Security Learns to Sprint: DevSecOps

Security Learns to Sprint: DevSecOps

RSA Conference:Tanya Janca, Senior Cloud Developer Advocate, Microsoft

This talk will argue that DevOps could be the best thing to happen to application security since OWASP, if developers and operations teams are enabled to make security a part of their everyday work. We must build security into each of the “Three Ways”; if they are sprinting, then we need to sprint too. So put on your running shoes; it’s time for DevSecOps!Learning Objectives:1: Learn how to adjust DevOps to DevSecOps.2: Obtain a view of AppSec and SecOps.3: -

Attacking Machine Learning: On the Security and Privacy of Neural Networks

Attacking Machine Learning: On the Security and Privacy of Neural Networks

RSA Conference: Nicholas Carlini, Research Scientist, Google

Despite significant successes, machine learning has serious security and privacy concerns. This talk will examine two of these. First, how adversarial examples can be used to fool state-of-the-art vision classifiers (to, e.g., make self-driving cars incorrectly classify road signs). Second, how to extract private training data out of a trained neural network.Learning Objectives:1: Recognize the potential impact of adversarial examples for attacking neural network classifiers.2: Understand how sensitive training data can be leaked through exposing APIs to pre-trained models.3: Know when you need to deploy defenses to counter these new threats in the machine learning age.Pre-Requisites:Understanding of threats on traditional classifiers (e.g., spam or malware systems), evasion attacks, and privacy, as well as the basics of machine learning.

Come Get Your Free NSA Reverse Engineering Tool!

Come Get Your Free NSA Reverse Engineering Tool!

RSA Conference: Robert Joyce, Senior Advisor, National Security Agency

NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS and LINUX and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.Learning Objectives:1: Understand the unique capabilities and features of NSA’s software reverse engineering platform.2: Learn about team collaboration on a single project using this reverse engineering tool.3: Where to download the tool suite, how to install it and where to speak to NSA experts about it at RSA.

Cyber-Influence: Cyberwar and Psychological Operations

Cyber-Influence: Cyberwar and Psychological Operations

RSA Conference: Lawrence Dietz, General Counsel, TAL Global Corporation

The real cyber-battlefield is for “hearts and minds.” Our enemies are good at this as shown by Russian voter influence and ISIS propaganda. US efforts don’t appear to be nearly as successful. This session will explore the fragmentation between cyberspace operations and Psychological Operations (PSYOP).Learning Objectives:1: Understand the difference between cyberattacks and influence operations.2: Learn why cyberspace operations with influence are combined to achieve operational objectives.3: Gain a basic understanding of classic military strategy fundamentals.Pre-Requisites:Basic understanding of cyberattacks and defense. Some marketing knowledge would be helpful.

12 Ways to Hack 2FA

12 Ways to Hack 2FA

RSA Conference: Roger Grimes, Data-Driven Defense Evangelist, KnowBe4, Inc.

Passwords are finally being left behind in favor of two-factor (2FA) and multifactor (MFA) authentication. Some vendors are promoting “unhackable” 5FA solutions. It’s all a lie. All authentication solutions can be hacked. Come learn at least 12 ways 2FA can be hacked, how 2FA really works behind the scenes, what the holes are, how to hack it and how you can defend against those attacks.Learning Objectives:1: Understand how 2FA really works behind the scenes.2: Learn how 2FA solutions are hacked.3: Learn how to defend against 2FA attacks.Pre-Requisites:Understanding of basic terms such as smartcard, USB key, password, PIN, etc. Everything else is explained.

