Sessions
Monday, October 28, 2013
-
OWASP: Approaching Secure Code – Where do I Start?
Regardless of your chosen/mandated framework for building web applications - Spring, Struts, Rails, PHP, Python, etc., you want to make your life easier, and potentially less embarrassing. Don’t be…
Conference Track:
Tuesday, October 29, 2013
-
Big Data Transforms Security
Welcome to a universe of Big Data, the next wave in Information Technology. One of the impediments to achieving success in this next wave is Trust. Privacy is a big piece of that Trust. The security…
Conference Track:Participants:Amit Yoran - President, RSAArthur W. Coviello Jr. - Executive Chairman (retired), RSA, The Security Division of EMC -
A New Paradigm for Defending Against Targeted Attacks
How do you stop a state-sponsored attacker who has unlimited resources from compromising your enterprise’s most critical data and services? Not by deploying 50 stand-alone security technologies and…
Conference Track:Participant:Stephen Trilling - Senior Vice President of Security Intelligence and Technology, Symantec Corp. -
A New Era of Operational Security in Online Services
Worldwide growth in the volume of people, devices and data connected to the internet is unprecedented. Connected devices are quickly outpacing the number of users they serve. As society becomes more…
Conference Track:Participant:Mike Reavey - General Manager, Microsoft Corporation -
Crypto Hypervisor – High Assurance, Elastic, on Demand Crypto Services (SafeNet)
High-assurance encryption & key vaulting built for the cloud OPEX model that enables customers to deploy elastic, on demand crypto services for all their crypto needs. Customers consolidate their…
Conference Track: -
See How to Use Splunk and Big Data as a SIEM Plus More (Splunk)
See a live demonstration of how the Splunk App for Enterprise Security can be used as a SIEM plus much more, including incident investigations, security and compliance reporting, and real-time…
Conference Track: -
How FireEye Technology can Protect Against New, Zero-Day Spearphishing Attacks (FireEye)
In this short demo we will showcase two things: First, a spearphishing attack which will compromise a host and exfiltrate data, and then FireEye’s core technology i.e. Multi-vector Virtual Execution…
Conference Track: -
To Share or Not to Share, Or Is It An Obligation?
With cyber situational awareness and intelligence sharing on every national agenda, where are private sector organisations in terms of setting their sharing and intelligence consumption agendas. What…
Conference Track:Participant:Alan Stockey - Director of Information Sharing Programmes (EU), FS-ISAC -
Information Stewardship: Avoiding Data Breaches and Managing Big Data
Information security is an increasing problem because of the volume, velocity and variety associated with Big Data. Given the amount of attention to this area and the wealth of standards and…
Conference Track:Participant:Mike Small - Senior Analyst, KuppingerCole -
Dissecting Banking Trojan Carberp
This presentation provides results of work at Avast Virus Lab on the banking Trojan Carberp. It introduces some interesting aspects of evolution of the Trojan's functionality, then continues with…
Conference Track:Participants:Jaromir Horejsi - Malware Analyst, Avast SoftwarePeter Kalnai - Malware Analyst, Avast Software -
You’re Not Your iPhone – or Are You?
Most of us are inseparable from our mobile devices. Shouldn’t we just accept that fact and let our mobile devices represent who we are, serving as a single completely trustworthy authenticating…
Conference Track:Participants:Robert Griffin - Chief Security Architect, RSARobin Wilton - Technical Outreach Director – Identity and Privacy, Internet Society -
Cut Through the Hype to Expose the Truth About Advanced Persistent Threats
The Advanced Persistent Threat (APT) remains one of the most controversial topics in information security. How many APT groups exist? Do criminal organisations leverage APTs? How advanced are the…
Conference Track:Participants:Rick Holland - Vice President, Strategy, Digital ShadowsCostin Raiu - Director, Global Research and Analysis Team (GReAT), Kaspersky LabJaap van Oss - Team Leader Cybercrime, EuropolJaime Blasco - Manager, Lab and Vulnerability Research Team, AlienVaultNeil Thacker - Information Security & Strategy Officer, EMEA, Raytheon|Websense -
Intelligence Driven Security – A New Approach (RSA)
Government agencies and prominent corporations have succumbed to stealthy, tailored cyber attacks designed to exploit vulnerabilities, disrupt operations and steal information. Current systems fail to…
Conference Track: -
Microsoft Security Intelligence Report
Using the latest data from hundreds of millions of systems around the world and some of the Internet’s busiest online services, this session will provide a unique perspective on the global threat…
Conference Track:Participants:Jeff Jones - Director, Microsoft CorporationTim Rains - Chief Security Advisor, WW Cybersecurity & Data Protection, Microsoft -
Bug Parades, Zombies, and the BSIMM: A Decade of Software Security
Software security has come a long way in the last decade, moving from the original bug parade to integrated SDLC touchpoints. We've learned many lessons the hard way (the software security "zombies")…
Conference Track:Participant:Gary McGraw - CTO, Cigital -
Battle Scars And Friendly Fire: War Stories from a Threat Research Team
Building a threat research team and making that team an effective part of your organisation is no easy task. In this session you will hear several war stories about how to create a process that will…
Conference Track:Participants:Seth Geftic - Associate Director, RSA, The Security Division of EMCWilliam Gragido - Head of Threat Intelligence Research, DS Labs, Digital Shadows -
Trending Now: Privacy and Cyber Security Policy in the U.S. and E.U.
