• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.

View
 

BSidesStJohnsTalks2013

Security BSides St. John's

 

Friday, October 18th, 2013

 

Register at http://bsidesstjohns.eventbrite.com/ Limited space available

 

 

 Accepted Talks

 

  • Name: Darryl MacLeod, Tenable Networks
  • Title: Raspberry Pi As An Inforsec Tool - The Good, The Bad, and The Ugly

  • Abstract: The Raspberry Pi was released in 2012 and has exploded in popularity, especially in the Information Security arena. It's low cost, small footprint, and "hackability" make it an excellent Infosec platform (attack, defense, research, and anything in between). I will present a short background on the Pi, the numerous community-based projects/hacks, and how the Pi can benefit everyone in the Infosec community.. from the student to the C-level. 

 

  • Name: Charles Robertson, Verafin
  • Title: Online Criminal Attacks Against Banking Accounts

  • Abstract: Financial institutions and their customers are increasingly under attack from criminal hackers who are compromising customers' computers to obtain banking credentials. In this talk, we will review how compromises are taking place, how the criminals steal money via electronic transfers, and how detection analytics are helping us spot the crimes before all is lost. 

 

  • Name: Travis Barlow, eSentire
  • Title: An Idealist's view of the future of InfoSec

  • Abstract: While not an idealist himself Mr.Barlow will walk the audience through the current state of InfoSec and provide thought productive ideas on what can, no what needs to be done to further the InfoSec industry. Some issues covered will include Government control of the internet, private control of the internet, limitation of user rights, etc.

 

  • Name: Mark Nunnikhoven, TrendMicro
  • Title: A Pragmatic Approach To Risk 

  • Abstract: Risk assessments are a keystone of any security practice but they're also one of the areas where most practices fall behind. Current assessment frameworks generate a lot of paperwork and very little clarity. In this talk, you'll be introduced to a new approach to assessing risk that's simple and effective. Using the latest release of iOS and Mac OS X as examples, you'll see how you can quickly and easily gauge the level of risk a new technology introduces.

 

  • Name: Chris Vernon, Symantec
  • Title: Today's Threat Landscape – Facts, Figures, Myths and Perceptions 

  • Abstract:This presentation will focus on the changing threat landscape and how it affects today's information environments by examining threat statistics from Symantec's Global Intelligence Network and discussing how some popular myths and perceptions have affected our security strategies and potentially made life easier for today's attackers.

 

  • Name: Joe Dawson, EWA-Canada
  • Title:  Open Web Application Security Project (OWASP) 
  • Abstract:The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. The objective of this presentation is to provide a better understanding of OWASP and how it could be a benefit to anyone involved in Information Security. 

 

  • Name: Garry Coldwells, Palo Alto Networks 
  • Title: Firewall evolution, how innovation has kept the security gateway as your primary countermeasure.
  • Abstract: Over the course of the last twenty years, firewall technology has shifted from a simple daemon functioning within Unix, to multi-million code line packages encompassing expanding capabilities. Innovations in the layers of security abstraction have periodically driven new waves of firewall deployment. My talk will outline the past twenty years and what the key innovations over this time have been. I will discuss why these innovations appealed to security administrators and why some failed. I consider the current wave of next generation firewall technology to be the fourth iteration of security gateway technology. I intend to highlight what innovations have sparked this new wave and postulate as to what may lie ahead.

 

  • Name: Peter Rawsthorne
  • Title: Defense in Depth: Approaches and Importance of Enterprise Architecture Security Decisions (Lighting Talk) 

  • Abstract: In this lightning talk we will explore one approach to getting multi-stakeholder agreement on Enterprise Architecture decisions focused on a defense in depth security model. Corporate enterprise technology environments can be large and complicated. And when it comes to making changes to the internet facing security environment both rigorousness and resistance to change increase. These increased challenges can be overcome with good project / process management, solid end-to-end architecture, and a comprehensive decision making template. In a nutshell, this talk explores the enterprise architecture decision.

 

  • Name: Zach Mullaly
  • Title: Personal Security, Privacy, and Politics (Lighting Talk) 

  • Abstract: As of very recently, the global community is becoming increasingly aware of how open and secure communications across the internet are being subverted by powerful and well-funded government information agencies.  We are faced with devastating facts about the undermining of popular cryptographic primitives, and the mass collection and analysis of internet traffic.  Security specialists' roles in defending and testing digital protection systems is now more vital than ever, and the impact of choosing for which side one applies their skills has never be more significant.  The choice to refuse authoritative pressure to include backdoors and weaknesses in security measures must be contemplated by everyone in the field with a responsibility their clients as well as everyday users.  To address this ethical and technical challenge, one must look at how security and privacy play a role in an open and democratic society, and what it means for the people to have true, reliable, and trustworthy security in all circumstances 

 

 

Schedule

 

Friday October 18th, 2013 Track 1
8:30 AM - 9:00 AM Registration\Networking - Coffee and Muffins Served
9:00 AM - 9:10 AM Opening Remarks
9:10 AM- 9:50 AM
Name: Travis Barlow, eSentire
Talk: An Idealist's view of the future of InfoSec

10:00 AM - 10:20 AM

Name: Chris Vernon, Symantec
Talk: Today's Threat Landscape – Facts, Figures, Myths and Perceptions
10:30 AM - 11:20 AM Name: Mark Nunnikhoven, TrendMicro
Talk:  A Pragmatic Approach To Risk
11:30 AM - 11:50 AM

Name:  Peter Rawsthorne
Talk: Defense in Depth: Approaches and Importance of Enterprise Architecture Security Decisions (Lighting Talk)

12:00 PM - 12:20 PM Name: Zack Mullaly
Talk: Personal Security, Privacy, and Politics (Lighting Talk) 
12:30 PM - 1:30 PM
LUNCH

1:30 PM - 2:20 PM

Name: Charles Robertson, Verafin
Talk:  Online Criminal Attacks Against Banking Accounts
2:30 PM - 3:00 PM Name: Darryl MacLeod, Tenable Networks
Talk: Raspberry Pi As An Inforsec Tool - The Good, The Bad, and The Ugly
3:00 PM - 3:30 PM Break
3:30 PM - 4:20 PM Name: Joe Dawson, EWA-Canada
Talk: Open Web Application Security Project (OWASP)
4:30 PM - 5:20 PM Name: Garry Coldwells, Palo Alto Networks
Talk: Firewall evolution, how innovation has kept the security gateway as your primary countermeasure.
5:30 PM - 6:00 PM Grand Prize Give Away 
6:00 PM - Onwards Finger Foods\Drinks and Social Gathering

 

 

Sponsors

 

1. Platinum

 

 

 

 

 

 

2. Gold

 

 

 

 
3. Silver

 

 

 

  
4. Bronze

 

 

 

 

 


 
5. Educational Sponsor
 
 

 

Comments (0)

You don't have permission to comment on this page.