Daily Archives: February 26, 2020

A New Appreciation for Continuous Asset Monitoring

Does asset monitoring really have to be continuous? In a recent RSA blog post titled, “Security GRC Fundamentals: Creating and Utilizing a Business Context,” the case was made that without the business context provided by accurate inventory and the prioritization of information systems and data, all the intelligence in the […]

Ransomware Spread through Various Distribution Methods from 2018 to 2019

Jin Wook Kim, CERT Manager, WINS The session will explain how the ransomware distribution methods have changed from 2018 to 2019. One of them is GandCrab. It used LNK vulnerabilities in the form of an email message. In addition, Attacker uploaded Gandcrab ransomware disguised as an Adobe Flash Player update […]

Open Source Tooling for Threat Analysis and Attack Surface Management

Rey Bango, Security Advocate, Microsoft Gabriel Stocco, Senior Software Developer, Microsoft Open source solutions continue to evolve to meet the challenges of the cyberthreat landscape with top security companies like Microsoft actively contributing and releasing toolsets and code to help defenders better secure their assets. In this session, attendees will […]

The Security, DevOps and Chaos Playbook to Change the World

Aaron Rinehart, CTO, Founder, Verica James Wickett, Sr. Security Engineer, Verica DevOps and the subsequent move to bring security in under the umbrella of DevSecOps has created a new ethos for security. This talk will highlight security’s place in DevOps and how topics ranging from empathy to chaos to system […]

Repurposed Malware: A Dark Side of Recycling

Patrick Wardle, Principal Security Researcher, Jamf New Mac malware provides insight into the abilities of hackers and nation-states. But to other adversaries, such discoveries provide fully functional capabilities that may be weaponized for their own surreptitious purposes! This session will discuss attackers’ methodology of subverting existing malware and illustrate how […]

Continuous Security and Governance in the Cloud Using a Graph-Based CMDB

Sean Catlett, CISO, Reddit Erkang Zheng, CISO, LifeOmic Learn how Reddit utilizes a graph-based CMDB to gain visibility and ensure security governance in their cloud environment. This talk will explore their security journey of implementation and their results. It will also explore the power behind the graph-based approach such as […]

Lessons Learned: 50 Years of Mistakes in Cybersecurity

Steven Lipner, Executive Director, SAFECode Over 50 years, Steven Lipner has led a lot of security projects that he thought would change the world. Many of them crashed and burned at great cost in money and reputation. There were common threads including reliance on government claims about the market and […]

Securing the Software Development Life Cycle with Machine Learning

Scott Christiansen, Senior Security Program Manager, Microsoft Mayana Pereira, Data Scientist, Microsoft This session will cover how to identify and track security bugs in the software development life cycle using machine learning and natural language processing, including from basic concepts to handling practical problems such as mislabeled entries in the […]

Democratizing Security Knowledge and Automating Decisions

Alex Chantavy, Software Developer, Lyft Sacha Faust, Manager – Proactive Security, Lyft The mission of Lyft Security is to empower the company to make informed and automated security decisions. To achieve this, Lyft released Cartography—a tool that consolidates technical assets, and the relationships between them to enable rapid exploration, repeatable […]

Enabling and Reducing the Barriers for Collective Cyber-Defense

Moderator: Todd Weller, Chief Strategy Officer, Bandura Cyber Panelists: James Murphy, Cybersecurity and Infrastructure Security Agency, Private Sector Lead, Department of Homeland Security Bill Nelson, CEO, Global Resilience Federation Kimberly Watson, Technical Director, The Johns Hopkins University Applied Physics Lab The concept of collective cyber-defense is gaining momentum. This diverse […]

10 Cybersecurity Visibility Gaps Every CISO Must Fill!

Russell Eubanks, CIO, CISO and Certified SANS Instructor, Federal Reserve Bank of Atlanta The 10 gaps will each be paired with critical questions to help the successful CISO evaluate their level of visibility. This evaluation is simple enough to be finished before returning home from the RSA Conference. The results […]

Rocked to the Core

Moderator: Donna Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Technology (NIST) Panelists: Marene Allison, Chief Information Security Officer, Johnson & Johnson Paul Kocher, Security Entrepreneur and Researcher, – Phil Venables, Board Director and Senior Advisor Cyber, Goldman Sachs Over the last few years, significant vulnerabilities have been discovered […]

Hot Topics in Cyber-Law 2020

Moderator: Michael Aisenberg, Principal Cyber Policy Counsel, The MITRE Corporation Panelists: Catherine Barrett, Cyber Policy Principal, The MITRE Corp Lucy Thomson, Attorney, Livingston PLC Stephen Wu, Shareholder, Silicon Valley Law Group ABA information security leaders kick off the Law Track with the annual panel on critical emerging legal issues. Hot […]

Cloud Threat Hunting

Sherri Davidoff, CEO, LMG Security Matt Durrin, Security Consultant, LMG Security Cloud threat hunting is critical for proactively detecting and mitigating attacks on cloud and hybrid environments. Hackers leverage orchestration attacks, file synchronization poisoning, cross-tenant attacks, credential stuffing, and flaws in underlying architecture. Join this talk to learn effective cloud […]

Leading Change: Building a Security Culture of Protect, Detect and Respond

Lance Spitzner, Director, SANS Institute Cybersecurity is no longer just about technology; it is ultimately about organizational change. Change in not only how people think about security but also what they prioritize and how they act, from the board on down. This session will enable senior leaders to leverage the […]