This group will discuss legislation, regulation and public policy impacting privacy and cybersecurity in both Europe and the U.S. Participants will have an opportunity to compare and contrast…
Conference Track:Participant:Pulina Whitaker - Partner, King & Spalding -
Did You Read The News? Http Request Hijacking
Imagine a world in which what you believe is true has been meddled with by a remote attacker: We will uncover a new class of vulnerabilities that can allow hackers to gain persistent control over the…
Conference Track:Participants:Adi Sharabani - CEO and Co-Founder, SkycureYair Amit - CTO and Co-Founder, Skycure -
My Personality - Your Security Problem!
Learn all about personality types and how they impact your security efforts. You will be (re)introduced to Carl Jung and psychometrics, and how personality types can be explained, understood and used…
Conference Track:Participant:Kai Roer - Co-Founder and CEO, CLTRe AS -
Cyber Insecurity: The Case for Effective Cybersecurity Norms (Microsoft)
Cyber Insecurity is driving, competition, increasing chances for conflict, and threatening to curb technical innovation as we know it. Sound dramatic? Well, it is. The development of cybersecurity…
Conference Track: -
Automating the 20 Critical Security Controls
The CSIS 20 critical controls are known for driving effective security programmes across government agencies, establishing guidelines for security professionals to ensure the confidentiality, …
Conference Track:Participant:Wolfgang Kandek - Chief Technical Officer, Qualys -
Ideas to Make Security & Risk a Team Sport, Engaging the Business & IT
Securing our environments has traditionally been the responsibility of dedicated teams and while those teams often operate under the banner of "Security is everyones responsibility" the depth of…
Conference Track:Participant:Dave Martin - VP & Chief Security Officer, EMC -
Managing Daily Security Operations with Lean and Kanban
For years we have heard about the fantastic promises of lean production; but what can lean techniques do for information security operations? As a security professional, is your day planned solely by…
Conference Track:Participant:Branden Williams - Director, Special Projects, Union Bank -
‘Big Data’ for Security Purposes – How Can I Put Big Data to Work for Me?
The latest buzz phrase for information security is ‘Big Data’. This session will cover what is Big Data, what problems it addresses and why, what next-generation security technologies use it and how, …
Conference Track:Participant:Joe Goldberg - Chief Security Evangelist, Splunk -
Thousands Of Apps Can't Be Wrong: Mobile Application Analysis At Scale
Are mobile apps sending data to other countries? Which apps actually track my location and what do they do with the data? Do the behaviours match the permissions requested? Using data from Veracode’s…
Conference Track:Participant:Chris Eng - VP Research, Veracode -
Cyber Security Information Exchange
In this session we will explore the high-level requirements of a Cyber Security Data Exchange and provide a brief description of the work needed to develop it.
Conference Track:Participant:Luc Dandurand - Senior Scientist, NATO Communications and Information Agency -
Can There be Acceptable Compromise?
