Wednesday, November 1, 2017
Location: Regent
Kyle Randolph (Optimizely)
Average rating: **...
(2.00, 1 rating)
It's a huge act of trust for an established company to allow a startup access to its data and infrastructure. Kyle Randolph shares lessons learned building an enterprise SaaS startup, where security went from zero to paramount as the company scaled, and explains how to meet customers' needs, how to sell security to management, and how to build security into engineering. Read more.
2:10pm–2:50pm Wednesday, November 1, 2017
Location: Beekman
Sara Mitchell (Carnegie Mellon University)
Average rating: **...
(2.00, 1 rating)
Sara Mitchell shares a model that attempts to explain the optimal resource allocation of advanced persistent threats (APTs) and targets based on the feedback loops present in system dynamics. The assumption is that in this allocation there is an optimal way to operate to either attack or defend infrastructure. Read more.
2:10pm–2:50pm Wednesday, November 1, 2017
Location: Sutton North
Carole Fennelly (CFennelly Consulting)
The worst time to figure out how to respond to a security incident is when you’re in the middle of one. Carole Fennelly explains why an effective incident response plan requires that policies, plans, people, technologies, and processes be in place and tested before a security incident occurs. Read more.
2:10pm–2:50pm Wednesday, November 1, 2017
Location: Sutton South
Jack Naglieri (Airbnb), Austin Byers (Airbnb)
The advent of serverless technologies and infrastructure as code has changed how we build and deploy security services, empowering teams to create low-cost, scalable, and secure services to protect organizations. Drawing on their real-world experiences, Jack Naglieri and Austin Byers explore tools and techniques for successfully building, deploying, and debugging serverless security applications. Read more.
2:10pm–2:50pm Wednesday, November 1, 2017
Location: Regent
Ryan Lackey (ResetSecurity)
Average rating: ***..
(3.00, 1 rating)
As laptop bans, border searches, and filtering become more common, travel computing security—keeping your data and systems safe while traveling and keeping your home systems safe when you return—is a timely topic. Ryan Lackey explores the unique challenges for the traveling user and shares policy and technical solutions, as well as how security threats and technologies have evolved over time. Read more.
3:50pm–4:30pm Wednesday, November 1, 2017
Location: Beekman
Mark Mossberg (Trail of Bits)
Mark Mossberg offers a practical introduction to symbolic execution, exploring cutting-edge research in automated software testing, along with its strengths, weaknesses, and applications. Mark uses Manticore, a simple, usable, symbolic execution tool, to bridge theory and practice with concrete examples. You’ll walk away better prepared to make informed decisions about how to test your software. Read more.
3:50pm–4:30pm Wednesday, November 1, 2017
Location: Sutton North
Taylor Lobb (Adobe), Julia Knecht (Adobe)
Average rating: ****.
(4.50, 2 ratings)
Taylor Lobb and Julia Knecht explain how a team of just two security analysts created a successful secure product lifecycle (SPLC) program by leveraging automation and establishing security ambassadors (champions) within the product engineering teams. This program has successfully scaled to support thousands of engineers due to the solid framework built on automation at its core. Read more.
3:50pm–4:30pm Wednesday, November 1, 2017
Location: Sutton South
Michael Horowitz (Independent)
Routers are a perfect target both because of the important role they play and the generally insecure way they are configured. Michael Horowitz covers some interesting router bugs and explains how to configure a router to be as secure as possible, how to test a router, and what to look for when buying a router. Read more.
3:50pm–4:30pm Wednesday, November 1, 2017
Location: Regent
Jim Gumbley (ThoughtWorks)
We want Agile software delivery teams to bake security into the work they deliver in every iteration. Jim Gumbley offers an overview of Sensible Conversations, an open source, low-fi, visual, collaborative set of materials and workshops about security, and shares what works (and doesn't), drawn from his experience working with a variety of public and private sector software delivery teams. Read more.
4:45pm–5:25pm Wednesday, November 1, 2017
Location: Beekman
Peleus Uhley (Adobe)
Average rating: *****
(5.00, 1 rating)
An accurate understanding of your public network and application exposure is necessary for everything from scalable security automation to red team exercises, but it can be overwhelming trying to keep up with a large organization. Peleus Uhley shares techniques for leveraging freely available data to create complete network graphs, track best practices, and identify security issues. Read more.
4:45pm–5:25pm Wednesday, November 1, 2017
Location: Sutton North
Users aren't just part of the problem; they're part of the solution. Creating a security culture takes more than security awareness training. It takes commitment from all parts of an organization. Chester Wisniewski explains why we need users to take an active part in helping manage security risk in order to improve security and better defend against and respond to phishing attacks. Read more.
4:45pm–5:25pm Wednesday, November 1, 2017
Location: Sutton South
Jan Schaumann (The Internet)
Average rating: *****
(5.00, 1 rating)
Jan Schaumann shares insights into TLS cipher specs and protocols and threat analysis of dozens of vulnerabilities and attacks and explains how to effect change across a diverse legacy stack, how to collaborate with a significant number of teams on goals that may not be directly in line with their roadmaps, and how to get buy-in from your executives. Read more.
4:45pm–5:25pm Wednesday, November 1, 2017
Location: Regent
Michele Iacovone (Intuit)
Michele Iacovone outlines best practices to securely move customer data to the cloud through AWS while also keeping your customers' interests top of mind. Along the way, Michele explains how companies can successfully and securely harness the power of the cloud to ensure the speed of innovation. Read more.