Join us on zoom: (https://us02web.zoom.us/j/86846188257?pwd=RE1WZVFBWEdpOWRCSVZtQzNhMnM5dz09)

Password Craziness and Authentication: Presentation/Discussion

Aaron and Steve will do a presentation focused on our authentication nemesis: passwords. It's been a long ugly haul that we've been dealing with these beasts and they are still the predominant way we authenticate. Password guidelines change and we struggle with what is best; that users will do .... well. It's not easy. So Aaron and Steve will present but also lead a discussion on this. What is everyone else doing and what is best?

================================================================
Speaker: Aaron Cure and Steve Kosten

Aaron is a principal security consultant for Cypress Data Defense where he does penetration testing, secure SDLC, static code review, and secure architecture work. He started out in the U.S. Army, spending 10 years as a Russian linguist and satellite repair technician. He then worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant. Aaron began his infosec career in 2006 expanding his expertise to developing security tools and performing secure code reviews, vulnerability assessments, penetration testing, risk assessments, static source code analysis, and security research. A SANS instructor since 2013 he currently teaches SANS SEC542: Web App Penetration Testing and Ethical Hacking.

Steve Kosten is Managing Director at Cypress Data Defense performing secure code reviews across multiple languages, web app and mobile penetration testing, vulnerability assessment and risk management, and helping clients create and grow a secure development lifecycle, working in sectors such as insurance, finance, real estate, transportation, and many more. He previously performed security work in the defense and financial sectors as well as non-profit and headed up the security department for a financial services firm. Steve has been teaching for SANS since 2013 and currently can be found teaching SANS SEC545: Cloud Security Architecture and Operations.