Past Presentations

Featured Presentation Slides

Transforming IT: Security Risk Management for the Coming Decade - Debbie Christofferson, June, 2012

IT security risk has exploded exponentially. What does this mean to your business and for global, local, IT and security? What is enterprise risk management and how does it apply to security and your business? How much security is enough? Find out what matters most to executive staff, where opportunities and trends lie, and what you can you do today.

Join us in this high energy engaging session to learn more about:
• What enterprise, IT and security risk mean to your business and career
• The magic principles of risk management
• What risk management means to your executives, boards, government and clients
• Where enterprise, local, IT and security fit within risk management and your business
• Secrets of managing risk on any budget
• What a successful IT and security risk strategy involves
• New trends impacting enterprise, security and IT risk to your bottom line
• Rising career opportunities in risk management
• Easy steps you can do today—how to get started now

By attending this session, you will be able to
- Identify major risks in your own business model
- Create a strategy to protect you and your business
- Incorporate global, security and career trends into your risk management strategy

Breaking the Lifecycle of the Modern Threat – Santiago Polo, April 2012
: Network attacks are becoming both more sophisticated and more common, with all types of enterprises and all types of information being targeted by attackers. In this presentation we will shine light on the lifecycle of a modern network attack to understand how the threat landscape has changed and what is required from us as security professionals to protect our networks and users today.

Pulp Google Hacking – Francis Brown,  February 2012
Last year’s Lord of the Bing presentation stabbed Google Hacking in the heart with a syringe full of adrenaline and injected life back into a dying art form. New attack tools and modern defensive techniques redefined the way people thought about Google Hacking. Among these were the first ever Bing Hacking tool and the Google/Bing Hacking Alert RSS feeds, which have grown to become the world’s single largest repository of live vulnerabilities on the web. And it was only the beginning…  
View Slides»

Securing the SDLC – Jerry Hoff,  January 2012
There are multiple documents, methodologies and schools of thought for adding security activities to each step of the SDLC. In this presentation we will go through several of the more popular methodologies and discuss advantages / disadvantages of each. We will also discuss challenges and resistance of trying to add security to an entrenched development process.  
View Slides»

Beyond Signatures & DPI – Tomás Byrnes, July 2011
The current threat landscape is characterized by a growing number of attacks of increasing sophistication and criminal intent. Today’s IT security professionals understand that safeguarding corporate data and assets requires a multi-layered approach. Join Tom Byrnes, industry expert and CEO of ThreatSTOP as he shares best practices in layered security, how to protect against botnets and Advanced Persistent Threats, and the impact of IPv6 on your security infrastructure.  View Slides»

Hacking the Cloud – Dr. Eugene Schultz, 2011 Infosec Summit
Major Cloud security risks and methods of hacking. Presented at the 3rd Annual Information Security Summit hosted by ISSA-LA in June 2011.  View Slides»

Top Ten Web Hacking Techniques of 2010 – Jeremiah Grossman,  2011 Infosec Summit
“Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we’re talking about brand new and creative methods of Web-based attack.” WhiteHat Security Founder & CTO Jeremiah Grossman presented at the 3rd Annual Information Security Summit hosted by ISSA-LA in June 2011.  View Slides»

Worst Mistakes in Cloud Security
Dr. Eugene Shultz,  2011 Infosec Summit
Outlines the 11 most serious mistakes made with regard to security in cloud computing. Presented at the 3rd Annual Information Security Summit hosted by ISSA-LA in June 2011.  View Slides»

Stuxnet – Attack on Critical Infrastructure – Liam O Murchu,  March 2011
Stuxnet is the first threat we have seen that is capable of changing how physical machinery can operate. This automatically places the worm in a completely new category of threats. The fact that it’s suspected target was an Uranium enrichment facility is Iran only adds to its novelty. These and other aspects of Stuxnet make it stand out as a ground breaking project and are the topics for discussion in this talk. As well as discussing what makes Stuxnet so unusual, recently released information about the way that Stuxnet spread from computer to computer will also be shown. This information highlights how well Stuxnet actually performed in the real world, not just the theoretical capabilities of the threat. The implications on security procedures that Stuxnet has raised will also be presented.  View Slides»

Anatomy of an APT Attack
David Nardoni & Jeff Dye,  February 2011
The news is seemingly wrought with stories of network and data breaches. Buzzwords abound at a dizzying pace: viruses, malware, and botnets oh my! Then we learn of something a bit more nefarious; the Advanced Persistent Threat (APT). In our discussion, we will explore APT attacks from the incident responder’s point of view. We will discuss examples of how the attacks are carried out and, which containment and remediation actions are effective and which are not. The goal is to provide you, the First Responder, with some basic guidelines, tips, and techniques on dealing with APT events.  View Slides»

Mobile Application Security
Dr. Eugene Schultz, January 2011
The user computing environment has changed considerably over the last decade. Mobile computing devices such as laptop computers, smartphones, Bluetooth devices, and personal data assistants (PDAs) are now routinely used not only by “road warriors,” but also by other employees and contractors both within and outside of the traditional workplace. Mobility creates many security-related risks (physical theft, eavesdropping in wireless environments, viruses and worms, anonymous connections, unauthorized connections to mobile devices through exploitation of vulnerabilities, and more), many or most of which are typically not adequately understood, let alone addressed. The fact that business-critical information is often stored on these devices further exacerbates these risks; the fact that mobile applications commonly run on these devices have generally been written without much if any consideration of security proliferates risk even more. Worse yet, information and knowledge concerning mobile applications are scarce. Even fewer people know virtually anything about mobile application security, resulting in these applications running in what is almost always an insecure “out-of-the-box” state. Additionally, iPhones must be “jailbroken” to run certain applications—the consequences for security are not good. This presentation concentrates on the functionality of a range of widely used mobile applications, vulnerabilities and risks associated with these applications, and possible security solutions, if they exist.  View Slides»

Threat Modeling at Symantec
Edward Bonver,  September 2010
Threat Modeling is one of the most important security activities that a development/QA team needs to perform as part of a Security Development Lifecycle. This activity allows the team to build a complete security profile of the system being built. Threat Modeling is not always easy to get going for a team that has little or no security experience. In this presentation we’ll take a look at why Threat Modeling is so important; we’ll explore the process behind it, and how the process is being implemented and followed across Symantec.  View Slides»

Secure Coding Practices and Procedures
Mike O. Villegas,  September 2010
Organizations process information over web applications that can be often classified as sensitive, confidential, or considered intellectual property. Web Application Firewalls (WAF) provide protection for business critical data and web applications with an automated and transparent approach to monitor and protect enterprise data as it is accessed and transacted through applications. To augment WAF filtering and vulnerability monitoring, many organizations have developed or outsource secure code reviews and development. Information Security at Newegg established their own .NET C# secure coding standard, train and test our developers on secure coding, and do their own secure code reviews with WebInspect and manual code reviews. They started to develop a web application threat modeling approach but it is still in its infancy. This presentation focuses on the secure coding standard, satisfying PCI requirements for such, and training / testing of developers in secure coding practices using OWASP Top 10 Vulnerabilities as its foundation.  View Slides»

Share with others: