Cloud Security Alliance -DV: Joint Meeting with the Security Shell

Drexel University, Security Shell and CSA-DV Presents:
“June 2018 – Cloud Security Hot Topics”

Join us for two interactive presentations by experts in cloud security. This event is free with limited space. You must sign up here and plan to arrive early. Sandwiches and beverages will be provided.

DETAILS:
5:45pm Doors open, Networking & Food
6:15pm Welcome
6:20pm Presentation #1 - AWS Shared Responsibility Model: Why and How to Choose the Right Two Factor Authentication
7:00pm Break
7:10pm Presentation #2 - Why Deception Strategies Work!
7:50pm Networking
8:30pm Close

PRESENTERS:
CONOR GILSENAN, Security UX Consultant (allthingsauth.com)
https://www.linkedin.com/in/conorgilsenan/
As a software engineer and privacy advocate, Conor has spent the past 8 years focusing on security. He has worn many hats, including: programmer, architect, specification author, and UX contributor. He believes that UX is a critical and historically discounted component of any security solution and is passionate about putting users first. He works with his clients to help keep hackers out of user accounts and writes about authentication and authorization on his site, All Things Auth. He is the co-creator of 2FA Notifier (2fanotifier.org), an open source web extension that lets you know which sites you visit support 2FA and specifically how to enable it. Previously, Conor was an early employee at Virtru (virtru.com), where he worked on many different aspects of the software and AWS infrastructure which ran their secure email product.
SUBJECT: AWS Shared Responsibility Model: Why and How to Choose the Right Two Factor Authentication
ABSTRACT: AWS explains in their Shared Responsibility Model that “security and compliance is a shared responsibility between AWS and the customer”. AWS is specifically responsible for “Security of the Cloud”, while the customer is responsible for “Security in the Cloud”. Have you thought about this shared responsibility model in other contexts when building your applications? Consider the problem of keeping hackers out of your users’ accounts using two factor authentication (2FA). End-users have a responsibility to actually enable 2FA if its available, but
they obviously cannot do that if you don’t support 2FA in the first place!
Service providers have a responsibility to support 2FA, but not all 2FA implementations are created equal! Thinking of quickly throwing together a workflow using SMS and calling it a day? Think again! Though popular, 2FA via SMS has many security issues and was actually deprecated by NIST in 2017. In this talk, we will dive into the technical details of the four most common 2FA implementations and highlight security and usability trade-offs of each. You will leave equipped with the knowledge to determine which 2FA method will best serve your users.

JOSEPH PIZZO, TrapX (www.TrapX.com) Solutions Architect
Joseph Pizzo is a seasoned veteran of the InfoSec industry with over 20 years of experience. Joseph is a Solutions Architect for TrapX Security, a Life Long Entrepreneur and Technical Advisor to several companies. Joseph has worked for RSA Security, Guidance Software, Norse Corp and several Tech Security Startups, and is a regular contributor and often sought out for print, web and broadcast media.
SUBJECT: Why Deception Strategies Work!
ABSTRACT: This is to outline the necessities of a successful deception strategy. These include Visibility, Scalability and Central Management of resource. A brief demonstration along with Q&A will be included.

This event is generously made possible by Drexel University, Lebow College of Engineering (www.drexel.edu) and by TrapX (www.TrapX.com). Please be sure to stop by TrapX' table for more information.

•IMPORTANT TO BRING: Picture ID, notebook and business cards

• Important to know