Breaches occur every day. So what is an ‘acceptable’ breach? And, if we can accept breaches will happen, what do we need to know and how should our strategies evolve? The session will aim to give…
Conference Track:Participant:Greg Day - VP and Chief Security Officer, EMEA, Palo Alto Networks -
Zscaler – Secure Deployment of Cloud Applications (Zscaler)
As enterprises embrace cloud applications for greater agility and cost reduction the traffic load placed on the network and firewalls increases. What was once internal Exchange traffic becomes…
Conference Track: -
Hands on With Next-Generation Security (Palo Alto Networks)
Network security teams are facing new challenges brought on by new applications, new mobile devices, and a new breed of patient, sophisticated attackers. In this demonstration, we will show how Palo…
Conference Track: -
Enterprise Mobility: Ensure the Board & Senior Leadership Teams are Secure? (BoardVantage)
More and more boards are going paperless, the iPad combines immediacy of online access with the readability of print to deliver an experience better than paper. Board information is very sensitive, …
Conference Track: -
Drozer Pro: Security Assessment for Android (MWR InfoSecurity)
Drozer pro is the de facto tool for performing security assessments against Android apps and devices. It works by allowing a human to become an app to investigate attack vectors and develop and share…
Conference Track: -
Elevator Pitches
Zscaler, Palo Alto Networks, BoardVantage, MWR InfoSecurity, Fox-IT, BAE Systems, Rapid 7, PhishMe, Seclore, Norman Shark, AirWatch, BlackBerry, Versafe, Tenable Network Security, Inc., TIBCO Spotfire…
Conference Track: -
Changing Employee Behavior to Combat Advanced Threats & Spear Phishing (PhishMe)
Cyber crime commonly initiates with an employee clicking a link to a website hosting malware, opening a malware laden file attached to an email, or entering corporate credentials when solicited via…
Conference Track: -
Security & Compliance in the “New” World: Cloud, Mobile & Cross-Border Flow (Seclore)
Perimeter security systems are insufficient in a world where increasing amounts of information is going “outside” i.e. to cloud applications, mobile devices & external agencies across legal…
Conference Track:
Wednesday, October 30, 2013
-
Top Ten Proactive Software Controls
In the past, application security professionals thought firewalls, SSL, patching, and privacy policies were enough. Today, however, these methods are outdated and ineffective, as attacks on prominent, …
Conference Track:Participant:James Manico - VP of Security Architecture, WhiteHat Security -
Old Vulnerabilities In New Protocols? Headaches About IPv6 Fragments
There is no doubt anymore: IPv6 is more and more deployed and is here to stay. While this may appear as a new and shiny protocol, IPv6 is rather old (1997) and was designed prior the discovery of IPv4…
Conference Track:Participant:Eric Vyncke - Distinguished Engineer, Cisco -
Citizen Centric E-Identity Ecosystems and The Internet of Things
Will the convergence between citizen centric e-identity ecosystems and the federated identities that support the Internet of Things, foster new and diverse commercial opportunities, whilst pushing…
Conference Track:Participant:Rachel OConnell - Founder, GroovyFuture.com -
Comparative Study: Iran, Russia & PRC Cyber War
International governments including the Islamic Republic of Iran, the Russian Federation and the People’s Republic of China all have very well developed cyber capabilities both offensively and…
Conference Track:Participant:William Hagestad - Author, Red Dragon Rising -
Social Media Deception
Emily Williams does not exist. She is not a real person, yet she was able to fool hundreds of people from top global corporations, get job offers, obtain sensitive information, receive endorsements…
Conference Track:Participants:Aamir Lakhani - Global Security Strategist, FortinetJoseph Muniz - Consulting Systems Engineer - Security, Cisco Systems, Inc. -
Raising Awareness of Information Security Through Human Analogies
Knowledge, information and data have been central to the course of humanity. Since man first learnt to communicate, the confidentiality, integrity and the availability of information has influenced…
Conference Track:Participant:Bruce Hallas - Founder, The Analogies Project -
Using Big Intelligence to Defend against Modern Attacks
There isn’t a magic bullet that can completely prevent attack or stop Advanced Persistent Threats. We need combined understanding - about valuable information and assets, about the threat landscape…
Conference Track:Participant:Siân John - Directory of Security Strategy, UK/Ireland, Symantec Corporation -
Data-Driven Security - Where's the Data?
