RVAsec

David J Bianco

@DavidJBianco

http://detect-respond.blogspot.com

Before coming to work as a Security Architect and DFIR subject matter expert at Sqrrl, David led the hunt team at Mandiant, helping to develop and prototype innovative approaches to detect and respond to network attacks. Prior to that, he spent five years helping to build an intel-driven detection & response program for General Electric (GE-CIRT). He set detection strategies for a network of nearly 500 NSM sensors in over 160 countries and led response efforts for some of the company’s the most critical incidents.

David stays active in the community, speaking and writing on the subjects of Incident Detection & Response, Threat Intelligence and Security Analytics. He is also a member of the MLSec Project (http://www.mlsecproject.org). You can follow him on Twitter as @DavidJBianco or subscribe to his blog, “Enterprise Detection & Response” (http://detect-respond.blogspot.com).

Visual Hunting with Linked Data Graphs

Security analysts have to sift through a lot of information to hunt for and investigate incidents. Most tools, though, operate at a very low level, making it difficult to see past the individual events and get the big picture. Linked Data Analysis (LDA) visualizes the entities in your data as a graph and shows how they are related. When you are able to step back and see what’s going on at a higher level, it’s much easier to identify suspicious patterns and detect malicious activity that you might have otherwise missed.

In this presentation, we’ll use LDA techniques and open source software to visualize several different types of logs from the Bro network analysis platform. We’ll also demonstrate some practical strategies for identifying and investigating patterns that might indicate security incidents.

Register now

Pete Herzog

www.isecom.org

@peteherzog

Pete Herzog is the co-founder of ISECOM and the lead security researcher and creator of the OSSTMM. His analysis of security, hacking, trust, fraud, and neuro-hacking have shown up in thousands of research papers, books, and government documents around the world. He’s passionate about hacking and figuring out how things (and people) work. And he’s actually a pretty good guy.

Dave Lauer

healthymarkets.org

@dlauer

Dave Lauer is President & Managing Partner of KOR Group, a research and analysis consultancy specializing in market structure and technology. Dave is also the co-founder and President of Healthy Markets, a non-profit coalition of financial firms that seeks to improve disclosure and transparency in the industry while advancing data-driven market structure reforms. Dave’s current work focuses on leveraging machine-learning and “big data” to help improve algorithmic order routing systems, to refine buyside execution decisions, and to generally facilitate continued enhancement of all market structure analysis. Working closely with a wide range of market participants—including institutional buyside, sellside, ATSs, exchanges, regulators and retail robo-advisors—Dave channels his unique body of knowledge toward helping firms navigate increasingly complex modern markets.

Dave also serves as an independent director for Aequitas, a new
Canadian stock exchange.

Dave’s previous work includes technology architecture at Verdande Finance and IEX Group, public advocacy at Better Markets, and electronic trading at Allston Trading and Citadel Investment Group. Dave also helped develop technology for Tervela as an early employee during its formative stages. In his spare time, Dave collaborates on the maintenance and advancement of Cowbird.com, an innovative online photo-narrative storytelling network.

Hacking the Market. How financial market players manipulate prices and infrastructure.

“This is a look inside the current security of modern stock exchange networks in the US known as “the stock market”. The financial networks are an ecosystem that has grown both outside of and within the limits of the Internet to trade billions of dollars daily in the US alone. It is as unique as any internal infrastructure and a fascinating study of evolution where operators push systems to their limits for performance in a drive to generate revenue from their best customers (high-frequency traders) while operating within a regulatory framework that is changing rapidly. It’s a hacker’s sci-fi paradise!”

Register now for RV4sec!

Caleb “chill” Crable

@dirtywhitehat

Caleb is a long-time contributor to the information security scene. A dirty whitehat, Caleb’s career spans various stints at information technology firms where he managed malware response teams, researched web-based security vulnerabilities and tested security products. He is a frequent presenter at technology security events where he shares information and best security practices including the recent Bsides Tampa and upcoming CarolinaCon, and is also the organizer for CarolinaCon Shootout in its 6th year.

The Art of Post-Infection Response and Mitigation

In this day and age, we are all [mostly] fully aware how far signature-based antivirus detentions go… not very far at all in regard to real-time protection. Users will get infected, there are no longer any IF statements in this equation. My focus is the gray area of post-infection and the many different aspects of end-user and incident response frustration that occur after a virus has penetrated a system, or organization, and done its dirty work. I will also be going over various malware removal and mitigation techniques, tools of the trade, and general guidelines to follow to prevent infections from happening in the first place.

Register now for RV4sec!

David Lodge

@tautology0

http://www.pentestpartners.com/

Dave has been in the security industry for too long. Originally hacking games, then a developer, then sysadmin, then generic dogsbody and finally penetration tester.

