Ben Smith

@Ben_Smith

blogs.rsa.com/hunting-sharks-teeth-iocs/

RSA
Ben Smith is Field Chief Technology Officer (Field CTO – US East) with RSA, The Security Division of EMC. He is a trusted advisor and consultant to RSA’s global financial services customers, as well as customers in other vertical markets. With over 25 years’ experience in the networking, information security and telecommunications industries, he is responsible for consulting on RSA’s strategic vision around architecture and technical roadmaps for the company’s security and risk management solutions. Prior to joining RSA, he held senior technical positions at UUNET, Intuit, CSC, and the US Government, along with a string of technology-oriented startups. He holds a number of professional technical certifications, including the Certified Information Systems Security Professional (CISSP) certificate, and has presented on RSA’s behalf, both domestically and internationally, at cybersecurity events sponsored by Gartner, FS-ISAC, ISSA, ICI, (ISC)2, ISACA, InfraGard, HTCIA and other organizations.

Measuring Security: How Do I Know What a Valid Metric Looks Like?
There is no universally accepted method to measure security. So how do we translate operational measurements into meaningful security metrics for the business? Doing so effectively is essential, because you can’t manage what you don’t measure. This session will touch on the following general questions: Why are security metrics important, from both a compliance and an operational perspective? What are some best practices to keep in mind when selecting security metrics? Does your audience(s) dictate which metrics to select? What behaviors are you trying to influence with these metrics? What are some unexpected sources of security metrics? How should you communicate those metrics internally within your organization for maximum impact? Are there any examples of poor metrics which should be avoided in most cases?

Register Now!

Andrew Hay

@andrewsmhay

www.andrewhay.ca

DataGravity
Andrew Hay is the CISO at DataGravity where he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy. Prior to that, Andrew was the Director of Research at OpenDNS (acquired by Cisco) and was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc.

Maneuvering Management Madness
Why do practitioners have such a hard time convincing their management team about the value of investing in security training, tools, and other initiatives? Is it because they’re too stubborn or busy to take the time to assess the concerns or is it more likely that you haven’t found the best way to communicate the threat to the business in a language that they understand?

Business leaders have implemented their own language, much of which was learned in business school, to better communicate with shareholders, board members, partners, and peers. Unfortunately, this language is often as foreign to most security practitioners as yours is to them. So what can practitioners do to better communicate with management?

This session will discuss several tactics to help convince your management team that your concerns are valid with examples on how to justify requests for headcount, procedures, policies, and human, tool, and training investment.

Register Now!

Michelle Schaffer/ Tim Wilson

@mschafer

Michelle Schafer heads up Merritt Group’s Security practice where she applies more than a decade of hands-on PR-related security experience spanning every discipline. She is known for creating and implementing strategic communications campaigns that drive results for clients such as Venafi, CrowdStrike, Ionic Security, Mach37, BlackHat and more.
Michelle has presented at Security B-Sides DC/Las Vegas and ISSA events and was recognized as a top influencer in the security community in 2010 and has been quoted in “Women in Security” stories.

Tim Wilson is the Editor in Chief of the number one security trade publication, DarkReading.com.

Hasty Headlines in InfoSec: Don’t Be Fooled by Everything You Read!

This session will discuss why some data breaches like Sony and Target get much more media attention than others and what enterprises can do to keep their names out of headlines, or at least be prepared when or if it ever happens to them. It will also give you an inside look at how security media determine what’s major news and what’s not and how PR “spin” is all part of the process.

Register now

Robert Stratton

@strat

https://www.mach37.com

Bob Stratton is a serial security startup guy. He is General Partner at Mach37, a business accelerator for security product startups. He was a pentester before you could buy it in a box, ran security for a tier-1 ISP, and helped launch one of the very first commercial network IDS products. He has been a Director of a major security software company’s research lab, and worked on the investment side to help bring a variety of new technologies to market. When he’s not hacking on ancient hardware, scanning satellites, or coaching startups, he might be flying airplanes, building radios or experimenting with fragrance chemistry.

How Security Products Could Change the World, and Often Don’t.

Many security professionals find themselves wondering how it is that some security products ever made it into the market. If you’ve ever asked yourself that, wondered why the “good” seems to be the enemy of the “best,” or thought you might be able to do it better than the current players, this may be a talk for you. This talk will cover the things that have to happen in order to successfully bring a security product to the market, who is arrayed against it from day 1 (you may not have heard of some of them), and what it takes for a consultant to be in 100,000 places at once. Warning: thin-skinned consultants, bloviating product vendors, and ethereal marketing people may find some aspects of this talk objectionable. Professional discretion is advised.

Register now

Boris Sverdlik

@jadedsecurity

Oscar Insurance

Jaded Security Guy

You’re HIPAA certified and Bob just killed someone from the parking lot

My friend Bob is undergoing Chemo and his wife asked him to get a copy of his medical records for a second opinion. Bob being an obedient husband had to jump through hoops to get copies of HIS records thanks to the monotony that we know as HIPAA.

So one day while Bob is waiting for his treatment he notices that the facility has several blatant physical security issues which could allow someone of a more shady nature to obtain his health records without jumping through hoops. Follow Bob in his adventures..

Register now

Chris Eng

@chriseng

Chris Eng is vice president of research at Veracode. In this role, he leads the team responsible for integrating security expertise into all aspects of Veracode’s technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world’s largest companies.

Chris is a frequent speaker at premier industry conferences, where he has presented on a diverse range of topics, including cryptographic attacks, agile security, mobile application security, and security metrics. He has been interviewed by Bloomberg, Fox Business, CBS, and other media outlets worldwide.

Security Speed Debates

Match wits in a fast-paced debate covering a handful of topical security issues and customer-revelant subjects. Two teams of volunteers will face off, and the audience will determine which side made the most convincing (or entertaining) arguments. Topics will not be announced in advance, so participants will have to think on their feet!

Register now

Kizz MyAnthia

@kizzmyanthia

http://kizzmyanthia.com/

Infosec specialist whose qualifications include an indepth understanding of security principals and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.

Into The Worm Hole: Metasploit For Web PenTesting

Metasploit is most commonly known for its epic pwnage of network and service level vulnerabilities. What you may not know is that same epic pwnage can be leveraged exploiting web application vulnerabilities. By leveraging the ability to custom build Metasploit modules or tools using the framework the power of Metasploit is only limited by the imagination of the user. “Into The Worm Hole: Metasploit For Web PenTesting” will build on prior knowledge of Metasploit and help elevate the tester’s skills and abilities by working hands-on building a custom scanner, using Metasploit to exploit Web Vulnerabilities, and learn to use Metasploit for phishing, XSS, and other web application vulnerabilities.

Register now

Jason Scott

@textfiles

http://textfiles.com

Jason Scott is an archivist, historian, documentary filmmaker, information collector, and public speaker. He figured you’d be sick of historical computing by now, but it’s not happening.

All Watched Over By Machines of Loving Grace

For over a century, the selling of computers as the inevitable tools of liberation, productivity, and new ways of life has led to some of the most striking images and words in the world of advertising and public relations. Jason Scott, the free range archivist of the Internet Archive, presents a slideshow and tour through some of the most notable excessive and most outlandish promises of the technology industry.

Register now