Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Schedule: Teachable moments sessions

9:00am–12:30pm Monday, October 30, 2017
Location: Sutton North
Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison)
Drawing from their experience performing vulnerability assessments of critical middleware, Bart Miller and Elisa Heymann walk you through the programming practices that can lead to security vulnerabilities and demonstrate how to automate tools for finding security weaknesses. You'll learn skills critical for software developers and analysts concerned with security. Read more.
9:00am–12:30pm Monday, October 30, 2017
Location: Regent
Kevin Poniatowski (Security Innovation)
Kevin Poniatowski teaches you how to shorten the time it takes to find common web vulnerabilities while also decreasing the risk of an OWASP Top 10 vulnerability making it into the production server, demonstrating how to collect useful data that will reveal where the vulnerabilities are hiding. Read more.
11:20am–12:00pm Tuesday, October 31, 2017
Location: Sutton South
Nir Valtman (NCR Corporation)
Average rating: ****.
(4.00, 1 rating)
Step outside the best practices comfort zone, as Nir Valtman walks you through a thought experiment to secure 100 products. Along the way, Nir explores procedural and technological challenges such as working with diverse software architectures, multiple development languages and platforms, a variety of development lifecycles, injecting security into continuous integration and delivery, and more. Read more.
1:15pm–1:55pm Tuesday, October 31, 2017
Location: Sutton South
Christie Terrill (Bishop Fox)
Average rating: ****.
(4.33, 3 ratings)
How do you respond when your company's executives want you to go from an understaffed security team to a world-class security program in an unreasonably short time frame? Christie Terrill shares a case study from a prominent healthcare provider that describes how she met the charge, managed expectations, and built a security program to be proud of in only three (read: nine) months. Read more.
2:10pm–2:50pm Tuesday, October 31, 2017
Location: Sutton South
Devina Dhawan (Etsy)
Average rating: ***..
(3.00, 1 rating)
Devina Dhawan explains how to improve your existing AWS infrastructure by bringing in external tooling, mastering the AWS command-line interface, and improving communication with the rest of your organization. Read more.
3:50pm–4:30pm Tuesday, October 31, 2017
Location: Sutton South
Pieter Ockers (Adobe)
Average rating: *****
(5.00, 1 rating)
Internal bug hunts, in which employees compete for prizes by finding and reporting security bugs, enable security teams to harness the creativity and problem-solving skills of the workforce while reducing security bugs in their applications. Pieter Ockers explains how bug hunts promote a culture of security awareness by involving participants outside of the security team. Read more.
4:45pm–5:25pm Tuesday, October 31, 2017
Location: Regent
Tom Cignarella (Adobe), Jennifer Ruehr (Adobe)
Tom Cignarella and Jennifer Ruehr explain how you can leverage the strengths of both security experts and privacy experts to constantly deliver what customers will expect from you, even through organizational shifts, divisions, and challenges. Read more.
3:50pm–4:30pm Wednesday, November 1, 2017
Location: Sutton South
Michael Horowitz (Independent)
Routers are a perfect target both because of the important role they play and the generally insecure way they are configured. Michael Horowitz covers some interesting router bugs and explains how to configure a router to be as secure as possible, how to test a router, and what to look for when buying a router. Read more.