For a job, Dave hacks companies. For fun, he drinks beer, develops stuff, plays interactive fiction, kills zombies, hacks flash games, drinks beer, brews beer, translates from American to English, drinks beer and likes being pedantic about language.

Internet of Toys?

Does adding network functionality to modern toys make sense? Can they be abuse to manipulate or spy of you or your child? Can we totally subvert them.

It’s a hacking talk: of course we can!

Register now for RV4sec!

Barry Kouns

www.riskbasedsecurity.com

@riskbased

Barry Kouns is principal consultant for ISO/IEC 27001:2013 pre-certification services at Risk Based Security, Inc., an information security, threat intelligence, and risk management consultancy. Barry’s experience includes information security consulting, risk assessment and quality management. Barry has provided training, procedure development and pre-certification consulting services resulting in the successful ISO/IEC 27001 certification of more than two dozen organizations. Barry has full knowledge of GLBA, FFIEC, HIPAA, Sarbanes-Oxley, and 201 CMR 17 and is well versed with PCI DSS, ISO 9001, COBIT, FISMA, NIST 800-53, BS 25999, ISO 31000 and ISO 20000. He has earned a B.S. in Statistics from Virginia Tech and a M.S. in Industrial Engineering Management from North Dakota State University. He has earned the CISSP designation, is a trained ISO /IEC 27001:2013 Auditor & ISMS Implementer, and is ITIL Foundation Certified. Barry was a Captain in the United States Air Force and served as a B-52H Navigator/Bombardier.

Incident Response Management – Not a Fire Drill

In spite of the billions of dollars spent annually to prevent a data breach, breaches are being reported at a rate of more than eight per day. Most security experts say it’s not a matter of if your organization’s data will be breached, but when. If your organization does not have a well designed, formally documented, and regularly tested Incident Response process in place, how well will you respond to the data breach that is most likely in your future?
Not all Incident Response programs are created equal. Speed of action, without first understanding the nature and severity of an event can often lead to elevating the costs to the organization. Join this session to learn how to build an effective Incident Response Management process to identify and properly respond to the various levels of information security events.

Jason Smith

appliednsm.com

@Automayt

Jason Smith is an intrusion detection analyst by day and junkyard engineer by night. Originally from Bowling Green, Kentucky, Jason started his career mining large data sets and performing finite element analysis as a budding physicist. By dumb luck, his love for data mining led him to information security and network security monitoring where he took up a fascination with data manipulation and automation. Jason is the co-author of Applied Network Security Monitoring, creator of FlowPlotter, and co-developer of FlowBAT.

Jason has a long history of assisting state and federal agencies with hardening their defensive perimeters and currently works as a Security Engineer with Mandiant. As part of his development work, he has created several open source projects, many of which have become “best-practice” tools for the DISA CNDSP program.

Applied Detection and Analysis Using Flow Data

While network flow data isn’t a new concept, it is easily one of the most powerful data types you can have in your arsenal as a network defender. It is incredibly low overhead, easy to setup and maintain, and provides tremendously flexible capabilities for network security monitoring (NSM) detection and analysis.
In this presentation, we will take a look at flow data from the perspective of the NSM analyst. To begin, we will harness the power of statistics to demonstrate how flow data can be used for detecting both structured and unstructured threats using techniques that go beyond simple signature matching. Next, I will discuss the concept of friendly intelligence and how flow data can be used to profile devices on your network so you can understand what normal communication looks like. Finally, I will describe how flow data can be used to augment the analysis of network security events that are detected by other mechanisms.

During this presentation, I will also demonstrate FlowPlotter, an open source tool I’ve developed to aide in visualizing flow data for detection and analysis. I’ll also introduce and demonstrate FlowBAT, a graphical flow-based analysis tool that Chris Sanders and I developed to break the significant barrier of entry into Flow Analysis. Every concept I discuss in this presentation will be demonstrated with practical, real-world scenarios complete with real data using the SiLK toolset. You will leave this talk with techniques you can apply to your network immediately with incredibly low overhead and high impact, and scripts to get everything running in minutes.

Schuyler Towne

http://schuylertowne.com/blog

@shoebox

Schuyler Towne is a security anthropologist and Research Scholar at the Ronin Institute. He has dedicated his life to understanding how security technologies have affected culture & the effect of culture on security technology.

Selling Security in a Post Lock Society

There are pockets of the United States that are living in such secure surroundings that residents could go without locks altogether, which some consumers are beginning to realize. In this talk we’ll explore what features the next generation of home security products need to have, and how they will need to market themselves to have an impact on the emerging class of secure consumers.

There was a lot of competition in the CFP, but we’ve managed to whittle it down to another great lineup for RV4sec. So here are the speakers for the 2015 RV4sec conference!

For detailed information about the speakers and their talks please see rvasec.com/speakers/

Thank you to everyone who submitted a proposal to the CFP–the review team had to make some tough decisions and appreciate all the time and hard work that went into submitting.