Data drives decisions for business leaders on a daily basis - whether it’s for routine daily tasks, or for the most strategic and impactful actions. But CSOs are typically policy-driven and have few…
Conference Track:Participant:Wolfgang Kandek - Chief Technical Officer, Qualys -
Security at the Greatest Show on Earth
When the world’s media turned its spotlight on the UK for the London Olympic and Paralympic Games, it was critical that BT delivered a seamless and secure network infrastructure. In the face of…
Conference Track:Participant:Mark Hughes - Chief Executive Officer, BT Security -
Survival Isn’t Mandatory: Challenges and Opportunities of DevOps
DevOps (development + operations) is a game-changer and may be the end of security as we know it. The ludicrous velocity of change is far greater than bolt-on, post-deployment security measures can…
Conference Track:Participant:Josh Corman - Founder (& Director, Cyber Statecraft at Atlantic Council), I am The Cavalry (dot org) -
Degrees of Freedom: Rethinking Security
In statistics, a degree of freedom is a variable in an equation that can change without impacting the outcome. For example, the colour of a delivery truck is a degree of freedom but not the absence of…
Conference Track:Participant:Hugh Thompson - Program Committee Chair, RSA Conference -
Before, During & After: Being Early in Cyber Mitigation Puts You in Control (Fox-IT)
Cyber attacks are staged in before, during and after. After an attack, CERTs work at damage control and recovery. During an attack real-time detection is key. Criminals engage in malware, phishing and…
Conference Track: -
Improving Security Posture by Leveraging and Exploiting Existing Investments (BAE Systems Detica)
The rate of evolution of the Cyber threat means traditional monitoring solutions need considerable ongoing manpower and technology investment. CyberReveal is a product which integrates existing…
Conference Track: -
How Secure Are You? What Do You Do Next? Proving Controls Effectiveness (Rapid 7)
Many organizations now have thousands of security controls in place to protect themselves, but few have a true gauge of how well these controls protect against the real and current threats they face. …
Conference Track: -
Security Awareness Fails. What Now For The Human Firewall?
The statistics are clear, security exploits are often invited into the organisation by unsuspecting staff. Despite annual training, a third of staff continue to fall for basic phishing attacks. …
Conference Track:Participant:Andrew Rose - CISO and Head of Cyber Security, Aviation Sector -
When Worlds Collide - Harmonising Governance Between Security And Privacy
Enterprises are realising that a robust governance, risk management and compliance function is not a regulatory burden, but a strategic goal that aligns security, privacy and identity for the benefit…
Conference Track:Participants:Rita Di Antonio - Managing Director, International Association of Privacy Professionals (IAPP)Gabriela Krader - Corporate Data Protection Officer, Deutsche Post DHLJyn Schultze-Melling - Chief Privacy Officer, Allianz SEToby Stevens - Director, Enterprise Privacy Group Ltd -
Hacking Back as a Law Enforcement Role
Hacking back as a law enforcement role is much debated topic. The Netherlands is the first country to develop specific legislation. The underlying problem is that in cyberspace criminals have more…
Conference Track:Participants:Ronald Prins - CEO & Co-Founder, Fox-ITBart Jacobs - Professor, Radboud University NijmegenPeter Zinn - Dutch National PoliceTroels Oerting - Group Chief Security Officer (CSO) and Group Chief Information Security Officer (CISO), Barclays -
Securing BYOD: Mitigating Risk, Not Forcing Control!
80% of companies are already experiencing the “Bring Your Own Device” trend (BYOD). Yet less than half of these companies actually do something about the security risks it introduces. In this session, …
Conference Track:Participant:Giri Sreenivas - VP/GM of Mobile, Rapid7 -
10 IT Trends Influencing the Information Security Profession
The world evolves rapidly – as does technology. This session will provide a glimpse of the future, taking 10 IT trends which will impact the information security profession in the coming five to 10…
Conference Track:Participant:Marc Vael - Vice President, ISACA -
ASR Case Study : Securing Customer Data and Web Applications in the Cloud (Qualys)
ASR Insurance, a leading European insurance company, has adopted a proactive approach to prevent cyber attacks and protect its customer data. Discover the lessons learned during the past 5 years by…
Conference Track: -
Breaking The Kill Chain - An Early Warning System For Advanced Threat
The Kill Chain allows us to learn about adversaries. In an introduction to common warfare techniques, we consider the four key capabilities required to break the Kill Chain - minimising risk to the…
Conference Track:Participant:Rashmi Knowles - Chief Security Architect EMEA, RSA -
Relax Everybody: HTML5 Is Securer Than You Think
Ever since the term 'HTML5' came into the world, an immediate perception of insecurity trailed along. And how else could it have been, given the Web's terrible security track record? In this session, …
Conference Track:Participant:Martin Johns - Senior Researcher, SAP AG -
Considering Cloud? Learn About Current Trends In Cloud Computing
Considering cloud? Cloud computing can help organisations of all sizes. Learn about current trends in cloud computing and how the cloud security readiness tool can help cloud adoption.
