You are currently browsing the tag archive for the ‘conference’ tag.
Ill have a longer discussion of SIRACon later, maybe, but for now, you can find my talk slides here:
Some of it is old material, but some of it is new. I really like how it’s fitted together and ordered here.
UPDATE: Please see this link for the most current agenda. The one in the post is outdated: https://sintixerr.files.wordpress.com/2011/10/cyber-program_1020.pdf
So, one of the things I get to do as part of my job which has been pretty exciting is to put together the agenda for our 2nd annual Cyber Security in Transportation summit. It’s happening November 1 & 2 this year in the DC area and is going to be full of outstanding talks for all ages and backgrounds. ;) The summit is aimed at executives and decision makers from within the transportation industry who might be effected by cyber security or whos actions may affect the security of their organizations. We’re covering general cyber security themes as well as transportation specific ones. If you’re in the transportation sector – pipeline, aviation, freight rail, mass transit, highway & motor carrier – and want to attend, let me know at firstname.lastname@example.org.
The tentative agenda currently looks like this:
Summit Schedule (Click for Larger)
Industry Case Studies
Four discussions of transportation-specific cyber security concerns and perspectives: Incidents, Best Practices that worked, Lessons Learned, Soap Box Scenarios , etc.
Based on outcomes of this summer’s Transportation Cyber Security Exercise
Representatives of the Maritime mode will discuss topics of common interest
General Cyber Security Awareness Talks & Panels
Panel: Offensive Perspectives
Non-technical perspectives from well-known offensive researchers
Panel: Threats in the News
Current threats in the news such as APT, Stuxnet, and Anonymous
Panel: Executive Perspectives
Concerns and solutions in today’s environments
Panel: Risk Management
Cybersecurity impacts on business risk management
Verizon Data Breach Incident Report
An empirical overview of current trends
Ups, downs, concerns and impacts of social networking on cyber security
Users and Awareness
Exploration of the most critical aspect of cyber security: Users
Verizon Data Breach Incident Report: Bryan Sartin/Verizon Business
Industry Case Study 1: Boeing Mike Garrett/Boeing
Panel: Offensive Perspectives: Kevin Finisterre Ruben Santamarta Mark Fabro
Social Media: Patrick Gray/CISCO
Panel: Maritime Stakeholders (USCG & Industry)
Panel: Threats in the News: Scot Terban (Anonymous) Liam O Murchu / Symantec (Stuxnet) (APT)
Industry Case Study 2: Transportation Control Systems Darryl Song/Volpe
Keynote: Vice Admiral Parker/ USCG
Panel: Executive Perspectives: Amit Yoran/Netwitness Gus Hunt/CTO of CIA
Users & Awareness Mike Murray/MAD Security
Panel: Risk Management Jack Johnson/PWC Russell Thomas Jack Whitsitt
In a bit of fun and interesting timing it turns out I’ll be going to flocon in New Orleans this January.
Since I’ve spent the past 2-3 years doing business risk and security architecture, national sector level strategy, policy, etc….but now find myself getting into the technical details of building a CERT (ICS-CERT, specifically)…it’s suddenly time to get more up to speed on flows and how people are using them these days (Especially since I’d previously spent most of my time with firewalls and IDS data and not netflow / SiLK stuff).
My work on and release of pkviz this past weekend has helped a bit to get me re-focused on data analysis and playing with correlation tools and methodologies, but I’m still finding it odd going back to my earlier technology-centric security role – which I’d thought I’d given up. My head space has to be completely different than it was and I have to work around what some have called my fatalistic belief that technical security measures and analysis are doomed to fail in the face of our complete lack of interest in doing business risk architectures.
What scares me a little, though, is when I’ve been talking to people and doing research lately, it seems the state of the art of IDS, Flows, SEMS, SIEMS, network data analysis, etc. hasn’t changed all that much in the past few years. More vendors have sold more products, but they still do the same (questionable) things it seems. What gives? Am I off base?
Still, I’m pretty excited to get back into this type of thing and about the con. Who’s going to be there?
I just wanted to make sure everyone remembers to register for this great conference in DC this year. From their website:
Press Release August 20th 2009 — Speaker Agenda Released and Registration Open!
We are pleased to announce that the OWASP DC chapter will host the OWASP AppSec 2009 conference in Washington, DC. The AppSec DC OWASP Conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 600-700 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.
AppSec DC 2009 will be held at the Walter E. Washington Convention Center (801 Mount Vernon Place NW Washington, DC 20001) on November 10th through 13th 2009.
Who Should Attend AppSec DC 2009:
- Application Developers
- Application Testers and Quality Assurance
- Application Project Management and Staff
- Chief Information Officers, Chief Information Security Officers, Chief Technology Officers, Deputies, Associates and Staff
- Chief Financial Officers, Auditors, and Staff Responsible for IT Security Oversight and Compliance
- Security Managers and Staff
- Executives, Managers, and Staff Responsible for IT Security Governance
- IT Professionals Interesting in Improving IT Security