Steve Christey

@sushidude

www.mitre.org

MITRE
Steve Christey Coley is a Principal Information Security Engineer in the Cyber Security Division at The MITRE Corporation, supporting FDA CDRH on medical device cyber security. Steve was co-creator and Editor of the CVE list and chair of the CVE Editorial Board from 1999 to 2015. He is the technical lead for CWE, the Common Weakness Scoring System (CWSS), and the CWE/SANS Top 25 Software Most Dangerous Software Errors. He was a co-author of the influential “Responsible Vulnerability Disclosure Process” IETF draft with Chris Wysopal in 2002. He was an active contributor to other community-oriented efforts such as CVSS, CVRF, and NIST’s Static Analysis Tool Exposition (SATE). His interests include adapting traditional IT security
methodologies to new areas, software assurance, improving vulnerability information exchange, and making the cybersecurity profession more inclusive for anybody who seeks a place in it. He holds a B.S. in Computer Science from Hobart College.

Toward Consistent, Usable Security Risk Assessment of Medical Devices
“CVSS? For *my* medical device?” It’s more likely than you think.

With so many different stakeholders in the medical device ecosystem – including manufacturers, hospitals, researchers, third-party coordinators, and patients – it’s no wonder that risk assessment is looking kind of discombobulated right now. When a new medical device vulnerability comes out, rarely is there any agreement about how bad it is. It can be very difficult for health care providers to use existing information to make appropriate, defensible risk decisions

If only there were a common vulnerability scoring system to stop the madness! Enter CVSS. But how can this IT-oriented system be used for evaluating medical device vulnerabilities, and should it? Fortunately, FDA’s CDRH has tasked MITRE to work with the medical device community to find out, so I’ll tell you all about it.

Register Now!

Dawn-Marie Hutchinson

@CISO_Advantage

www.optiv.com

Optiv
Dawn-Marie Hutchinson brings 15 years of enterprise information technology experience to her role as a senior consultant in the Office of the CISO at Optiv. She is an innovative business partner with extensive
experience serving on Enterprise Risk Management teams. She is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls.

Beyond the Security Team: The Economics of Breach Response
Breaches are expensive. So expensive that cyber insurance coverage is often lacking. This presentation explores the economics of breaches, the differences between breach and incident response and how you can align your security team’s goals with company values.

Register Now!

David Sirrine

@dsirrine

Red Hat, Inc.
Dave is a career Open Source security advocate, evangelist, and problem solver. Working closely with the product and platform security teams at Red Hat, developing skills and knowledge of not just ensuring the Linux host is secured, but ensuring this level of security is maintained over time.

Open Source Identity Management: From Password to Policy
Learn how Open Source technologies such as FreeIPA
(IdM) and SSSD can provide intelligent policy management and access
control for your Linux environment, tighter Active Directory
integration through cross forest trusts, and a variety of methods by
which one can authenticate using Smart Cards, SAML, and OTP among
others to systems and services. This session will also cover how to
use the additional features and functionality of FreeIPA to provide a
robust PKI infrastructure and DNS management to your environment.

Register Now!

Rockie Brockway

Black Box Network Services
Rockie Brockway serves Black Box as Information Security and Business Risk Director and Senior Engineering Director. With over two decades of experience in InfoSec/Risk, he specializes in Information Security Risk Management and the inherent relationship between assets, business system and process, adversary and threats. For the past 6 years he has served in a vCISO role for a F500 manufacturing organization creating and improving their global Enterprise Security Architecture while building teams of trained red team killers and risk analysts for Black Box.

Enterprise Threat Management Like a Boss
Attribution is hard. And in most business cases unnecessary. Threat Management, like Vulnerability Management, is a core pillar in most Enterprise Security Architectures (ESA), yet is a very different beast with completely separate functions, processes and skillset requirements. Similar to my previous talk on Enterprise Class Vulnerability Management, this talk takes the framework of the OWASP ASVS 2014 framework and applies it to Enterprise Threat Management in an attempt to make a clearly complicated yet necessary part of your organization’s ESA much more manageable, effective and efficient with feasible recommendations, based on your business’ needs.

Register Now!

Mark Weatherford

@marktw

www.varmour.com

vArmour
Mark Weatherford is Chief Cybersecurity Strategist at vArmour. He has more than 20 years of security operations leadership and executive-level policy experience in some of the largest and most critical public and private sector organizations in the world including roles as:

• Principal at The Chertoff Group
• Appointed by President Obama as DHS’s first Deputy Under Secretary for Cybersecurity
• VP and Chief Security Officer at the North American Electric Reliability Corporation (NERC)
• Appointed by Governor Arnold Schwarzenegger as California’s first Chief Information Security Officer
• Chief Information Security Officer for the State of Colorado
• US Navy Cryptologic Officer

In addition, Mark was:

• Selected as SC Magazine’s “CSO of the Year” award in 2010
• Named one of the “10 Most Influential People in Government Information Security” by GovInfoSecurity in both 2012 and 2013
• Selected for the 2013 CSO Compass Award for leadership achievements in the security community

(Your) Inevitable Path to the Cloud
Like the switch from steam to electric power a century ago, the shift to cloud computing is inevitable—in fact, it’s already here. But what this brings in efficiency, it misses in security as the lack of visibility in the virtual environment allows too much room for malicious activity. This presentation details the structure and blind spots of data centers and cloud environments and addresses ideas for companies to consider in securing their data assets.

Register Now!