10 talks that good hackers would find interesting!
Max will bring all of his gear along with handouts, instruction sheets, and even a projector for the showing of diagrams and videos. He’ll spread out a huge array of sample locks and picks and conduct lessons and hands-on trainings through out the day, letting the public experience just how easy lockpicking is. You will also get an opportunity to purchase high quality lock picking tools suited for your needs.
1. Questions Every Pentest Customer Should Ask
Most organizations look outside the organization when staffing penetration tests.
In doing that though, it's important to realize that skill sets vary and not every vendor is equally proficient, specialized, and able to execute. In fact, just finding the right vendors (i.e. those that are sufficiently qualified, understand your industry, are familiar with your environment, etc.) can be difficult. What then are the questions customers should be asking? This session will outline the most important of these questions: what they are, why they're important, and what responses should trigger a "red flag" as potential deal-breakers.
Ed Moyle is currently Director of Emerging Business and Technology for ISACA. Prior to joining ISACA, Ed was Senior Security Strategist with Savvis and a founding partner of the analyst firm Security Curve. In his 15+ years in information security, Ed has held numerous positions including: Senior Manager with CTG's global security practice, Vice President and Information Security Officer for Merrill Lynch Investment Managers, and Senior Security Analyst with Trintech. Ed is co-author of Cryptographic Libraries for Developers and a frequent contributor to the Information Security industry as author, public speaker, and analyst.
LinkedIn: Ed Moyle
2. Digital Certificates: Design Scalability and Organizational Impact
The adoption of certificate standards has enabled a more secure Internet.
We utilize certificates nearly every day when interacting with various websites and systems. As more and more systems support encryption, our reliance upon digital certificates only grows. Managing these certificates can be arduous, and recent events such as the Heartbleed bug have highlighted some weaknesses of the design as it scales. We'll review those design decisions, the implications they've had, and some considerations organizations should make when thinking about how best to manage their certificates over time.
Jake McAleer is the IT Audit and Security Manager at O'Connor & Drew, P.C. where he focuses on IT security and compliance. He helps companies assess their current and future IT solutions against industry best practices, as well as regulatory and legal requirements. He has over 10 years of industry experience in running and securing IT environments. His previous positions include Internet infrastructure services, IT audit in the financial industry, and systems work with defense contractors.
LinkedIn: Jake McAleer
3. Security monitoring for DevOps!
We will discuss the top 10 things a DevOps person can and should be thinking about when it comes to monitoring and securing your data.
We will talk about the challenges of working within cloud infrastructure, how you can prioritize your precious time spent on security based on the biggest risks, and how you can prepare for a possible security incident. Using automated tools and workflows that integrate right into the devops process, we show how you can level-up your security posture without breaking your back.
Co-Founder of Threat Stack, Dustin Webber, is a developer and designer with security in his blood. He is the creator of Snorby, a popular front end for intrusion detection systems that are used and loved by tens of thousands of security analysts worldwide. He started his career as a security analyst working under Richard Bejtlich at General Electric's incident response team, developing tools that helped make the lives of incident responders better.
LinkedIn: Dustin Webber
4. Meta Cognition and Critical Thinking in Open Source Intelligence!
When gathering open source data and transforming it into actionable intelligence, it is critical to recognize that humans are not objective observers.
Conscious and unconscious assumptions drive analysts' choices about which data to analyze and how much importance to ascribe to each resource. Furthermore, analysts' personal conceptual frameworks about reality and how the world works can undermine the process of objectively translating data into intelligence. These implicit assumptions, otherwise known as cognitive biases, can lead to missed data, skewed intelligence, illogical conclusions, and poor decision making. In this presentation, we will illustrate cognitive biases relevant to OSINT and what can be done about them.
Benjamin Brown currently works on systems safety, adversarial resilience, and threat intelligence at Akamai Technologies. He has experience in Non-profit, Academia, and the corporate world as well as degrees in both Anthropology and International Studies. Research interests include the psychology, anthropology, and sociology of information security, threat actor profiling, and thinking about security as an ecology of complex systems.
LinkedIn: Benjamin Brown
5. Enterprise Email Security Challenges!
We will talk about security challenges surrounding email in the enterprise and some of the things security professionals can do to safeguard their users.
The email ecosystem faces a barrage of threats ranging from phishing and spear phishing campaigns that cause financial, intellectual property and productivity losses, to the loss of reputation due to hijacked domain identities. We'll explain some of these threats using real world examples of recent security incidents as well as some of the solutions that are available to help mitigate these issues.
Gagan Prakash is the founder of Astra IDentity. AstraID’s initial product, PhishingGuardian, helps guard enterprise employees against phishing and spear phishing attacks. Prior to AstraID, Gagan co-founded a company which provides enterprise-class IT services such as Microsoft Exchange Server & Microsoft SharePoint as hosted services which are now used by thousands of organizations worldwide. Gagan is a software developer and an MIT MBA.