How Long to Boom: Understanding and Measuring ICS Hacker Maturity

How Long to Boom: Understanding and Measuring ICS Hacker Maturity

RSA Conference

Sergio Caltagirone, Director, Threat Intelligence, Dragos

The industrial control system threat is growing quickly. But ICS hackers do not start by disrupting electric grids. Instead, they mature predictably leading them from things that go bad, to things that go boom. Using ICS threat intelligence we’ve developed an ICS hacker maturity model enabling us to determine how much risk a threat poses and predict how long until they reach maximum risk.Learning Objectives:1: Understand and differentiate between risks in industrial control and critical infrastructure threats.2: Learn the different levels of threat maturity and how to map them to environment risk.3: Know how to estimate how long a threat will take to reach future maturity levels.

Top 10 Ways to Make Hackers Excited: About the Shortcuts Not Worth Taking

Top 10 Ways to Make Hackers Excited: About the Shortcuts Not Worth Taking

RSA Conference: Paula Januszkiewicz , CEO, CQURE

Designing secure architecture can always be more expensive, time consuming and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Come to the session and learn what mistakes were eliminated when working with customers.Learning Objectives:1: Learn how to eliminate mistakes.2: Learn how to not take shortcuts.3: Learn how to protect yourself.Pre-Requisites:Attendees should have good hands-on experience in the IT department, at least eight years in the field is recommended.

Understanding the Threats to Intelligently Defend

Understanding the Threats to Intelligently Defend

RSA Conference: Leonard Kleinman, Chief Cyber Security Advisor Asia Pacific Japan, RSA

Individuals and businesses can potentially be compromised using various intelligence gathering techniques including social engineering and social media data collection tools such as open source intelligence (OSINT). This highly visual interactive session will demonstrate just how easily this can be done and offer recommendations of how to best defend against it with a risk-centered orientation.

No More Firewalls! How Zero-Trust Networks Are Reshaping Cybersecurity

No More Firewalls! How Zero-Trust Networks Are Reshaping Cybersecurity

RSA Conference:Matt Soseman, Security Architect, Microsoft

Network firewalls are becoming irrelevant, and we can no longer assume that perimeter networks can be trusted. With adoption of bring your own device and bring your own cloud, we must evolve our defenses to devices and identities. Join this session to explore this new world via rich live demos. (No PowerPoint allowed!)Learning Objectives:1: Understand how the security state and trustworthiness contribute to overall security posture.2: Learn considerations for automated access to resources via device and identity conditions.3: Discover how to apply these conditions to line of business SaaS apps or on-premises web apps.Pre-Requisites:Attendees should be familiar with the modern challenges of protecting identity and information in the age of cloud and mobility. Attendees should understand fundamental concepts such as Software-as-a-Service and bring your own device (BYOD).

The New Why of Cybersecurity

The New Why of Cybersecurity

RSA Conference:Rohit Ghai, President, RSA Holly Rollo, Senior Vice President and Digital Transformational Leader, RSA

Digital investment accelerates business velocity, transforms constituent experiences and spawns new opportunities. But this formidable force for human progress also magnifies risk; it accelerates change and complexity, inviting new threats and devastating impacts. Security leaders are left reframing a new answer to an old question: Why? Managing digital risk is the new why for cybersecurity.

Who Owns Your Digital Breadcrumbs?

Who Owns Your Digital Breadcrumbs?

RSA Conference: Jeffrey Blatt, Of Counsel, Tilleke & Gibbins International

Every moment of every day connected persons, IOT devices and enterprises generate an unending stream of data. Virtually all of the data created is held and controlled by third parties. Who owns and/or has access to the data each of us generates? In 2019 what does ‘data privacy’ mean? We will explore data privacy, government access and commercial use in light of current issues and some recent regional legislation.

The Rise of the Machines, AI- and ML-Based Attacks Demonstrated

The Rise of the Machines, AI- and ML-Based Attacks Demonstrated

RSA Conference:Etienne Greeff, CTO, Secure Data, Wicus Ross, Lead Researcher, SecureData Labs

There is a popular and accurate narrative that AI and ML is more suited to offensive than defensive applications. There are few practical examples of the offensive use of AI and ML, however. This talk will demonstrate two attacks based on topic modelling to accurately map a network and to classify thousands of e-mails. The session will also examine defensive options today and into the future.Learning Objectives:1: Learn from practical examples of the offensive use of AI and ML.2: Discover how AI and ML could be used for the most powerful feature based attacks.3: Understand how AI modifies the threat landscape as we see it.

Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors

Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors

RSA Conference: Joe Slowik, Adversary Hunter, Dragos

Cyber-defense centers on “what” a technology is designed to look for, with capabilities and limitations depending on method. Three distinct approaches have emerged: traditional IOCs, anomaly detection and behavioral analytics. Unfortunately, marketing has muddied these terms beyond recognition—this presentation will correct this by critically examining each approach and its capabilities.Learning Objectives:1: Gain understanding of defense detection methodologies.2: Evaluate the costs and benefits inherent to different detection approaches.3: Make decisions for the organization relevant to the organization's security needs.Pre-Requisites:General knowledge of detection methodology and technologies, awareness of current product types performing threat detection and alerting, and broad knowledge of general security incidents.

Live Adversary Simulation: Red and Blue Team Tactics

Live Adversary Simulation: Red and Blue Team Tactics


RSA Conference:James Lyne, Director of Research, SANS InstituteStephen Sims, Security Researcher, SANS Institute
Historically, penetration testers and cyber-defenders report to a separate management structure. This can hinder good communication between the two teams. We've all heard the saying “Offense Informs Defense.” This should be a bidirectional feedback loop where each side works together to run simulations and educate each other. This concept is often referred to as “Purple Teaming.”Learning Objectives:1: Learn how to perform adversarial threat simulation.2: Learn how to enable communication between red and blue teams.3: Understand how to map APT phases to a killchain life cycle.Pre-Requisites:A background in systems administration, incident response, forensics, network engineering, penetration testing or other similar disciplines..

Digital Surveillance and Cyberespionage at Scale

Digital Surveillance and Cyberespionage at Scale

RSA Conference: Steven Adair, President, Volexity

Learn how OceanLotus, one of the most advanced and pervasive threat groups that is active today, manages its tracking, exploitation, and command and control operations around the world. There is a good chance you have been tracked by OceanLotus without even knowing it. This talk will show how a digital surveillance campaign can turn into a cyberespionage operation.Learning Objectives:1: Learn about an advanced threat group from a country you would not typically expect it from.2: Examine how APT groups are leveraging government and NGO websites to launch targeted attacks.3: See how legitimate cloud services are being abused by APT attackers to bypass security controls.Pre-Requisites:General understanding of what APT threats are, how exploits are used, what spear phishing is, etc.

Behavior and Misbehavior: The First Ever RSAC SOC Report

Behavior and Misbehavior: The First Ever RSAC SOC Report

RSA Conference: Jessica Bair, Senior Manager, Advanced Threat Solutions, Cisco Security, Percy Tucker, Senior Manager, RSA, Neil Wyler, Threat Hunter, RSA

In this session the presenters will share experiences monitoring the RSAC network. They’ll discuss changes over the years, informative/comical experiences from the trenches and what it likely means for our industry’s future. So if you’d like to see what a network looks like when its users know security, know its challenges, should know better and choose to ignore all of that anyway, join us for the RSAC SOC report.

Three Things the Security Industry Isn’t Talking About (but Should Be)

Three Things the Security Industry Isn’t Talking About (but Should Be)

RSA Conference: Pat Gelsinger, Chief Executive Officer, VMwareShannon Lietz, Director, Intuit

The biggest threat to security today is our hyper-focus on threats. Most innovations have centered on finding and dealing with attacks. By contrast, very little has been done in how we shrink the attack surface. That domain needs to be a topic to achieve big gains in security. Join VMware CEO Pat Gelsinger and Intuit DevSecOps Leader Shannon Lietz, as they unveil the three things the industry needs to talk about to reduce the attack surface and shift the advantage to the defenders.