Boris Sverdlik

@jadedsecurity

Oscar Insurance

Jaded Security Guy

You’re HIPAA certified and Bob just killed someone from the parking lot

My friend Bob is undergoing Chemo and his wife asked him to get a copy of his medical records for a second opinion. Bob being an obedient husband had to jump through hoops to get copies of HIS records thanks to the monotony that we know as HIPAA.

So one day while Bob is waiting for his treatment he notices that the facility has several blatant physical security issues which could allow someone of a more shady nature to obtain his health records without jumping through hoops. Follow Bob in his adventures..

Register now

Chris Eng

@chriseng

Chris Eng is vice president of research at Veracode. In this role, he leads the team responsible for integrating security expertise into all aspects of Veracode’s technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world’s largest companies.

Chris is a frequent speaker at premier industry conferences, where he has presented on a diverse range of topics, including cryptographic attacks, agile security, mobile application security, and security metrics. He has been interviewed by Bloomberg, Fox Business, CBS, and other media outlets worldwide.

Security Speed Debates

Match wits in a fast-paced debate covering a handful of topical security issues and customer-revelant subjects. Two teams of volunteers will face off, and the audience will determine which side made the most convincing (or entertaining) arguments. Topics will not be announced in advance, so participants will have to think on their feet!

Register now

Kizz MyAnthia

@kizzmyanthia

http://kizzmyanthia.com/

Infosec specialist whose qualifications include an indepth understanding of security principals and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.

Into The Worm Hole: Metasploit For Web PenTesting

Metasploit is most commonly known for its epic pwnage of network and service level vulnerabilities. What you may not know is that same epic pwnage can be leveraged exploiting web application vulnerabilities. By leveraging the ability to custom build Metasploit modules or tools using the framework the power of Metasploit is only limited by the imagination of the user. “Into The Worm Hole: Metasploit For Web PenTesting” will build on prior knowledge of Metasploit and help elevate the tester’s skills and abilities by working hands-on building a custom scanner, using Metasploit to exploit Web Vulnerabilities, and learn to use Metasploit for phishing, XSS, and other web application vulnerabilities.

Register now

Jason Scott

@textfiles

http://textfiles.com

Jason Scott is an archivist, historian, documentary filmmaker, information collector, and public speaker. He figured you’d be sick of historical computing by now, but it’s not happening.

All Watched Over By Machines of Loving Grace

For over a century, the selling of computers as the inevitable tools of liberation, productivity, and new ways of life has led to some of the most striking images and words in the world of advertising and public relations. Jason Scott, the free range archivist of the Internet Archive, presents a slideshow and tour through some of the most notable excessive and most outlandish promises of the technology industry.

Register now

Adam Crosby

Former IDS analyst turned red teamer turned powerpoint jockey née cloud architect. Allergic to alcohol, compensates with Diet Coke.

Embracing the Cloud

It’s inevitable at this point, so rather than fighting, you may as well embrace it – cloud computing is coming to your organization soon (or more realistically, is already there, possibly under the radar!).
This talk covers how to get over the hump of resistance, do so smartly, and possibly enjoy some security benefits in the process. The focus here will be on info sec (or ‘cyber’), rather than the normal DevOps/Agile mumbo jumbo. Vendor selection, indicators of success, net new threat models and mitigations, and net new potential capabilities will be covered.

Register now

Mark Painter

http://h30499.www3.hp.com/t5/user/viewprofilepage/user-id/604506

@secpainter

Mark Painter currently serves as a Security Evangelist for HP Enterprise Security Products. In this role, he is for responsible for educating security professionals, customers, executives and other groups about the risks of security vulnerabilities and HP ESP security solutions. Mark has played an active role in the security industry since 2002 when he joined SPI Dynamics, a leading provider of web application security assessment software and services. Over the course of his career, he has been involved with product management and marketing, security blogging, and vulnerability research.

A year in the life of HP security research

In this presentation, results from the 2015 HP Cyber Security Risk Report, HP and Ponemon Institute studies, and the HP State of Security Operations 2015 Report will be shared to discuss vulnerability trends, where organizations are currently ailing in their security efforts, and how best to counter those threats.

Register now

Allen Householder

@__adh__

https://www.cert.org/blogs/certcc/

Allen Householder is a Senior Vulnerability & Incident Researcher at the CERT Coordination Center (CERT/CC). He has been involved in internet security since his first professional job in 1995, where a few weeks after starting at a Fortune 500 company he was told “You’re the IP & DNS guy” and shortly thereafter was given responsibility for the corporate firewall. His recent work includes being the technical lead developer for the CERT Basic Fuzzing Framework (BFF) and Failure Observation Engine (FOE), and research into the (in)security of the Internet of Things. His research interests include applications of machine learning to software and system security, fuzzing, and modeling of information sharing and trust among Computer Security Incident Response Teams (CSIRTs).

Coordinated Vulnerability Disclosure is a concurrent process

Media reports about Zero Days, bug bounties, and branded vulnerabilities usually focus on the publication of a vulnerability report. Vulnerability disclosure policies recently hit the mainstream with public kerfuffles between Google and Microsoft over the timing a few vulnerability announcements. However, public reports largely ignore the process of coordination and disclosure that precedes a publication event. For the past 26 years at the CERT Coordination Center, we have been helping connect security researchers and vendors in the interest of improving the security of the Internet and providing users and administrators with the information they need to secure their systems. In this talk I’ll describe the process of coordinating vulnerability disclosures, why it’s hard, and some of the pitfalls and hidden complexities we have encountered. This will be a behind-the-scenes look at a process that doesn’t receive much attention yet is of critical importance to internet security.

Register now

Bill Weinberg

@linuxpundit

http://osdelivers.blackducksoftware.com/author/bill-weinberg/

Bill Weinberg helps Fortune 1000 clients create sound approaches to enable, build, and deploy software for intelligent devices, enterprise data centers, and cloud infrastructure. Working with FOSS since 1997, Bill also boasts more than thirty years of experience in embedded and open systems, telecommunications, and enterprise software. As a founding team-member at MontaVista Software, Bill pioneered Linux as leading platform for intelligent and mobile devices. During his tenure as Senior Analyst at OSDL (today, the Linux Foundation), Bill ran Carrier Grade and Mobile Linux initiatives and worked closely with foundation members, analyst firms, and the press. As General Manager of the Linux Phone Standards Forum, he worked tireless to establish standards for mobile telephony middleware. Bill is also a prolific author and busy speaker on topics spanning global FOSS adoption to real-time computing, IoT, legacy migration, licensing, standardization, telecoms infrastructure, and mobile applications. Learn more at http://www.linuxpundit.com/.

OSS Hygiene – Mitigating Security Risks from Development, Integration, Distribution and Deployment of Open Source Software

Across the landscape of IT, Open Source Software (OSS) is pervasive and ubiquitous. From the cloud and web to data centers; from the desktop to mobile devices; and across a range of embedded and IoT applications, OSS comands an ever-increasing, dominant share of the system software stack and provides equally substantial swathes of enabling application middleware, applications themselves, and tooling. While rapid adoption of OSS demonstrably offers a range of advantages, the community development model presents developers, integrators and deployers with a set of accompanying challenges related to security, operational, and legal risk. Historically, foremost among these concerns stood license compliance and IP protection; however, with recent highly publicized threats to OSS, security has joined these concerns and today dominates the OSS adoption conversation. This presentation will explore the role of and requirements for secure development of and deployment with OSS.

Register now