Chris Eng is vice president of research at Veracode. In this role, he leads the team responsible for integrating security expertise into all aspects of Veracode’s technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world’s largest companies.
Chris is a frequent speaker at premier industry conferences, where he has presented on a diverse range of topics, including cryptographic attacks, agile security, mobile application security, and security metrics. He has been interviewed by Bloomberg, Fox Business, CBS, and other media outlets worldwide.
Security Speed Debates
Match wits in a fast-paced debate covering a handful of topical security issues and customer-revelant subjects. Two teams of volunteers will face off, and the audience will determine which side made the most convincing (or entertaining) arguments. Topics will not be announced in advance, so participants will have to think on their feet!
As a global leader in IT security, Trend Micro develops innovative security solutions that make the world safe for businesses and consumers to exchange digital information. With over 25 years of security expertise, we’re recognized as the market leader in server security, cloud security, and small business content security.
Infosec specialist whose qualifications include an indepth understanding of security principals and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.
Into The Worm Hole: Metasploit For Web PenTesting
Metasploit is most commonly known for its epic pwnage of network and service level vulnerabilities. What you may not know is that same epic pwnage can be leveraged exploiting web application vulnerabilities. By leveraging the ability to custom build Metasploit modules or tools using the framework the power of Metasploit is only limited by the imagination of the user. “Into The Worm Hole: Metasploit For Web PenTesting” will build on prior knowledge of Metasploit and help elevate the tester’s skills and abilities by working hands-on building a custom scanner, using Metasploit to exploit Web Vulnerabilities, and learn to use Metasploit for phishing, XSS, and other web application vulnerabilities.
Sunera is a leading provider of risk-based consulting including Internal Audit, IT Audit, Information Security, Corporate Governance, and Regulatory Compliance.
Jason Scott is an archivist, historian, documentary filmmaker, information collector, and public speaker. He figured you’d be sick of historical computing by now, but it’s not happening.
All Watched Over By Machines of Loving Grace
For over a century, the selling of computers as the inevitable tools of liberation, productivity, and new ways of life has led to some of the most striking images and words in the world of advertising and public relations. Jason Scott, the free range archivist of the Internet Archive, presents a slideshow and tour through some of the most notable excessive and most outlandish promises of the technology industry.
Elissa “#LADYBOSS” Shevinsky
Elissa Shevinsky is CEO of JeKuDo Privacy Company. JeKuDo is building the best easy to use privacy tools, and is funded by the Mach37 cyber-security accelerator in Virginia.
Shevinsky is a frequent writer and speaker, and most recently gave talks at ShmooCon, DefCon, Pii2014, SXSW, the Computers Freedom and Privacy conference and various Meetups. Shevinsky is also the author of “Lean Out,” an anthology on Silicon Valley culture, published by OR Books.
The Changing Legal Landscape for InfoSec: What You Need to Know
As black hat threat actors attack and embarrass American companies and celebrities, the government seeks to show that it is strong on “cybercrime” by going after the most accessible targets – researchers, journalists and “hackers” like you and me.
Changing government policies and recent court decisions have created a climate where individual infosec researchers could be jailed in the course of doing their jobs. It’s a disturbing trend but there are ways to do our work while mitigating our personal risks.
This talk reviews court cases, policy decisions, and the history of hacker convictions, along with analysis from legal experts, to consider best practices for avoiding getting slammed for your research.
Former IDS analyst turned red teamer turned powerpoint jockey née cloud architect. Allergic to alcohol, compensates with Diet Coke.
Embracing the Cloud
It’s inevitable at this point, so rather than fighting, you may as well embrace it – cloud computing is coming to your organization soon (or more realistically, is already there, possibly under the radar!).
This talk covers how to get over the hump of resistance, do so smartly, and possibly enjoy some security benefits in the process. The focus here will be on info sec (or ‘cyber’), rather than the normal DevOps/Agile mumbo jumbo. Vendor selection, indicators of success, net new threat models and mitigations, and net new potential capabilities will be covered.