LinkedIn: Gagan Prakash
6. Mobile Security for Everyone!
As smart phones become popular, the average user gives little thought to the security impact of daily decisions (e.g. downloading applications, playing games, overlooking permissions).
We will focus on how mobile devices and their threat model is different from the classic computers. We will discover "old" concepts that still apply to our mobile devices. We will also take a quick illustrative detour into looking at how your decisions made in a mobile game can have security consequences. Lastly, we will discuss some server-side breaches from 2013 and their impact.
Nabil Hannan, Managing Principal, Cigital Inc, has over 10 years of experience in product management, software development and information security. Having worked as a Product Manager at Research In Motion/BlackBerry, Nabil has managed several initiatives and projects through the full Software Development Lifecycle. Nabil is based out of Boston, MA and leads Cigital's North East practice, focusing on helping clients solve their software security needs and build/improve effective software security initiatives.
LinkedIn: Nabil Hannan
7. Human side of data protection!
The most valuable, fastest growing asset a business owns is its human-generated data—the documents, spreadsheets, videos, presentations, and emails that people create and share every day.
Breaches involving human-generated data happen almost every day. Why? Because employees have far more access than they need, activity is usually not logged or analyzed, and it's difficult to spot abuse.Learn how big data analytics can help lock down overexposed data, prevent breaches, reduce excessive permissions, and enable a sustainable data protection strategy in the face of unprecedented data growth. At the end of this session you will be able to identify the risks around human-generated data and understand how big data analytics can be used to enable efficient, sustainable protection of large scale files systems, intranets, and email servers.
Dana has over 20 years of experience in the IT industry. He has experience working with a range of customers from Fortune 100 to SMB. Dana has worked with Varonis for the last 2 years and prior to that he was the VP of Customer Solutions at HiSoftware, Sales Engineer at AltaVista and FilesX and managed datacenter environments for email marketing platforms. Dana holds a Bachelor of Science degree from University of Lowell and is a member of Infraguard Boston.
LinkedIn: Dana Tannatt
8. Leveraging compliance to raise the bar on security
Compliance with regulations, security frameworks and industry standards is required for certain industries but they can also be a business enabler for many types of service providers.
For these reasons compliance is an important business objective. This session will provide an overview of compliance objectives pertinent to various industries and show how you can enable compliance to raise the bar on security in your organization.
Mike is the Information Security Officer for Pearson Higher Education, the world's largest education company. Previous to Pearson Mike created the Information Security and Compliance program at 2 fast growing startups - Acquia and RiskMetrics. Mike has held technical and management positions at MSCI, JPMorgan, Moore Capital Management and Time,Inc. Mike earned his B.S. from New York Institute of Technology and has attended postgraduate education at Columbia and Boston University. Mike was certified as a CISSP in 2006 and CCSK in 2013.
LinkedIn: Mike Lemire
9. How dare you molest the sea!
Whether on the open ocean or the open Internet, pirates get a bad rap from those with power.
Yet, as Saint Augustine noted, often the only difference between pirates and emperors is one of scale. In their best form, pirates upset elites' well-tuned plans for control over resources, people's time and most importantly people's thoughts. They have built democracy, fought inequality and fostered diversity. It is these qualities that net pirates have in spades and we need. Journey into the past to explore what Pirates were, and to what heights their ideas and spirit can take us in the future!
James O'Keefe is one of the triumvirate who founded the Massachusetts Pirate Party. He is its current Captain, visionary and chief bottle washer. In a past life he ran twice for Treasurer of Massachusetts as a Green, and in his second campaign convinced 320,000 voters to support him. He seriously enjoys breaking software using test programs as his minions, and has cherished the 20+ years he has devoted to this calling. While he has worked at a number of startups, the Pirate Party remains the one he has had the most fun with. Of his many responsibilities, devoted family man is his favorite.
Encrypt everything. The NSA hates that.
LinkedIn: James O'Keefe
10. Extending the network from the perspective of a rouge user and or device!
By definition, rogue users and devices are just plain malicious in nature.
They exist for the sole purpose of doing harm to your network and, in the process, to your reputation, career and company bottom line. They exist to steal information or to disrupt network operations. In rare cases they can even permanently damage systems. With the advent of DIY computing hardware, and powerful yet simple attack methodologies the risks are high. In this presentation we will illustrate best mitigation practices and spread awareness on the latest trends and vectors.
LinkedIn: Enyel Perez
What people are saying!
"I don't always hack, but when I do, I forward my ports."
"Oh, you went on your friend's facebook when he wasn't looking? You must be the best hacker ever."
"I'll encrypt ALL the things!!"
"One does not simply GOOGLE how to hack"
This counts towards your Security CPE credits! You'll receive a certificate of attendance!
A thank you for lunch to Ty Avery-Miller
How to find us