Showing: 1 - 10 of 26 RESULTS

On this journey, where do I go next?

Everyone’s journey is different; many times, we think we are alone on our journey. What choices do you need to make to build a path for professional and personal fulfillment? How do you manage opportunities and challenges both personally and professionally especially in the security community? Three professionals have been selected based on their varied career paths which include academia, military, government and corporate positions; their personal lives as single or partnerships; and how they have participated in the community. This panel discussion is for beginners in the community looking for goalposts to follow and those already deep into their career looking for inspiration to overcome current challenges and set new goals for themselves.

 

Panel members:
Andrea Limbago, Chief Social Scientist at Virtru
Yolonda Smith, Lead Infosec Analyst at Target
Susan Peediyakkal, Cyber Threat Intelligence Lead Consultant at Booz Allen Hamilton

Be The Change – She/They Strategies for Ascending to a Level of Tech Influence to Change the World

This presentation will talk about four specific things you can do to prevent burnout, manage the inequity in a way that works to your advantage, and have the staying power so that future generations will have the benefit of standing on your shoulders. You will leave with practices and your personal roadmap for navigating the US “brotropia” whether you are an executive, a senior tech pro, or just getting started in tech.

Conference Talk Proposal Writing 101

Do you dream of applying to speak at a conference? Need to flesh out a presentation idea? Not sure where to start?

Join us as we break down what the talk proposal process entails, and get words onto paper! In this hands-on workshop, we will:

-Brainstorm and fine-tune presentation ideas individually and in groups -Walk through how to structure and deliver content -Write drafts of talk abstracts and outlines -Provide peer feedback on abstracts and outlines

Bring your desire to transform ideas into viable proposals for security cons or other technical conferences, and prepare to deliver and receive constructive peer feedback!

Laptops are optional – you will be writing, but you may do so either on a laptop or on paper.

How Secure Is This Thing Anyway? A Guide Into Mobile Security and Bug Bounties

Would you like to build your Android hacking skills and use them to collect bug bounties? This talk is for the absolute beginners who want to learn about mobile security and bug bounties. Mobile application security is an important area that has received relatively little attention so far. This makes it a promising area for opportunities, given that mobile devices are often in scope with bug bounty programs.

If you want to learn about bug bounties and android applications this talk is made for you!

Attendees will learn the structure of Android applications and be introduced to tools that can be used for penetration testing. Android Tamer is a virtual machine (VM) that can be used for mobile pentesting, reverse engineering, and code analysis. Burp Suite provides a proxy server and other tools that can be used to test web applications. Android Studio is an Integrated Development Environment (IDE) to review android code that also provides a simulator that allows users to run Android APK files on their desktops.

Hackers are Scary: Why the “Stupid User” is Actually just Afraid

One of the first and most important lessons the risk assessor learns is that the human is the weakest link. While computers will never stray from their algorithms, the average user is naive and forgetful – making them susceptible to being socially engineered into disclosing sensitive information.

The average user doesn’t see themself as a piece of the security puzzle – they believe that their data is sufficiently protected by immature frameworks, ethical corporations, and academia or affairs that are “too complicated” for them to participate in. As infosec professionals we know this is far from the truth – the compromise of an entire infrastructure can be owed to even the smallest human error. Yet our average user is unaware of the risk they carry, leading them to believe that anything they are allowed to know or do is inherently secure rather than simply being convenient for business operations.

Hackers are Scary recounts how a quest to make privacy and security a priority in the healthcare sector reveals this gap between theoretical responsibility and actual practice. Through the trials and tribulations in making health record fraud and medical device vulnerabilities an approachable topic, one thing becomes clear: that the average user is actually quite concerned, but does not know how to participate. At the same time, industry culture has a tendency to pass off this this gap of knowledge as the user’s laziness or irresponsiblity. Only by creating an approachable dialogue with which the non-security savvy can interface with will they be able to learn how they fit into the bigger picture – both technically and culturally – and why it is necessary for them to take agency over the protection of data entrusted to them.

