www.pharossecurity.com

@desmondholden

Dan Holden is CEO of Pharos Security measures, aligns, and guides optimization of the ROI and level of protection of a security program and translates the security program into business level terminology. Mr. Holden has 25 years in information security having served as CTO of the Retail and Hospitality ISAC, and Chief Technology Strategist at Arbor Networks. His experience includes building multiple teams from scratch as well as having brought multiple products to market while at IBM, TippingPoint, and Arbor Networks. Throughout his career he has a broad range of experience across multiple business functions including engineering, product management, sales, and marketing.

CISO of 2025

So much of the news related to CISOs today is negative. The reasons are clear because the challenges are enormous. Many CISO’s believe they are not given a fair chance – essentially obstructed from doing their job. Often there can be poor trust with the board, primarily due to not having a pragmatic, cost effective plan, to solve board level problems. CISOs have failed largely in this regard as their security plans have been tactical and not delivering on strategic goals. The common argument is executives just don’t ‘get it’, but most do, and they realize that security doesn’t provide great value with historic or conventional approaches. They might say the business only wants check-box security, but executives understand that to a great degree that is the only material benefit offered by security – so may as well get it at best cost. This talk will explore where and why things have happened the way they have, and how to move towards a definition for the CISO of 2025.

Come see Dan at RVAsec! Register now.

Dr. Robert Mitchell is currently a member of technical staff at MITRE. He received the Ph.D, M.S. and B.S. from Virginia Tech. Robert served as a military officer for six years and has over 13 years of industry experience, having worked previously at Sandia National Laboratories, Boeing, BAE Systems, Raytheon and Nokia. His research interests include game theory, linkography, moving target defense, computer network operations, network security, intrusion detection and cyber physical systems. Robert has published 25 peer reviewed articles.

A Game Theoretic Model of Computer Network Exploitation Campaigns

Increasingly, cyberspace is the battlefield of choice for twenty first century criminal activity and foreign conflict. This suggests that traditional modeling and simulation approaches have stalled in the information security domain. We propose a game theoretic model based on a multistage model of computer network exploitation (CNE) campaigns comprising reconnaissance, tooling, implant, lateral movement, exfiltration
and cleanup stages. In each round of the game, the attacker chooses whether to proceed with the next stage of the campaign, nature decides whether the defender is cognizant of the campaign’s progression, and the defender chooses to respond in an active or passive fashion. We propose a dynamic, asymmetric, complete-information, general-sum game to model CNE campaigns and techniques to estimate this game’s parameters. Researchers can extend this work to other threat models, and practitioners can use this work for decision support.

Come see Robert at RVAsec. Register Now.

www.ptsecurity.com

@L_AGalloway

@a66at

Leigh-Anne Galloway is the Cyber Security Resilience Lead at Positive Technologies where she advises organizations on how best to secure their applications and infrastructure against modern threats. She is an expert in the Application Security Unit, specializing in ATM and POS Security and is the author of security research in account recovery processes on social media websites. She has spoken at many conferences including DevSecCon, BSides, InfoSec Europe, Hacktivity, 8dot8, Blackhat EU and Troopers.

Timur Yunusov – Senior Expert of Banking systems security and author of multiple researches in field of application security including “Apple Pay replay attacks” showed at the BlackHat USA 2017, “Bruteforce of PHPSESSID”, rated in Top Ten Web Hacking Techniques by WhiteHat Security and “XML Out-Of-Band” showed at the BlackHat EU. Professional application security researcher.
Timur has previously spoken at CanSecWest, BlackHat USA, BlackHat EU, HackInTheBox, Nullcon, NoSuchCon, Hack In Paris, ZeroNights and Positive Hack Days.

Demystifying Payments: Payment Technologies and Security Risks

Have you ever wanted to learn how payment technologies work? What happens when you pay for something on a website or using a cell phone? Payment technologies are a transparent part of our lives. They enable us pay for everything from a coffee to a car. In this talk we take a look at payment technologies past, present and future, and look at the security risks associated with them. Learn how payments have evolved and what transactions look like today.

Come see Leigh-Anne and Timur at RVAsec! Register Now.