secanalysis.com

  • Increase font size
  • Default font size
  • Decrease font size

Speaking Engagements

ShmooCon Firetalk (Alternate)

Profiling and Tracking In 15 minutes

February 5th, 2010

Whether seeking information about a company for employment purposes or figuring out exactly who is flooding your IPS/IDS, tracking and profiling can be valuable skills for any security professional. This talk will discuss tools and techniques for profiling companies, tracking hacker activity, and identifying potential threats through Open-Source Intelligence (OSINT). There will be a particular focus on applying the hacker mindset to make determinations based on available data.


US-CERT Government Forum for Incident Response and Security Teams (GFIRST)

Firewalls, Intrusion Prevention Systems, Network Anomaly Detection Systems, End-Point Security...and Still Attacks are Slipping Through the Cracks!

August 25th, 2009

This session will take a look at some popular methods for attacking environments and how those attacks are bypassing current security countermeasures. The session will primarily focus around application attacks and why what most organizations are doing to defend their applications just isn't enough. The session will focus around what those attacks are and how attackers can simply alter their methods to defeat most security countermeasures available. Next some necessary steps to protect organizations are discussed. The session will end with an overview of how to respond to application incidents when they occur.

 

IBM Rational Software Conference 2009

Ensuring Security through Extending Quality

June 2nd, 2009

Conflicting business priorities, a steep learning curve, and rigid compliance standards have made implementing effective application security strategies extremely difficult. Even organizations focused on producing secure applications struggle to manage the roles, responsibilities, and expectations of diverse departments. This presentation details successful methods for implementing security as a part of quality. Effective methods for engaging multiple stakeholders in the production and maintenance of secure applications with IBM Rational products is discussed.