Conference Track:Participants:Frank Simorjay - Sr. Product Manager, Microsoft CorporationJeff Jones - Director, Microsoft Corporation -
Who Can Ensure Talent for the Future?
As the skills gap in information security gains attention, many see the need for new talent. Newcomers however have few educational options or support mechanisms to get working productively; Employers…
Conference Track:Participant:John Colley - Managing Director, EMEA, (ISC)² -
Concurrent Behaviour Analysis: Resilient Indicators of Emergent Exploits
With emergent exploits (0-days), static indicators are of increasingly limited utility, due to the dynamics exhibited by advanced exploits. The application behaviour analysis over single security…
Conference Track:Participant:Dr. Dennis Moreau - Senior Engineering Architect, VMware -
Security Culture: Figuring Out How Bad Your Company Really Is
The most talented security practitioners will fail if their organisations have a weak security culture. Learn how to recognise your security culture patterns and the factors required for real…
Conference Track:Participant:Ira Winkler - President, Secure Mentem -
Best Practice Approach to Secure an Industry 4.0 Environment (Symantec)
This session will describe the new challenges based on the Industry 4.0 (Smart Factory) revolution to secure production/shop floor IT environments and critical infrastructure. Based on current and…
Conference Track: -
Security Debt and the Rule of 72
Businesses have been under spending on security for decades. What will it take (and cost) to catch up with attackers? The Security Poverty Line, created by Wendy Nather, suggests many companies can…
Conference Track:Participant:Martin McKeay - Senior Security Advocate, Akamai Technologies -
Cyber Intelligence Collaboration
For years it’s been taboo to talk about cyber incidents for fear of impacting brand. In the last year the UK instigated the Cyber Security Information Sharing Partnership, the US are proposing the…
Conference Track:Participant:Greg Day - VP and Chief Security Officer, EMEA, Palo Alto Networks -
Turning The Table Through Federated Information Sharing
Amongst all the hype, your organisation has to collaborate to compete, reduce risks, and costs. More sensitive information must be shared, widely yet securely, to improve cyber defence. Federated ID…
Conference Track:Participants:Kathleen Moriarty - IETF Security Area Director and Global Lead Security Architect, EMC CorporationPatrick Curry - Director, British Business Federation Authority -
Mine Is Bigger: When Cybercriminals Compare Tools
Cybercriminals use a growing arsenal of weapons to steal data, remotely control devices and circumvent security systems. This session, based on 100% real and fresh cyber underground discussions and…
Conference Track:Participants:Etay Maor - MA, IBMUri Rivner - Head of Cyber Strategy, BioCatch -
Security Implications of NFC in Authentication and Identity Management
Two-factor authentication (2FA) requirements are well defined. But the standard approach requiring distribution of factors can slow adoption. Explore the security implications of using existing NFC…
Conference Track:Participants:Dmitry Barinov - Chief Architect, SecureKey Technologies Inc.Hugh Cumming - CIO, SecureKey -
Breach-Aholic Anonymous – What Can We Learn From Data Breaches?
Currently, there is no universal EU law to mandate firms within the European Union to alert regulators when they’ve suffered a breach. Given that this lack of mandated disclosure laws does not affect…
Conference Track:Participants:Dwayne Melançon - CTO, TripwireBrian Honan - Chief Executive Officer, BH ConsultingJavvad Malik - Senior Analyst, 451 ResearchQuentyn Taylor - Director of EMEA infosec, Canon Europe -
Good Guys vs. Bad Guys. Using Big Data to Counteract Advanced Threats
Advanced threats skilfully use social engineering and custom malware get into an organisation and move around without alerting security tools. Learn about new “Big Data” security approaches which are…
Conference Track:Participant:Joe Goldberg - Chief Security Evangelist, Splunk -
Why Does Database Patching Require A PhD?
Over the years there is a tendency among some database vendors to avoid disclosure of any technical details regarding patched vulnerabilities. Sadly, this approach puts database customers at risk. …
Conference Track:Participants:Amichai Shulman - Chief Technology Officer, ImpervaMichael Cherny - Data Security Research TL, Imperva Inc. -
Nailing Cloud Security With Pre-Cloud Security Thinking?
