Bring Your Own Internet of Things: BYO‐IoT
Here's an overview of the presentation: What is loT?; What's the Problem?; What's the Attack Surface?; IoT Security - Current State; Response and Actions
Speakers
Carsten Eiram ( @carsteneiram ); Jake Koun
Bring Your Own Internet of Things: BYO‐IoT
Here's an overview of the presentation: What is loT?; What's the Problem?; What's the Attack Surface?; IoT Security - Current State; Response and Actions
Speakers
Carsten Eiram ( @carsteneiram ); Jake Koun
Embedded Systems Security: Building a More Secure Device
Here's an overview of the presentation: What are common embedded systems?; What issues do they face?; Recommendations for securing embedded systems
Speakers
Randall Brooks ( @randallsbrooks )
Transforming Security: Containers, Virtualization and Softwarization
This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally
Estimating Development Security Maturity in About an Hour
The session describes a simple method of estimating a development team’s security maturity, i.e. how well they make a secure software product, by looking at five key factors. The factors and
Understanding the “Why” in Enterprise Application Security Strategy
The Hershey Company initiated a strategic initiative to identify all of the truly critical IT assets that enable the company’s continued success. The evaluation confirmed the import
DevSecOps in Baby Steps
Here's an overview of the presentation: Getting to DevOps; DevOps to DevSecOps; Planning your Epics & Sprints; Use Cases & Example
Speakers
Hart Rossman ( @HartDanger )
Detailed Presentation:
Open-Source Security Management and Vulnerability Impact Assessment
Re-usage of Open Source Software (OSS) has increased in commercial software development by orders of magnitude. This presentation will show how OSS vulnerabilities can be managed at
Agile Security—Field of Dreams
PayPal started its Waterfall to Agile transformation journey two years ago. That meant that the software security program had to morph as well. The Field of Dreams question of “if you build it, will they come?” was no
Introducing a Security Program to Large Scale Legacy Products
A discussion of the real-world work and challenges to introduce and maintain a comprehensive security program to a large and complex set of legacy storage products. This includes developi
Embedded Systems Security: Building a More Secure Device
Here's an overview of the presentation: What are common embedded systems?; What issues do they face?; Recommendations for securing embedded systems
Speakers
Randall Brooks ( @randallsbrooks )
IOCs Are Dead—Long Live IOCs!
Indicators of Compromise were meant to solve the failures of signature-based detection tools. Yet today’s array of IOC standards, feeds and products haven’t impeded attackers, and most intel is shared in flat lists of h
Bridging the Gap Between Threat Intelligence and Risk Management
Here's an overview of the presentation: Bridging Risk & IR in Verizon's DBIR; Building Understanding; Finding Common Ground; Bridging the Gap; Crossing the Divide
Speakers
Wade Baker
STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015
Amid privacy concerns and after a decade-long battle, the U.S. Cybersecurity Information Sharing Act (CISA) of 2015 was passed. Critics claim CISA is a surveillance bill
Dreaming of IoCs Adding Time Context to Threat Intelligence
Find an interesting Intelligence Framework followed by a good undertanding of logstash & logstash filtering, tardis, kibana reporting etc.
Speakers
Travis Smith ( @MrTrav )
Detailed Pres
The Measure of Success:Security Metrics to Tell Your Story
Information Security as a problem is rather complex and it gets more difficult in terms of quantification. This presentation helps us with some metrics that will help us make security more u
The Newest Element of Risk Metrics: Social Media
In order to identify, measure and track the risk exposure that different elements of social media have on an organization, organizations require a threat metric framework to evaluate a network’s curre
Building an Effective Supply Chain Security Program
We’ve realized that the supply chain in most organizations is a potential weak spot for security controls and awareness. The time has come to shore up our approaches to supply chain management, inc
Bridging the Gap Between Threat Intelligence and Risk Management
Here's an overview of the presentation: Bridging Risk & IR in Verizon's DBIR; Building Understanding; Finding Common Ground; Bridging the Gap; Crossing the Divide
Speakers
Wade Baker
Integrating Cybersecurity into Supply Chain Risk Management
Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This
Are You Thinking about IT Outsourcing? Top Reasons, Risks and Rewards
There is more to outsourcing than just the bottom line and running lean. Any organization embarking on this journey needs to (1) clearly identify and articulate the compelling nar
The Atlanta Pen Test Chapter has officially begun and is now actively underway.
Atlanta CISOs and security teams have kicked off Pen Test Chapter #1 (Virtual), an ongoing working series focused on drafting Pen Test Maturity Model v0.1, designed for an intel-led, exploit-validated, and AI-assisted security reality. The chapter was announced at …