Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Track 4 - Room A3 [clear filter]
Thursday, April 26

11:00 ADT

360º of Analytics-Driven Active Cyber Protection and Secure Access
Discover how Aruba 360 Secure Fabric provides an integrated security framework for IT and security teams to gain back visibility and control of their network, centered around analytics.

avatar for Matt Kagan

Matt Kagan

Northeast Security Sales, Aruba
A proven sales leader with more than 20 years of experience building high-performing teams, implementing and transforming sales cultures.Specialized knowledge of complex technology sales, including software, virtualization, cloud computing, network infrastructure, security, and managed... Read More →

Thursday April 26, 2018 11:00 - 11:45 ADT
Track 4 - Room A3

13:00 ADT

Lies, Damn Lies, and Ponemon Reports
Have you ever used the Ponemon report on the Cost of Data Breaches to fuel a cybersecurity decision?

Are you aware of the many pitfalls of that course of action? This session explores the disadvantages of
Ponemon reports. We will also consider alternative approaches to shore up the disadvantages and
maximize the value of Ponemon reports.

avatar for Isaiah McGowan

Isaiah McGowan

Cyber Risk Scientist, RiskLens
Isaiah is one of the foremost domain specialists in FAIR (Factor Analysis of Information Risk). He isworking to make cybersecurity more scientific by focusing on FAIR-based mechanisms for prioritizingcyber risk. As a Cyber Risk Scientist at RiskLens he hugs CTI data, builds models... Read More →

Thursday April 26, 2018 13:00 - 13:45 ADT
Track 4 - Room A3

14:00 ADT

Let’s build an OSS vulnerability management program!
Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited by these vulnerabilities because no one in your product development team is maintaining those libraries with vulnerability fixes? Well let’s do something about that.  During this presentation, we will start from nothing and take steps to identify the OSS libraries that your company uses in order to build a bill of materials (BOM), we will then give examples of how to source threat intel on those libraries, and finally we will discuss strategies to remediate the vulnerabilities in our code repository so that we can keep our customers and company safe from malice.  This presentation will be delivered from the perspective of a Product Security Response team protecting customers who deploy their company’s products. However, this presentation is also useful to those building and defending internally deployed applications.

avatar for Tyler Townes

Tyler Townes

Security Program Manager, BlackBerry
Tyler works at BlackBerry Product Security as a Security Program Manager and is the lead incident manager during emergency response events. His focus areas include SDLC, sustained engineering, vulnerability management, and risk management across multiple operating systems. He is currently... Read More →

Thursday April 26, 2018 14:00 - 14:45 ADT
Track 4 - Room A3

15:00 ADT

Lessons Learned from the Black Hat NOC and RSAC SOC
RSA Conference and the Black Hat Security Briefings are two of the most well-known information security conferences in the world. From the stages of these conferences the world’s best and brightest security minds share the latest attack and defense techniques to audiences from all over the globe. But what’s happening behind the scenes? When a new attack is taught from the stage, how long does it take before someone attempts it in the wild? Are the attendees putting into practice the defenses they’re supposed to know better than anyone else? In this session we’ll answer these questions and more as we discuss what it’s like to be responsible for the stability, and sometimes security, of some of the most active, and hostile, networks ever seen. We’ll discuss some of the frightening, and just plain funny things we’ve seen over the years, and what it means about security on public networks, and our industry as a whole.

avatar for Percy Tucker

Percy Tucker

Senior Manager, RSA
Percy Tucker is an RSA Senior Manager supporting the RSA NetWitness Platform for the South-West region of the United States.  Percy first started with RSA in 2000 and has had responsibilities across product lines.  Percy leads the RSA NOC/SOC teams worldwide.  RSA has partnered... Read More →
avatar for Neil Wyler

Neil Wyler

Threat Hunting and Incident Response Specialist, RSA
Neil R. Wyler is currently a Threat Hunting and Incident Response Specialist with RSA. He has spent over 18 years as a security professional, focusing on vulnerability assessment, penetration testing, physical security, and incident response. He has been a staff member of the Black... Read More →

Thursday April 26, 2018 15:00 - 15:45 ADT
Track 4 - Room A3

16:00 ADT

Datacenter Attacks, an Interactive Adventure
In this fun “choose your own adventure” style video adventure, you will take on the role of a hospital CISO trying to prevent a ransomware outbreak which would put hundreds of lives in jeopardy.  This will be a highly interactive presentation with group participation.

avatar for Ariel Buk

Ariel Buk

Systems Engineer, Trend Micro
Ariel has over 20 years of IT experience working with leading software and hardware vendors, from data center architecture to DRP and security, he assisted large and small organizations achieve their IT goals. Ariel also brings an extensive education background having taught at multiple... Read More →

Thursday April 26, 2018 16:00 - 16:45 ADT
Track 4 - Room A3
Friday, April 27

09:15 ADT

Outmaneuvering Cyber Adversaries Using Commercial Technologies
Whether you are the CEO of a Fortune 500 company in Manhattan, the chief administrator of an Ottawa trauma center, or the parents of web savvy teenagers in the heartland, your important information needs to be protected.  When it comes to safeguarding highly sensitive government information, the National Security Agency protects the United States' most critical information and systems against cyber-attacks through hardening and defending the cyber infrastructure.NSA has a proud history of designing and fielding secure information assurance solutions - and in the 21st Century this means Cyber Dominance.  Commercial Solutions for Classified (CSfC) is an extremely important component in NSA’s commercial cyber security and assurance strategy.  US national security customers need secure access to data anytime and anywhere.  CSfC solutions leverage current commercial technology in accordance with NSA-approved architectures to design solutions for these sensitive missions.The last few years have seen tremendous increases in commercial industry's adoption of CSfC's tenets - both from commercial component manufacturing as well as from system integration perspectives. This presentation will highlight various CSfC activities while also serving as a foundational introduction for those who are not familiar with the strategy.