Current cloud security guidelines are largely a remake of their pre-cloud ancestors. There’s a tension between our new security goals and the suitability of guidelines to deal with disruptive…
Conference Track:Participant:Joerg Fritsch - Research Director, Gartner -
Future Gazing: What Will 'Security' Be Like In The Year 2020?
The group will debate whether future electronic and connected consumer devices will leave us more vulnerable to cyber threats and how security will evolve to meet the challenge. Discuss how…
Conference Track:Participant:Rik Ferguson - Vice President Security Research, Trend Micro -
Understanding and Fighting Evasive Malware
Sandboxes have become popular tools to analyse and detect malware. Not surprisingly, malware authors have devised increasingly sophisticated techniques to evade them. In this session, we discuss…
Conference Track:Participant:Christopher Kruegel - Chief Scientist, Lastline -
Why Can’t You Get What I’m Saying? Penetrating the Mental Firewall
We all need to communicate with decision makers to gain their approval. But it’s hard when they just don’t understand what we’re saying even though it’s perfectly obvious to us. The solution is a…
Conference Track:Participant:David Porter - Special Advisor, Digital Shadows, Inc. -
Looking Through the Macroscope: Examining Data Sources (Akamai)
Akamai’s massive network gives it a unique view of the Internet. Look at four different examples, starting with global trending from the State of the Internet Report. Second, follow the steps needed…
Conference Track: -
Evolving from Breach Prevention to Breach Acceptance to Securing the Breach
Data breaches are prevalent. CIOs must accept their company will be breached and shift their security strategy from ‘breach prevention’ to ‘breach acceptance’. By securing the data itself, whether…
Conference Track:Participant:Jason Hart - CTO – Enterprise and Cyber Security, Gemalto
Thursday, October 31, 2013
-
Cryptography as a Service
Deploying cryptographic keys on vulnerable VMs in the Cloud is risky. Similar risks exist when keys are deployed to end points such as electricity meters and mobile phones. This presentation proposes…
Conference Track:Participant:Peter Robinson - Senior Engineering Manager, RSA -
Alternatives and Enhancements to CAs for a Secure Web
Certification Authority (CA) breaches in 2011 created renewed interest in patching the vulnerabilities of TLS. Alternatives and enhancements such as DANE, Certificate Transparency, OCSP Stapling, HSTS…
Conference Track:Participants:Benjamin Wilson - Senior Vice President Industry Relations and General Counsel, DigiCertEran Messeri - Software Engineer, Google -
Is Identity The New Money?
TCH announced the development with its 22 member banks of an industry wide dynamic credentialing solution to improve the security of digital payments. http://goo.gl/J9ToU The ECB recommendations for…
Conference Track:Participant:Neira Jones - Partner, Account Ltd -
Control Quotient: Adaptive Strategies For Gracefully Losing Control
Cloud, virtualization and mobility have changed how IT assets are owned and operated. Rather than focusing on loss of control, the path forward is cultural change that finds serenity and harnesses the…
Conference Track:Participants:David Etue - VP, Managed Security Services, Rapid7Josh Corman - Founder (& Director, Cyber Statecraft at Atlantic Council), I am The Cavalry (dot org) -
The Era of Destructive Cyber Attacks - are you prepared?
Learn about common mistakes that organisations make during cyber crises. We'll cover the crucial points of prevention and detection before walking you through a cyber crisis. Hear about crisis team…
Conference Track:Participants:Erik de Jong - Lead Expert Cybercrime, Fox-ITFrank Incognito - Principal Expert Cybercrime, Fox-IT -
iOS App Analysis
How can iOS apps be analysed in order to identify security and privacy-related issues? This session includes a brief history of security and privacy-related issues affecting iOS apps, a mid-level…
Conference Track:Participant:Mike Price - VP of Engineering, Appthority -
Is a Secure Agile SDLC Programme a Possibility?
