Tag: conference

Diving into the Issues: Observations from SOURCE and AtlSecCon

Last week I had the pleasure of presenting three times, at two conferences, in two different countries: SOURCE in Boston, MA and at the Atlantic Security Conference (AtlSecCon) in Halifax, NS, Canada.

The first event of my week was SOURCE Boston. This year marked the tenth anniversary of SOURCE Conference and it continues to pride itself on being one of the only venues that brings business, technology and security professionals together under one roof to focus on real-world, practical security solutions for some of todays toughest security issues. Though I was only there for the first day, I was able to catch up with friends, play some Hacker Movie Trivia with Paul Asadoorian (@securityweekly), and chat with attendees on some of the biggest challenges we face around detecting and mitigating ransomware attacks.

After my presentation, I rushed off to Logan Airport to sit in, on what I now choose to call, the “Air Canada Ghetto” – a small three gate departure area segregated from the rest of the airport and its amenities. A minor four hour delay later, I was on my way to Halifax for AtlSecCon.

Between meetings and casual conversations I was enlightened by several presentations. Raf Los (@Wh1t3Rabbit), managing director of solutions research & development at Optiv, discussing Getting Off the Back Foot – Employing Active Defence which talked about an outcome-oriented and capabilities-driven model for more effective enterprise security.

After his talk, Aunshul Rege (@prof_rege), an assistant professor with the Criminal Justice department at Temple University, gave a very interesting talk entitled Measuring Adversarial Behavior in Cyberattacks. With a background in criminology, Aunshul presented her research from observations and interviews conducted at the Industrial Control Systems Computer Emergency Response Team’s (ICS-CERT) Red/Blue cybersecurity training exercise held at Idaho National Laboratory. Specifically, she covered how adversaries might engage in research and planning, offer team support, manage conflict between group members, structure attack paths (intrusion chains), navigate disruptions to their attack paths, and how limited knowledge bases and self-induced mistakes can possibly impact adversaries.

The last presentation was Mark Nunnikhoven’s (@marknca) highlighting Is Your Security Team Set up To Fail? Mark, the VP of cloud research at Trend Micro and a personal friend, examined the current state of IT security programs and teams…delving into the structure, goals, and skills prioritized by the industry.

The second day of the conference was filled with meetings for me but I was able to sit through Michael Joyce’s talk entitled A Cocktail Recipe for Improving Canadian Cybersecurity.  Joyce described the goals and objectives of The Smart Cybersecurity Network (SERENE-RISC) – a federally funded, not-for-profit knowledge mobilization network created to improve the general public’s awareness of cybersecurity risks and to empower all to mitigate them through knowledge. He was an excellent presenter and served as a call to action for those looking to help communicate the need for cybersecurity to all Canadians.

At both conferences I presented my latest talk entitled The Not-So-Improbable Future of Ransomware which explored how thousands of years of human kidnap and ransom doctrine have served as a playbook for ransomware campaign operators to follow. It was well received by both audiences and sparked follow-up conversations and discussions throughout the week. The SOURCE version can be found here and the AtlSecCon version here.

The conversation was received some early praise on the SOURCE session in addition to written pieces by Bill Brenner (@billbrenner70) from Sophos:


And Taylor Armerding (@tarmerding2) from CSO:


At AtlSecCon I joined a panel entitled Security Modelling Fundamentals: Should Security Teams Model a SOC Around Threats or Just Build Layers? Chaired by Tom Bain (@tmbainjr1), VP of marketing at CounterTack, the session served as a potpourri of security threats and trends ranging from ransomware, to regulation, to attack mitigation. It was quite fun and a great way to end the day.

Though it was a long series of flights home to the Bay Area I thoroughly enjoyed both conferences. I would highly recommend attending and/or speaking at both next year if you are provided with the opportunity.

Next up, (ISC)² CyberSecureGov 2017 in Washington, D.C. and the Rocky Mountain Information Security Conference (RMISC) in Denver, CO. Perhaps I’ll see some of our readers there!

The post Diving into the Issues: Observations from SOURCE and AtlSecCon appeared first on LEO Cyber Security.

Towards An Objective and Scientific CFP Methodology

scientistsI, like many in the information security industry, submit talks to a number of conferences every year. The more conferences I submit to, however, the more apparent it becomes (at least to me) that a more scientific approach to the call for papers/proposal (CFP) process is required to reduce bias. I’m not saying that any or all of the CFP committee participants, or the conference itself, is guilty of malicious or intentional bias. Science has shown that there will always be irrational cognitive biases, whether intentional or not, that affect our decision making process. In a CFP process this could manifest itself as bias towards any number of things such as a particular topic, an individual’s past, sexual orientation or identification, company or industry affiliation, and even the grammar of the submission itself.
 
I see the CFP process as a reproducible experiment. As such, an experiment of this nature requires a number of things to be conducted successfully in a measurable and repeatable fashion. The following list of ideas are the result of a personal brainstorm of what I would like to see included as a part of the CFP process (in no particular order):

Continue Reading

S4 Incident Responder and Researcher Conference: Agenda

png;base64b76f02253768fafc

As a follow up to our previous post, the agenda for the S4 Incident Responder and Researcher Conference, being held at OpenDNS HQ on September 18th, 2014, is now finalized.

Training Sessions

 

Time TitlePresenter
8:00Breakfast and coffee (first talk 9AM SHARP!)n/a
9:00 – 11:00Malware Analysis for Incident RespondersLenny ZeltserThe SANS Institute
11:00 – 13:00Using Bro*Anthony KaszaOpenDNS
13:00 – 15:00Using MolochScott Floyd, Salesforce
15:00 – 17:00IR 2.0 : Elastic Search, Logstash, Kibana (ELK)The folks at Elastic Search

 

Note: Lunch will be provided and available during the Bro session.

 

Evening Talks

 

Time TitlePresenter
17:00 – 17:20Measuring the IQ of your Threat Intelligence FeedsAlex PintoMLSec Project
17:30 – 17:50FastResponder: New Open Source weapon to detect and understand a large scale compromiseSébastien LarinierGuillaume Arcas, and Olivier Zheng, Sekoia
18:00 – 18:20Threat intelligence for Incident RespondersSam LilesCyberforensics Laboratory at Purdue
18:30 – 18:50Building Your Own DFIR SidekickScott J RobertsGitHub
19:00 – 19:20GRR and Rekall: State of the UnionElizabeth Schweinsberg and Kristinn Gudjonsson, Google
19:30 – 22:00Networking, drinks, and conversationn/a

 

S4 Incident Responder and Researcher Conference Details

 

Who: Incident Responders, Security Researchers, Security Analysts
What: S4 (San Francisco Security Series): Incident Responder and Researcher Conference
When: September 18, 2014 (registration starts at 8:30 AM. First training at 9:00AM)
Where: OpenDNS HQ, 135 Bluxome St., San Francisco, CA 94107
Price: Free
Food and Drinks: Provided
Free and reliable WiFi: Provided
Event Hashtag: #s4con
OpenDNS Twitter Account: twitter.com/OpenDNS

 

Please reserve soon as space is limited. Again, the registration link can be found here: https://irespond.eventbrite.com.

We look forward to seeing you!

The post S4 Incident Responder and Researcher Conference: Agenda appeared first on OpenDNS Security Labs.

Scroll to top