You are currently browsing the tag archive for the ‘conference’ tag.

Ill have a longer discussion of SIRACon later, maybe, but for now, you can find my talk slides here:



Some of it is old material, but some of it is new. I really like how it’s fitted together and ordered here.


UPDATE: Please see this link for the most current agenda. The one in the post is outdated:

So, one of the things I get to do as part of my job which has been pretty exciting is to put together the agenda for our 2nd annual Cyber Security in Transportation summit. It’s happening November 1 & 2 this year in the DC area and is going to be full of outstanding talks for all ages and backgrounds. ;) The summit is aimed at executives and decision makers from within the transportation industry who might be effected by cyber security or whos actions may affect the security of their organizations. We’re covering general cyber security themes as well as transportation specific ones. If you’re in the transportation sector – pipeline, aviation, freight rail, mass transit, highway & motor carrier – and want to attend, let me know at

The tentative agenda currently looks like this:

Summit Schedule (Click for Larger)















Industry Case Studies

Four discussions of transportation-specific cyber security concerns and perspectives: Incidents, Best Practices that worked, Lessons Learned, Soap Box Scenarios , etc.

Public/Private Partnership

Sector Collaboration

Based on outcomes of this summer’s Transportation Cyber Security Exercise


Panel: Maritime

Representatives of the Maritime mode will discuss  topics of common interest




General Cyber Security Awareness Talks & Panels

Panel: Offensive Perspectives

Non-technical perspectives from well-known offensive researchers

Panel: Threats in the News

Current threats in the news such as APT, Stuxnet, and Anonymous


Panel: Executive Perspectives

Concerns and solutions in today’s environments


Panel: Risk Management

Cybersecurity impacts on business risk management


Verizon Data Breach Incident Report

An empirical overview of current trends

Social Networking

Ups, downs, concerns and impacts of social networking on cyber security

Users and Awareness

Exploration of the most critical aspect of cyber security: Users

 Verizon Data Breach Incident Report: Bryan Sartin/Verizon Business   
Industry Case Study 1: Boeing Mike Garrett/Boeing   
Panel: Offensive Perspectives: Kevin Finisterre Ruben Santamarta  Mark Fabro
Social Media: Patrick Gray/CISCO   
Panel: Maritime Stakeholders  (USCG & Industry)   
Panel: Threats in the News: Scot Terban (Anonymous) Liam O Murchu / Symantec (Stuxnet)  (APT) 
Industry Case Study 2: Transportation Control Systems Darryl Song/Volpe   
Keynote:  Vice Admiral Parker/ USCG   
Panel: Executive Perspectives: Amit Yoran/Netwitness Gus Hunt/CTO of CIA  
Sector Collaboration   
Users & Awareness Mike Murray/MAD Security      
Panel: Risk Management Jack Johnson/PWC Russell Thomas  Jack Whitsitt

In a bit of fun and interesting timing it turns out I’ll be going to flocon in New Orleans this January.

Since I’ve spent the past 2-3 years doing business risk and security architecture, national sector level strategy, policy, etc….but now find myself getting into the technical details of building a CERT (ICS-CERT, specifically)…it’s suddenly time to get more up to speed on flows and how people are using them these days (Especially since I’d previously spent most of my time with firewalls and IDS data and not netflow / SiLK stuff).

My work on and release of pkviz this past weekend has helped a bit to get me re-focused on data analysis and playing with correlation tools and methodologies, but I’m still finding it odd going back to my earlier technology-centric security role  – which I’d thought I’d given up.  My head space has to be completely different than it was and I have to work around what some have called my fatalistic belief that technical security measures and analysis are doomed to fail in the face of our complete lack of interest in doing business risk architectures.

What scares me a little, though, is when I’ve been talking to people and doing research lately, it seems the state of the art of IDS, Flows, SEMS, SIEMS, network data analysis, etc. hasn’t changed all that much in the past few years. More vendors have sold more products, but they still do the same (questionable) things it seems. What gives? Am I off base?

Still, I’m pretty excited to get back into this type of thing and about the con. Who’s going to be there?

I just wanted to make sure everyone remembers to register for this great conference in DC this year.  From their website:

Press Release August 20th 2009 — Speaker Agenda Released and Registration Open!

We are pleased to announce that the OWASP DC chapter will host the OWASP AppSec 2009 conference in Washington, DC. The AppSec DC OWASP Conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 600-700 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

AppSec DC 2009 will be held at the Walter E. Washington Convention Center (801 Mount Vernon Place NW Washington, DC 20001) on November 10th through 13th 2009.

Who Should Attend AppSec DC 2009:

  • Application Developers
  • Application Testers and Quality Assurance
  • Application Project Management and Staff
  • Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
  • Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
  • Security Managers and Staff
  • Executives, Managers, and Staff Responsible for IT Security Governance
  • IT Professionals Interesting in Improving IT Security

Follow me on Twitter

My Art / Misc. Photo Stream