avatar for Jeff Watkins

Jeff Watkins

Commercial Solutions for Classified (CSfC) Communications Manager, U.S. Department of Defense
Jeff Watkins has worked at the National Security Agency (NSA) for 34 years, where he currently is serving as the Commercial Solutions for Classified (CSfC) Communications Manager.  He graduated Summa Cum Laude with a Bachelor of Science in Information Systems Management (University... Read More →

Friday April 27, 2018 09:15 - 10:00 ADT
Track 4 - Room A3

10:15 ADT

A Social Engineering Course Project Case Study
This talk shares an educator’s attempt to involve undergraduate students across multiple disciplines in experiential learning (EL) class projects on social engineering. Specifically, it focuses on three sub-projects that were implemented in the Fall 2017 semester: (i) shoulder surfing where student teams competed against each other, (ii) laptop distraction, where student teams attempted to convince Temple University Computer Services employees to leave their laptops (designed for the class exercise) so that the students could remove a bogus ‘intellectual property’ file and place a fake ‘malware’ program on the employees’ machines, and (iii) convince individuals on Temple University campus to take a selfie with team members and a ‘rubber chicken’. Through each of these activities, students learn about social engineering tactics and self awareness.
The talk uses the cyclical EL model and its five stages: Experience; Share; Process; Generalize; and Apply to illustrate how students engage in these projects. It highlights several benefits, such as fostering multidisciplinary dialog, developing qualitative research skills, understanding adversarial mindsets, and appreciating the non-technical aspects of cyberattacks. This talk uses students’ and the educator’s reflections as a narrative to discuss ongoing efforts, struggles, challenges, and lessons learned.

avatar for Aunshul Rege

Aunshul Rege

Associate Professor, Temple University.
Aunshul Rege is an Associate Professor with the Department of Criminal Justice at Temple University. Her National Science Foundation sponsored research and education projects examine the human element of cybercrimes, focusing on behavior, decision-making, adaptation, and group dynamics... Read More →

Friday April 27, 2018 10:15 - 11:00 ADT
Track 4 - Room A3

11:15 ADT

Be Hacker Aware
Learn new attack techniques that have been uncovered by CrowdStrike’s threat hunting and incident response teams including: initial attack vectors, persistence, lateral movement and data exfiltration techniques. See new techniques for dealing with malware, ransomware, spear phishing, exploits and malware-free intrusions. Leave knowing how to identify and stop advanced threat activity in your environment.

avatar for Ruben Eduardo

Ruben Eduardo

Sales Engineer, Crowdstrike
Ruben Eduardo is a sales engineer currently working at CrowdStrike. Having previously practiced his trade as a network security specialist with Palo Alto Networks and Herjavec Group, his main focus today is to help customers find a smarter strategy to endpoint security. Ruben has... Read More →

Friday April 27, 2018 11:15 - 12:00 ADT
Track 4 - Room A3

13:00 ADT

Cryptology: It’s a Scalpel, not a Hammer
n this not-too-technical presentation (not much math!), attendees will get a bird’s eye view of why crypto should be left to mathematicians and professionals and not approached lightly. Unfortunately, cryptology blunders are all too common today. Attendees will gain insight into why crypto is not something one can look up and hope to understand overnight. History has shown that implementing weak crypto, or rolling your own crypto, is often fraught with disaster. The slightest mistake often leads to complete scheme, not to mention data, compromise.

avatar for Mikhail Sudakov

Mikhail Sudakov

Cyber Security Architect and Analyst, LEO Cyber Security
Mikhail Sudakov is Cyber Security Architect and Analyst for LEO Cyber Security. In addition, he is a professor of cryptology at St. Bonaventure University in NY, USA and had previously served the university as a programmer and information security specialist. Not being afraid to try... Read More →

Friday April 27, 2018 13:00 - 13:45 ADT
Track 4 - Room A3

14:00 ADT

How to Talk to Your Users (Without Being A Pretentious Jerk)
Talking to your users about security isn't just a job it's a responsibility. Do it right, you can make your work easier and create a better working relationship between the business and IT. Do it wrong, and you can turn off your users and look like a pretentious jerk. Learn to craft your message and help your users understand how security matters to them.

avatar for Colin Campbell

Colin Campbell

Sr Systems Architect, CCM LP
Colin has been working in IT for more than 20 years and focused on Security as a primary responsibility for the last 8 years. His role keeps him in close contact with our users, coordinating security and IT changes, and managing the corporate disaster recovery plan.

Friday April 27, 2018 14:00 - 14:45 ADT
Track 4 - Room A3

15:00 ADT

Traditional penetration testing is STILL dead
CISO's must take a different approach to penetration testing and compliance assessments to stay ahead of hackers. The current model includes lengthy sales cycles, risks discussed with a consultant, and a deliverable that is best to be chiseled into a piece stone. CISO's are then battling budgets, limited staff, and sleazy security sales individuals selling bad products.

avatar for Andrew Ostashen

Andrew Ostashen

CEO and Founder, Vulsec
Andrew is the CEO and Founder at Vulsec.  He graduated from Rochester Institute of Technology majoring in Information Security and Forensics. Andrew has assessed over 250 companies including hospitals, banks, casinos to quantify their risks. He has seen the devastation caused by... Read More →

Friday April 27, 2018 15:00 - 15:45 ADT
Track 4 - Room A3