All organisations should incorporate security into their agile development processes; however best-practice models typically assume an idealistic model of how software is built. In this session, Chris…
Conference Track:Participants:Chris Eng - VP Research, VeracodeRyan O’Boyle - Sr. Security Researcher, Veracode, Inc. -
Preventing Attackers From Using Verifiers: A-Pake With Pk-Ids
To prevent attackers reading passwords from compromised servers, the passwords can be transformed into verifiers. This session presents a new mechanism that uses a server's identity, in the form of a…
Conference Track:Participant:Sean Parkinson - Consultant Engineer, RSA, The Security Division of EMC -
Real World Success and Failure with Cloud Projects
Stripped of the marketing hype associated with cloud initiatives, this discussion will explore real stories of successful cloud projects, challenges in getting projects implemented, and criteria to…
Conference Track:Participant:Robert Malmrose - Chief Security Officer , Quantitative Risk Management -
Supply Chain Assurance Framework: The Supply Chain Standards Translator
The Supply Chain Assurance Framework (SCAF) is an ISF-led initiative including AICPA, ISACA, CSA, IAOP, IAPP and others. SCAF addresses a key challenge: the inability to translate information security…
Conference Track:Participant:Michael de Crespigny - CEO, Information Security Forum -
Defending Against Low-Bandwidth, Asymmetric Denial of Service Attacks
Data centers are hardening against simple attacks like SYN-floods. This is causing attackers to switch to attacks that deliver more bang for their buck. A whole class of clever, low-bandwidth attacks…
Conference Track:Participant:David Holmes - Sr. Security Evangelist, F5 Networks -
Android Malware Exposed - An In-depth Look at its Evolution
Explore the rapidly evolving world of Android malware as we shed light on the various techniques used to exploit devices using this OS. We will start by looking at some of the earliest examples and…
Conference Track:Participant:Grayson Milbourne - Security Intelligence Director, Webroot -
Cloudy With A Chance of Breaches (SafeNet)
It’s not a question of “if” it’s a question of “when”. The odds are high that you will (or already have been) hacked. It’s time to re-evaluate your security approach from breach prevention to breach…
Conference Track:Participant:Jason Hart - CTO – Enterprise and Cyber Security, Gemalto -
Automated Dynamic Malware Analysis with Malware Analyzer G2 (Norman Shark)
Malware Analyzer G2 (MAG2) from Norman Shark is an advanced malware analysis solution that fills the gap between known threats that are blocked by anti-virus and advanced persistent threats that…
Conference Track: -
AirWatch, Empowering the Mobile Enterprise (AirWatch)
AirWatch is the world’s largest mobile security and enterprise mobility management provider. AirWatch has the largest customer base, combined with the largest research and development team in the…
Conference Track: -
Using Big Data Analytics to Improve Security and Compliance (Splunk)
As the former head of Security Services for an international investment bank, I struggled with an underperforming traditional SIEM to keep the organization both secure and compliant. Learn how we…
Conference Track:Participant:Stephen Gailey - Director Financial Services, EMEA, Splunk Inc. -
Secure Mobility with BlackBerry Enterprise Service 10 (BlackBerry)
Securely mobilizing data outside of the office has its risks and challenges. BlackBerry Enterprise Service 10 includes many important features to address these challenges head on with the new…
Conference Track: -
How do you Find the Unknown Threat in your Organisation? (FireEye)
No matter what industry you are in if you have something to steal, someone will try and steal it. The key to staying protected is being able to catch and prevent these attacks sooner, rather than…
Conference Track:Participant:Greg Day - VP and Chief Security Officer, EMEA, Palo Alto Networks -
Getting Ahead of the Assault on the Increasingly Mobile End-User (Versafe)
As the balancing act amongst security, compliance, and the user experience grows increasingly complex, so do the strategic decisions faced by security professionals. Facing evermore sophisticated…
Conference Track: -
If I Want a Perfect Cyberweapon, I'll Target ERP
I'm shocked, really, that this perfect weapon has not been made yet (or we just don't know about it?). Everybody's talking about attacks on critical infrastructure between countries, but big…
Conference Track:Participant:Alexander Polyakov - CTO, ERPScan -
Scalable Authentication
Computer chip performance has doubled every two years and HDD capacity has scaled even faster. But Authentication hasn't scaled. Cloud services still see users tortured with username and passwords. …
Conference Track:Participant:Rolf Lindemann - Senior Director Products & Technology, Nok Nok Labs, Inc. -
How Large Should Your IR Team Be And Should They Be Dedicated Resources?
