EMF Radiation Poisoning

Malicious Documents Emerging Trends: A Gmail Perspective

RSA Conference
Elie Bursztein, Security and Anti-Abuse Research Lead, Google
Everyday Gmail defenses analyze billions of attachments to prevent malicious documents from reaching the inboxes of its users whether they are end-users or corporate ones. This talk provides a comprehensive analysis of the malicious documents that target users and corporate inboxes, an in-depth analysis of the latest evasion tactics used by attackers and what Google is doing about it.Pre-Requisites: A general understanding of what malware are. A basic knowledge of what macro, javascript, clustering, ip/asn, packer, droppers, botnets, malware as a service and exploits are. Some notion of what obfuscation is and, a basic familiarity with fud (fully undetectable documents) and adversarial attacks.

Making the Leap: Transforming from Techie to Security Leader

•Feb 25, 2020

RSA Conference: Todd Fitzgerald, CISO, Cybersecurity Leadership Author, CISO SPOTLIGHT, LLC

You have been a techie and developed great security skills. Now you want to move into management. Should you? Will you be happy there? How will your life change? Is this a good move? How will you get there? This session will examine what this career choice really means—and how to move to a CISO/security leader role.

Contempoary Issues in Human Resource Management = 20 CPE Completed

Protecting Data from Ransomware and Breaches: Demos and Designs

RSA Conference: Michael Ekstrom, Lead Cybersecurity Engineer, MITRE,Mary Yang, Portfolio Manager, The MITRE Corporation

Little is as valuable to an enterprise as its data and protecting it can seem an overwhelming task. Join cybersecurity engineers from NIST’s NCCoE as they demystify data security by demonstrating their latest standards-based guidance on mitigating the impact of ransomware and data breaches using off-the-shelf tools.

Regina Hartley: Why the best hire might not have the prefect resume

Given the choice between a job candidate with a perfect resume and one who has fought through difficulty, human resources executive Regina Hartley always gives the "Scrapper" a chance. As someone who grew up with adversity, Hartley knows that those who flourish in the darkest of spaces are empowered with the grit to persist in an ever-changing workplace. "Choose the underestimated contender, whose secret weapons are passion and purpose," she says. "Hire the Scrapper."

Looking for a job? Highlight your ability, not your experience. (Jason Shen)

Very few of us hold jobs that line up directly with our past experiences or what we studied in college. Take TED Resident Jason Shen; he studied biology but later became a product manager at a tech company. In this quick, insightful talk about human potential, Shen shares some new thinking on how job seekers can make themselves more attractive -- and why employers should look for ability over credentials.

How data will transform the future

What does the future of business look like? In an informative talk, Philip Evans gives a quick primer on two long-standing theories in strategy -- and explains why he thinks they are essentially invalid.

Watch Queue:Watch Queue: Secure Innovation in Public Cloud, Myth or Reality?

Secure Innovation in Public Cloud, Myth or Reality?

RSA Conference: Rehman Khan, Director Cloud And Data Security, TD Ameritrade

Brajesh Moni, Cloud Security Consultant, TD Ameritrade

Learn about TD Ameritrade’s approach on making the case for public cloud with corporate risk, legal and privacy executives to support innovation and enterprise initiatives. Cover security approach around policy, environment and data protection. Learn about use-cases and agile security approach to build out cloud security platform on AWS and Azure to support business needs.Learning Objectives:1: Understand two main factors required to protect cloud services.2: Learn how security supports innovation in the enterprise.3: Learn how to be an agile security organization while protecting your assets.Pre-Requisites:Security policies and controls; cloud concepts; Azure and AWS service implementation and understanding.

Red Team View: Gaps in the Serverless Application Attack Surface

Red Team View: Gaps in the Serverless Application Attack Surface

RSA Conference: Michael Cotton, SVP Research & Development, Digital Defense Inc.

