Drexel University, Security Shell and CSA-DV Presents:
“June 2018 – Cloud Security Hot Topics”
Join us for two interactive presentations by experts in cloud security. This event is free with limited space. You must sign up here and plan to arrive early. Sandwiches and beverages will be provided.
5:45pm Doors open, Networking & Food
6:20pm Presentation #1 - AWS Shared Responsibility Model: Why and How to Choose the Right Two Factor Authentication
7:10pm Presentation #2 - TBD
CONOR GILSENAN, Editor in Chief, All Things Auth
Founder, Two Factor Buddy (2FB)
As a software engineer and privacy advocate, Conor has spent the past 8 years focusing on security. He has worn many hats, including: programmer, architect, specification author, and UX contributor. He believes that UX is a critical and historically discounted component of any
security solution and is passionate about putting users first. On his site, All Things Auth, he writes and speaks about topics related to authentication and authorization. Unsurprisingly, his consulting work with clients focuses on improving the Security UX of their products to help keep user accounts safe from the baddies. He is the co-creator of 2FA Notifier, an open source web extension that lets you know which
sites you visit support 2FA and specifically how to enable it.
Previously, Conor was an early employee at Virtru, where he worked on many different aspects of the software and AWS infrastructure which ran their secure email product. During his tenure there, he helped grow the business from 6 people in a basement with a prototype to a company
of ~50 people providing a product to thousands of customers.
SUBJECT: AWS Shared Responsibility Model: Why and How to Choose the Right Two Factor Authentication
ABSTRACT: AWS explains in their Shared Responsibility Model that “security and compliance is a shared responsibility between AWS and the customer”. AWS is specifically responsible for “Security of the Cloud”, while the customer is responsible for “Security in the Cloud”. Have you thought about this shared responsibility model in other contexts when building your applications? Consider the problem of keeping hackers out of your users’ accounts using two factor authentication (2FA). End-users have a responsibility to actually enable 2FA if its available, but
they obviously cannot do that if you don’t support 2FA in the first place!
Service providers have a responsibility to support 2FA, but not all 2FA implementations are created equal! Thinking of quickly throwing together a workflow using SMS and calling it a day? Think again! Though popular, 2FA via SMS has many security issues and was actually deprecated by NIST in 2017. In this talk, we will dive into the technical details of the four most common 2FA implementations and highlight security and usability trade-offs of each. You will leave equipped with the knowledge to determine which 2FA method will best serve your users.
JOSEPH PIZZO, TrapX (www.TrapX.com) Solutions Architect
Joseph Pizzo is a seasoned veteran of the InfoSec industry with over 20 years of experience. Joseph is a Solutions Architect for TrapX Security, a Life Long Entrepreneur and Technical Advisor to several companies. Joseph has worked for RSA Security, Guidance Software, Norse Corp and several Tech Security Startups, and is a regular contributor and often sought out for print, web and broadcast media.
This event is generously made possible by Drexel University, Lebow College of Engineering (www.drexel.edu) and by TrapX (www.TrapX.com). Please be sure to stop by TrapX' table for more information.
•IMPORTANT TO BRING: Picture ID, notebook and business cards