Very few of us hold jobs that line up directly with our past experiences or what we studied in college. Take TED Resident Jason Shen; he studied biology but later became a product manager at a tech company. In this quick, insightful talk about human potential, Shen shares some new thinking on how job seekers can make themselves more attractive -- and why employers should look for ability over credentials.
What does the future of business look like? In an informative talk, Philip Evans gives a quick primer on two long-standing theories in strategy -- and explains why he thinks they are essentially invalid.
Secure Innovation in Public Cloud, Myth or Reality?
RSA Conference: Rehman Khan, Director Cloud And Data Security, TD Ameritrade
Brajesh Moni, Cloud Security Consultant, TD Ameritrade
Learn about TD Ameritrade’s approach on making the case for public cloud with corporate risk, legal and privacy executives to support innovation and enterprise initiatives. Cover security approach around policy, environment and data protection. Learn about use-cases and agile security approach to build out cloud security platform on AWS and Azure to support business needs.Learning Objectives:1: Understand two main factors required to protect cloud services.2: Learn how security supports innovation in the enterprise.3: Learn how to be an agile security organization while protecting your assets.Pre-Requisites:Security policies and controls; cloud concepts; Azure and AWS service implementation and understanding.
Red Team View: Gaps in the Serverless Application Attack Surface
RSA Conference: Michael Cotton, SVP Research & Development, Digital Defense Inc.
This talk will discuss new and previously unknown methods of enumerating and targeting an application's serverless attack surface and leveraging these techniques to gain privileged access to component services. Real-world examples taken from dozens of penetration tests and example code will be provided.Learning Objectives:1: Learn new attacker techniques which target subtle serverless component flaws.2: Understand how advanced attackers can target and leverage these security vulnerabilities.3: Find out how to lock down these applications against these advanced tactics.Pre-Requisites:High-level understanding of serverless application architecture and modern javascript-based web frameworks.
Getting Product Cybersecurity Right in a Large Mature Corporation
RSA Conference: Matthew Bohne, Vice President, Chief Product Security Officer, Honeywell Building Technologies
Lessons learned on what it takes to secure consumer and B2B products in a large multinational corporation. This talk will give practical techniques and examples to help you answer questions like these: How much is enough? How do I evolve an existing organization to become cyber-literate? How do I gain the support and buy-in for a right-sized program that protects what we sell?Learning Objectives:1: Learn what it takes to evolve a traditional industrial company to embrace cybersecurity.2: Learn a simple recipe to follow for building a successful cyber-program.3: Learn techniques to use to help attract and retain talent so the cyber-program is sustainable.Pre-Requisites:Basic understanding of typical software development lifecycle methods and the implementation of cybersecurity as part of that (SSDLC).
Introduction to Defending the Enterprise Using Automated SecOps
RSA Conference: Tomasz Bania, Cyber Defense Manager, Dolby
Many organizations are excited by the prospect of automating various aspects of their security operations, and plenty of vendors are knocking on your door, but what is the right type of automation for your enterprise? Whether you are part of a smaller organization or part of the Fortune 20, this session will provide real-world insight on implementing automated security operations.Learning Objectives:1: Gain an understanding of what prerequisites are needed before considering automation.2: Understand the four paths an organization can take.3: Learn through examples the types of things that can be automated.Pre-Requisites:A general understanding of security operations and the overall security landscape is required. An understanding of how various platforms integrate with each other on a conceptual level is helpful.
Passwords and Patching: The Forgotten Building Blocks of Enterprise Security
RSA Conference: Andrea Fisher, Security Specialist, Microsoft
Jon Wojan, Partner Technical Architect, Microsoft
The NSA hasn’t responded to a zero-day attack in 24 months. Patching remains the biggest security issue until 2020. Breach after breach has happened because machines have not been patched or the password was easily guessable. Let’s get back to the basics and help customers overcome these foundational elements of security including patch management, password strategy and approaches.Learning Objectives:1: Learn about the future of a password-less world.2: Understand the importance of patching. Pre-Requisites:Patching.
The Role of the U.S. Military in Cyberspace
Center for Strategic & International Studies
Lt General James K. "Kevin" McLaughlin, Deputy Commander of USCYBERCOM, will deliver a keynote speech discussing the military's role in cybersecurity for the nation, as well as providing an update on USCYBERCOM’s journey to build cyber-ready forces and to employ them when significant cyber attacks against the nation require DOD support. The event will also discuss the integration of cyberspace operations into new ways of defending, fighting, and partnering against adversaries in the contested cyber domain. Keynote Address: Lt Gen James K. "Kevin" McLaughlin Deputy Commander U.S. Cyber Command