Offroading with Test Scripts: Security in QA

How can QA and Information Security be allies?

In the QA community, it’s been acknowledged for years that we want the same thing as Development and Product: good software, delivered on time, to reach our company’s goals. Information Security has been less well represented. This is the story of how we started talking across the gap, improved our requirements, and spread the practice of security testing across a department.

Research at the Speed of News: Lessons Learned Building & Managing a Cybersecurity Research Publication Process

Research at the Speed of News: Lessons Learned Building & Managing a Cybersecurity Research Publication Process

Ever watched a news anchor present the latest vulnerability or fast-moving malware and wondered how that story went from research to headline? Who came up with the soundbites? Who tech reviewed the research before it hit the news? Why aren’t there more details and POC code? And why isn’t the original researcher on TV doing the talking? The behind the scenes reality is probably more complicated than you think and includes peer researcher reviews, responsible disclosure activity, legal edits (and wrangling), and keeping the PR and marketing machines tuned to technical truth. I learned all of this first-hand when tasked with building out a new research publication process for one of the world’s largest security companies. After analyzing the problem, we developed an original, interconnected, “gear-based” framework for coordinating the process quickly using a collaborative, community approach. In this talk, I’ll explain the many moving parts of research publication and detail the framework that I developed with my colleagues to ensure the research word got out as quickly, effectively, and responsibly as possible. I’ll share what worked – and what didn’t – and deliver practical advice on how to set up the process, deal with fast (latest malware) and slow (annual security report) research cycles, manage researcher expectations, handle issues with plagiarism, work with legal reviewers, and determine the best channels for amplifying the message and keeping the research publication gears turning smoothly.

Accountability and Ethics in Cybersecurity Practices

With the increasing dependence on digital systems, cybersecurity is in high demand to secure resources, information, platforms, and identities throughout an organization’s entire technical stack, including online and on-prem systems. Public awareness of the need for security and privacy is on the rise, but companies and government regulations are not keeping pace with the fast-changing threat ecosystem. The goal of this project is to enumerate and explore the concrete ways companies’ security practices can be aligned with current best practices for consumer data protection. Drawing from expectations implied by U.S. state, federal and international law (such as the California Privacy Act, HIPAA and EUGDPR), industry standards and current understanding of effective IT security practice, the guideline developed in this research shows the actions that companies should follow in order to secure their customers’ data and by extent achieve an ethical business practice as well as the grounds to be held accountable for their actions and mistakes. This is all focused from a business perspective: security is approached in terms of a ‘calculated risk’ and the acceptance of consequences instead of the traditional technical-only analysis, which is often incomprehensible to management.

Your Mom Doesn’t Work Here… But She Probably Should

As two parents working in incident response with seven children between us, we have a unique perspective and appreciation for the overlap in skills between parenting and the security field.

We will use the NIST Incident Response Life Cycle model (Preparation; Detection & Analysis; Containment, Eradication & Recovery; and Post-Incident Activity) to illustrate the parallels in these skillsets and show the value that a seasoned parent holds. From threat modeling to triage, moms and dads have expertise that may not be recognized. We want to call that to attention and stress that providing a flexible workplace in order for the people with these diverse skills to thrive is a worthwhile investment.

The Secret Weapon to Fight InfoSec FUD

FUD (Fear, Uncertainty & Doubt) runs rampant in information security on a daily basis. Sensationalized claims leveraging stolen data or a simple misconfiguration are manipulated to make a headline. The science becomes so obscure that the true findings falls through the cracks. How do we get out of this vicious cycle? The secret weapon to fight FUD is provided from two points of view: the researcher and their target. As a researcher, how can you ensure your findings are taken seriously and not tagged as FUD? As a company or area under the eye of the research community, what can you do to not make the situation worse and become better respected.