shanford@ckure.com

@SethHanford

As a Staff Information Security Engineer, Seth Hanford applies his experience to incident response, PSIRT, and security operations functions for both enterprise and customer security. Hanford has been an individual contributor for PSIRTs, CSIRTs, and intelligence teams in small businesses, large enterprises, and several global teams. He has worked on-site in operations center watch floors, collaborated globally with FIRST Special Interest Groups, and has more than a decade of experience being an effective full-time remote worker. He has also had the pleasure to serve as a manager both globally and locally, and recruited for world-class threat research teams as well as to relaunch a Fortune 100 SOC into a threat-driven detection & response team.

Defend the Defenders: Managing and Participating in Excellent Teams

Response teams apply threat models to protect an organization’s goals and to determine which controls are important to defend organizational interests. But defensive teams themselves are under threat: working in emergency response takes its toll on individuals. Budgets, over-commitment, urgency, and crisis all put a great deal of pressure on incident responders. This presentation will examine “threats against the goals of the SIRT itself” for managers and “blue team” practitioners: how to build, manage, and participate a defensive / incident response team under fire. Attendees will learn a practical approach for identifying and defending against the key threats against their team goals. The speaker will share examples from his own past threat modeling, such as: how to find, hire, and retain good candidates; how to maintain morale when under crisis; how to improve a struggling team; how to (re)organize to meet imminent challenges to long-term success; and more.

Come see me at RVAsec 2017. Register now!

gpepper@checkpoint.com

@pepper_greg

Greg Pepper has been an IT professional for 15+ years with expertise in Security, Networking & Cloud Computing. Initially working for Sony Online Entertainment, PriceWaterhouse Coopers & Organic, Greg has spent the last 15 years working for Cisco & Check Point helping customers to design, plan and implement secure networks throughout the Internet Edge, Campus Backbone, Data Center and Cloud Environments. Currently as Head of Cloud Security Architects for Check Point, Greg focuses on Software Defined Data Centers working with customers and partners to secure Software defined solutions with in Amazon Web Services, Microsoft Azure, VMware NSX, Cisco ACI and OpenStack.

Best Practices for Securing the Hybrid Cloud

Cloud has enabled applications and infrastructure to move at a pace not seen before. Organizations are faces with options to invest in and enhance their physical data centers to deploy SDN and build private clouds. Alternatively, many companies are choosing to migrate these applications in to the Cloud. Public Cloud options for Infrastructure as a Service and or Platform as service exist, but there exists a shared responsibility for security in either of those scenarios. Come learn strategies, design templates and best practices on how to secure applications through automation & orchestrations, making security as a integral part of the cloud and SDN deployments.

Come see me at RVAsec 2017. Register Now!

www.andreamm.com

@amatwyshyn

Dr. Andrea M. Matwyshyn is a legal academic studying technology innovation and its policy implications, particularly corporate information security regulation and consumer privacy. She is currently a (tenured full) professor of law/professor of computer science (by courtesy) at Northeastern University, a faculty affiliate of the Center for Internet and Society at Stanford Law School, and a visiting research collaborator at the Center for Information Technology Policy at Princeton University, where she was the Microsoft Visiting Professor during 2014-15. In 2014, Professor Matwyshyn served as the Senior Policy Advisor and Academic in Residence at the U.S. Federal Trade Commission. She has testified in Congress on issues of technology innovation and information security regulation and is a US-UK Fulbright Commission Cyber Security Scholar award recipient in 2016-2017.

CYBER!

This talk challenges the underlying assumptions of the “cyber” or “cybersecurity” legal and policy conversation. It argues that the two dominant paradigms – information sharing and deterrence – reflect last century’s policy approaches that channel our security energies in misguided directions: in their current form, they will neither thwart technology-mediated attacks on our national security nor meaningfully bolster consumer protection. Drawing insights from the work of seminal philosopher of science Michael Polanyi, this talk first identifies four analytical flaws that plague the legal and policy analysis of information security. It then offers a new policy paradigm – reciprocal security inducement. Reciprocal security inducement reframes the legal and policy security conversation around two key elements: information vigilance infrastructure and defense primacy. The talk concludes with a list of concrete legal and policy suggestions reflecting the reciprocal security inducement paradigm.* *This talk contains bacon.

Come see me at RVAsec 2016! Register now.