Many customers we work with have a hard time understanding how large (or small) their Incident Response team should be. Which functions should be included? Do the resources need to be dedicated or can…
Conference Track:Participant:Dave Baumgartner - Vice President – Cyber Security, Target -
Overhauling Compliance Frameworks for Software-Defined Data Centers
Compliance frameworks were built for an era where protection was placed at key entry points on the network. As organisations increasingly adopt highly dynamic environments, there is an opportunity to…
Conference Track:Participants:Hemma Prafullchandra - Chief Technical Officer and Senior Vice President Products, HyTrust, Inc.Evelyn de Souza - Chair of the Data Governance and Privacy Workgroup, Cloud Security AllianceJames Greene - Technical Lead, Data Center Security Technologies, Intel -
Lessons Learned from a Rigorous Analysis of Two Years of Zero-Day Attacks
What happens when we analyse zero-day attacks from data obtained on 11 million hosts? We identify 18 such vulnerabilities of which 11 were not previously known to be zero-day attacks. We show that a…
Conference Track:Participant:Marc Dacier - Sr. Director, Symantec Corporation -
Crafting An Adaptive Mobile Security Posture
This session will highlight the key areas of focus for designing a mobile security posture. The discussion includes how to defend mobile devices and the data residing on them effectively to protect…
Conference Track:Participant:Vijay Dheap - Program Director – Cognitive Security, IBM -
Network and Information Security Legislation in the EU
Network and information security is at the top of the political agenda. Nationally and at an EU level there are several proposals for legislation network and information security (e.g. the NIS…
Conference Track:Participant:Marnix Dekker - Security Expert and Information Security Officer, ENISA -
Entropy, Random Numbers And Keys: What's Good Enough?
This session examines the relationship between entropy, random numbers and cryptographic keys. Currently, FIPS-140 only approves the use of deterministic random bit generators. If strong keys are…
Conference Track:Participant:John Leiseboer - CTO, QuintessenceLabs -
SAML meets OAuth in the Cloud: A Marriage Made in Heaven
SAML is widely implemented by enterprises due to its robust security characteristics. Its primary use is for Web SSO between users and services. With success of the SaaS delivery model, OAuth is…
Conference Track:Participant:Riaz Zolfonoon - Distinguished Engineer, RSA, The Security Division of EMC -
Leveraging Big Data for Security Operations
With the tremendous volume of data collected by large enterprises on a daily basis, specialized and targeted techniques are required to gain maximum value from the data. This discussion group will…
Conference Track:Participant:Josh Goldfarb - Freelance Security Analyst, Your Cyber Analyst LLC -
Playing the Game of Thrones: ensuring the CISO role at the King’s Table
For too long the CISO role has reported everywhere except to the board. This has resulted in conflicts of interest, poor security management and little enterprise level business risk intelligence. The…
Conference Track:Participant:Thom Langford - Chief Information Security Officer, Sapient -
How Hackers are Outsmarting Smart TVs and Why it Matters to You
As Smart TVs become more prevalent in waiting rooms and conference rooms, cybercriminals are learning to turn them into surveillance devices: they’re using them as instruments to steal money and…
Conference Track:Participant:Raimund Genes - Chief Technology Officer, Trend Micro, Inc. -
Rogue Apps & Desktop Malware: A Dangerous Combination For Online Security
Mobile malware poses an increasing threat to users of online banks and retail. This session will delve into how desktop malware spreads rogue and nefarious applications and how the criminals trick the…
Conference Track:Participant:Maurits Lucas - InTELL Business Director, Fox-IT -
Security vs. Privacy – The BIG Fight
Never has the tension between security and privacy been more sharply in focus. From news headlines to board rooms, privacy concerns are a growing topic of discussion. The complexity of laws and…
Conference Track:Participants:Carsten Casper - Research Vice President, Gartner ResearchAntonis Patrikios - Director , Field Fisher Waterhouse LLPDavid Cripps - CISO, Investec UKJ.C. Boggs - Partner, King & SpaldingNeira Jones - Partner, Account Ltd -
Overcoming the Challenges; Reflections on the London Games
In 2005, when Lord Sebastian Coe took charge of the London Organising Committee of the Olympic and Paralympic Games (LOCOG), he faced challenges more daunting than his gold medal-winning athletic…
Conference Track:Participant:Lord Sebastian Coe - Former Chairman of the London Organising Committee for the Olympic and Paralympic Games and previously one of the greatest British athletes in history