This talk will discuss new and previously unknown methods of enumerating and targeting an application's serverless attack surface and leveraging these techniques to gain privileged access to component services. Real-world examples taken from dozens of penetration tests and example code will be provided.Learning Objectives:1: Learn new attacker techniques which target subtle serverless component flaws.2: Understand how advanced attackers can target and leverage these security vulnerabilities.3: Find out how to lock down these applications against these advanced tactics.Pre-Requisites:High-level understanding of serverless application architecture and modern javascript-based web frameworks.

Getting Product Cybersecurity Right in a Large Mature Corporation

Getting Product Cybersecurity Right in a Large Mature Corporation

RSA Conference: Matthew Bohne, Vice President, Chief Product Security Officer, Honeywell Building Technologies

Lessons learned on what it takes to secure consumer and B2B products in a large multinational corporation. This talk will give practical techniques and examples to help you answer questions like these: How much is enough? How do I evolve an existing organization to become cyber-literate? How do I gain the support and buy-in for a right-sized program that protects what we sell?Learning Objectives:1: Learn what it takes to evolve a traditional industrial company to embrace cybersecurity.2: Learn a simple recipe to follow for building a successful cyber-program.3: Learn techniques to use to help attract and retain talent so the cyber-program is sustainable.Pre-Requisites:Basic understanding of typical software development lifecycle methods and the implementation of cybersecurity as part of that (SSDLC).

Introduction to Defending the Enterprise Using Automated SecOps

Introduction to Defending the Enterprise Using Automated SecOps

RSA Conference: Tomasz Bania, Cyber Defense Manager, Dolby

Many organizations are excited by the prospect of automating various aspects of their security operations, and plenty of vendors are knocking on your door, but what is the right type of automation for your enterprise? Whether you are part of a smaller organization or part of the Fortune 20, this session will provide real-world insight on implementing automated security operations.Learning Objectives:1: Gain an understanding of what prerequisites are needed before considering automation.2: Understand the four paths an organization can take.3: Learn through examples the types of things that can be automated.Pre-Requisites:A general understanding of security operations and the overall security landscape is required. An understanding of how various platforms integrate with each other on a conceptual level is helpful.

Passwords and Patching: The Forgotten Building Blocks of Enterprise Security

Passwords and Patching: The Forgotten Building Blocks of Enterprise Security

RSA Conference: Andrea Fisher, Security Specialist, Microsoft

Jon Wojan, Partner Technical Architect, Microsoft

The NSA hasn’t responded to a zero-day attack in 24 months. Patching remains the biggest security issue until 2020. Breach after breach has happened because machines have not been patched or the password was easily guessable. Let’s get back to the basics and help customers overcome these foundational elements of security including patch management, password strategy and approaches.Learning Objectives:1: Learn about the future of a password-less world.2: Understand the importance of patching. Pre-Requisites:Patching.

Detection & Response: Building Effective SOC Operations

Detection & Response: Building Effective SOC Operations

RSA Conference: Tithirat Siripattanalert, Chief Information Security Office and Chief Data Officer at True Digital Group

Our day concludes with an insider’s view of how to effectively plan for and build a SOC (Security Operations Center). Seasoned CISO Tithirat Siripattanalert will share her internal journey in building True Digital Group’s capabilities, overviewing what a SOC is/isn’t, how to operate, who needs a SOC, and why? She’ll share best practices in this not-to-be-missed business discussion of technical, process and personnel considerations.

The Role of the U.S. Military in Cyberspace

The Role of the U.S. Military in Cyberspace

Center for Strategic & International Studies

Lt General James K. "Kevin" McLaughlin, Deputy Commander of USCYBERCOM, will deliver a keynote speech discussing the military's role in cybersecurity for the nation, as well as providing an update on USCYBERCOM’s journey to build cyber-ready forces and to employ them when significant cyber attacks against the nation require DOD support. The event will also discuss the integration of cyberspace operations into new ways of defending, fighting, and partnering against adversaries in the contested cyber domain. Keynote Address: Lt Gen James K. "Kevin" McLaughlin Deputy Commander U.S. Cyber Command