Mark Painter currently serves as a Security Evangelist for HP Enterprise Security Products. In this role, he is for responsible for educating security professionals, customers, executives and other groups about the risks of security vulnerabilities and HP ESP security solutions. Mark has played an active role in the security industry since 2002 when he joined SPI Dynamics, a leading provider of web application security assessment software and services. Over the course of his career, he has been involved with product management and marketing, security blogging, and vulnerability research.
A year in the life of HP security research
In this presentation, results from the 2015 HP Cyber Security Risk Report, HP and Ponemon Institute studies, and the HP State of Security Operations 2015 Report will be shared to discuss vulnerability trends, where organizations are currently ailing in their security efforts, and how best to counter those threats.
Allen Householder is a Senior Vulnerability & Incident Researcher at the CERT Coordination Center (CERT/CC). He has been involved in internet security since his first professional job in 1995, where a few weeks after starting at a Fortune 500 company he was told “You’re the IP & DNS guy” and shortly thereafter was given responsibility for the corporate firewall. His recent work includes being the technical lead developer for the CERT Basic Fuzzing Framework (BFF) and Failure Observation Engine (FOE), and research into the (in)security of the Internet of Things. His research interests include applications of machine learning to software and system security, fuzzing, and modeling of information sharing and trust among Computer Security Incident Response Teams (CSIRTs).
Coordinated Vulnerability Disclosure is a concurrent process
Media reports about Zero Days, bug bounties, and branded vulnerabilities usually focus on the publication of a vulnerability report. Vulnerability disclosure policies recently hit the mainstream with public kerfuffles between Google and Microsoft over the timing a few vulnerability announcements. However, public reports largely ignore the process of coordination and disclosure that precedes a publication event. For the past 26 years at the CERT Coordination Center, we have been helping connect security researchers and vendors in the interest of improving the security of the Internet and providing users and administrators with the information they need to secure their systems. In this talk I’ll describe the process of coordinating vulnerability disclosures, why it’s hard, and some of the pitfalls and hidden complexities we have encountered. This will be a behind-the-scenes look at a process that doesn’t receive much attention yet is of critical importance to internet security.
Bill Weinberg helps Fortune 1000 clients create sound approaches to enable, build, and deploy software for intelligent devices, enterprise data centers, and cloud infrastructure. Working with FOSS since 1997, Bill also boasts more than thirty years of experience in embedded and open systems, telecommunications, and enterprise software. As a founding team-member at MontaVista Software, Bill pioneered Linux as leading platform for intelligent and mobile devices. During his tenure as Senior Analyst at OSDL (today, the Linux Foundation), Bill ran Carrier Grade and Mobile Linux initiatives and worked closely with foundation members, analyst firms, and the press. As General Manager of the Linux Phone Standards Forum, he worked tireless to establish standards for mobile telephony middleware. Bill is also a prolific author and busy speaker on topics spanning global FOSS adoption to real-time computing, IoT, legacy migration, licensing, standardization, telecoms infrastructure, and mobile applications. Learn more at http://www.linuxpundit.com/.
OSS Hygiene – Mitigating Security Risks from Development, Integration, Distribution and Deployment of Open Source Software
Across the landscape of IT, Open Source Software (OSS) is pervasive and ubiquitous. From the cloud and web to data centers; from the desktop to mobile devices; and across a range of embedded and IoT applications, OSS comands an ever-increasing, dominant share of the system software stack and provides equally substantial swathes of enabling application middleware, applications themselves, and tooling. While rapid adoption of OSS demonstrably offers a range of advantages, the community development model presents developers, integrators and deployers with a set of accompanying challenges related to security, operational, and legal risk. Historically, foremost among these concerns stood license compliance and IP protection; however, with recent highly publicized threats to OSS, security has joined these concerns and today dominates the OSS adoption conversation. This presentation will explore the role of and requirements for secure development of and deployment with OSS.