Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Schedule: Bridging business and security sessions

1:30pm–5:00pm Monday, October 30, 2017
Location: Regent
Venky Anant (McKinsey & Company), Joy Smith (McKinsey & Company)
Average rating: *****
(5.00, 1 rating)
The lack of transparency between executive decisions and those who implement them can muddle the response to a fast-moving cyber-crisis. Venky Anant and Joy Smith take you through a crisis, from the response from the board and executive members to the experience of front-line responders, giving you an opportunity to question and ultimately improve the harmony between the respective approaches. Read more.
11:20am–12:00pm Tuesday, October 31, 2017
Location: Regent
Yong-Gon Chon (Focal Point Data Risk), Wade Baker (Cyentia Institute)
Average rating: ****.
(4.50, 2 ratings)
Yong-Gon Chon and Wade Baker share the results of an original, in-depth survey project that interviewed current board members and senior cybersecurity professionals to find out whether cybersecurity is now a boardroom issue, and if it is, determine what security experts have been telling boards to care about. Read more.
1:15pm–1:55pm Tuesday, October 31, 2017
Location: Beekman
Gwen Betts (Komand)
User experience is often a forgotten piece in the broader information security puzzle. Security is difficult, especially for the average user, and many believe it’s already baked into the day-to-day software products they use, which isn’t always the case. Gwen Betts explains how a design-driven approach to security products and measures can drive greater adoption and acceptance. Read more.
1:15pm–1:55pm Tuesday, October 31, 2017
Location: Regent
Ruchi Shah (Google), Michael Sinno (Google)
Average rating: **...
(2.50, 2 ratings)
Ruchi Shah and Michael Sinno share the top 15 things that Google Security worries about when acquiring or starting a company and explain how they address them in order to protect both the entity and Google itself. Read more.
2:10pm–2:50pm Tuesday, October 31, 2017
Location: Regent
Josiah Dykstra (Department of Defense)
Every day, people considering security solutions and products are misled, manipulated, or deceived by real and bogus science, wild claims, and marketing trickery. Drawing on his book Essential Cybersecurity Science, Josiah Dykstra shares questions to ask and new techniques to help you spot and challenge these tactics before you buy or build another security product. Read more.
3:50pm–4:30pm Tuesday, October 31, 2017
Location: Regent
Jay Kelath (Dow Jones)
Legacy software in big companies is a security nightmare. Jay Kelath explains how the product security team at Dow Jones successfully integrated security into the Agile software development cycle while dealing with problems in legacy architectures—outlining a plan you can follow in your own security transformation. Read more.
11:20am–12:00pm Wednesday, November 1, 2017
Location: Regent
Jen Ellis (Rapid7)
It’s a widely held belief in security that at some point most organizations will fall victim to some kind of breach or significant security incident. Jen Ellis outlines the considerations for successful crisis communications to help you weather the storm, covering the key tenets of good communications strategies, from preparation to dealing with press and everything in between. Read more.
1:15pm–1:55pm Wednesday, November 1, 2017
Location: Regent
Kyle Randolph (Optimizely)
Average rating: **...
(2.00, 1 rating)
It's a huge act of trust for an established company to allow a startup access to its data and infrastructure. Kyle Randolph shares lessons learned building an enterprise SaaS startup, where security went from zero to paramount as the company scaled, and explains how to meet customers' needs, how to sell security to management, and how to build security into engineering. Read more.
2:10pm–2:50pm Wednesday, November 1, 2017
Location: Beekman
Sara Mitchell (Carnegie Mellon University)
Average rating: **...
(2.00, 1 rating)
Sara Mitchell shares a model that attempts to explain the optimal resource allocation of advanced persistent threats (APTs) and targets based on the feedback loops present in system dynamics. The assumption is that in this allocation there is an optimal way to operate to either attack or defend infrastructure. Read more.
2:10pm–2:50pm Wednesday, November 1, 2017
Location: Sutton North
Carole Fennelly (CFennelly Consulting)
The worst time to figure out how to respond to a security incident is when you’re in the middle of one. Carole Fennelly explains why an effective incident response plan requires that policies, plans, people, technologies, and processes be in place and tested before a security incident occurs. Read more.
3:50pm–4:30pm Wednesday, November 1, 2017
Location: Regent
Jim Gumbley (ThoughtWorks)
We want Agile software delivery teams to bake security into the work they deliver in every iteration. Jim Gumbley offers an overview of Sensible Conversations, an open source, low-fi, visual, collaborative set of materials and workshops about security, and shares what works (and doesn't), drawn from his experience working with a variety of public and private sector software delivery teams. Read more.
4:45pm–5:25pm Wednesday, November 1, 2017
Location: Sutton North
Users aren't just part of the problem; they're part of the solution. Creating a security culture takes more than security awareness training. It takes commitment from all parts of an organization. Chester Wisniewski explains why we need users to take an active part in helping manage security risk in order to improve security and better defend against and respond to phishing attacks. Read more.
4:45pm–5:25pm Wednesday, November 1, 2017
Location: Regent
Michele Iacovone (Intuit)
Michele Iacovone outlines best practices to securely move customer data to the cloud through AWS while also keeping your customers' interests top of mind. Along the way, Michele explains how companies can successfully and securely harness the power of the cloud to ensure the speed of innovation. Read more.