“Mapping The Penetration Tester’s Mind” will present tools, methodologies, standards, and frameworks that are used during an active security engagement. This will give the attendees a broad understanding of how a penetration tester locates and determines what is a target, how vulnerabilities are located, what a penetration tester does to actively gain access, and how […]
Read moreIT Security Professionals have more threats to deal with today than at any previous point in history; and it is only going to get worse. There is more malware, more threats (spam, botnets, etc.) and more potential areas of risk as we expand our need to collaborate either socially or for business efficiency to achieve […]
Read moreThis talk will cover how new US legislation and regulations are going to affect cyber security in the coming months. It will discuss, among other things, the new cresit card security specification, PCI DSS 2.0, the US Governments “Cyber 3” initiative, and cybersecurity legislation in front of the US Congress. It will also cover new […]
Read moreA recent IDC survey found that 52% of insider threats were perceived as accidental and 19% thought to be deliberate. Although 82% of CxOs said they did not know if incidents were deliberate or not, 62% were unclear of the source of their company’s insider risk and could not accurately pinpoint or quantify the nature […]
Read moreThe mobile worker population grew to 1 billion in 2010 and over 250 million smart phones and other innovative devices were shipped and connected to the internet. This phenomenon is forecasted to grow by 25% annually through to 2013. 44% of users (Forester) have bought their own devices and want to connect them to their […]
Read moreMr. Barlow will discuss the current state of the nation in regards to security, and what happens when all of the shiny security tools, appliances, models and measures put in place fail in a bad way. Mr. Barlow will voice his personal and possibly controversial feelings on why today’s security measures fail and what he […]
Read moreYour network is under attack. Malware, Trojans, Botnets and host of other threats are alive and well in the Internet. The people who produce these threats have a new target — the wired and wireless edges of your network. To effectively detect and manage these threats you need a management platform that provides a single […]
Read moreDave Millier will talk about leveraging information gathered from various sources (security and system logs, reports, processes, and directly from people), and turning them into meaningful reports and dashboards that can be used to track compliance around various standards and regulations, including PCI, CobiT, SOX, NERC CIP, and others. Rather than focusing on any particular […]
Read moreThe term ‘Advanced Persistent Threat” has dominated the cyber security world for the last several years. This marketing construct is designed to describe a real and widespread threat, but seems to cause confusion and mockery. This presentation will cut through marketing hyperbole to walk through an attack by a sophisticated actor demonstrating the tools and […]
Read moreThis talk is intended to be a rapid-fire description of 25 tactics currently used by “the bad guys” so that malware STILL evades AV, web reputation filters and IDP systems and practically any defense thrown at it. Malicious content continues to be a thorn in the side of practically all Internet users. This talk will […]
Read moreIn 2009, the Conficker worm was dissected by researchers, and then fried by the spotlight on a worldwide stage. One year later, we saw the Aurora assaults similarly glow in the headlines. Defense was tense against these two nasties – yet, in each case, easily circumvented by two potent zero-day exploits that crept in from […]
Read more“Information is power and money. Our professional lives revolve around building, inventing and working with more valuable information. How we protect and manage this information is core to the success of our economy, organizations, corporations and our personal lives. In this presentation we will explore how a criminal industry now larger than the international drug […]
Read moreNetwork segregation (also called “air-gapping”) is considered a foolproof method for protecting networks from external attacks or from data theft/leakage. Unfortunately, employing this method mandates users to forego all benefits of connectivity; hence this method is not acceptable today as a viable security means. Unidirectional connectivity, hardware enforced over all layers of communications, is an […]
Read moreAs the adoption and interest in cloud computing grows, technical and business decision-makers are trying to assess the risk associated with using the cloud infrastructure. Join Mohammad Akif, the National Security and Privacy Lead for Microsoft Canada to learn about the threat landscape for cloud computing and how the industry in general and Microsoft in […]
Read moreJoin Metasploit founder and Rapid7 CSO, HD Moore, to learn about Metasploit Pro, a new commercial penetration testing tool based on the open source Metasploit Framework. Metasploit Pro’s graphical user interface enables ethical hackers to quickly and easily launch simultaneous, sophisticated attacks against several targets. Metasploit Pro automates common tasks such as smart bruteforcing, evidence […]
Read moreWith the continuing changing threat landscape and continuous demands on compliance to regulatory standards, InfoSec Administrators are continuously playing catch-up to keep their systems safe – John will show you 5 easy ways to assess your systems while staying within your zero budget.
Read moreThe term ‘Advanced Persistent Threat” has dominated the cyber security world for the last several years. This marketing construct is designed to describe a real and widespread threat, but seems to cause confusion and mockery. This presentation will cut through marketing hyperbole to walk through an attack by a sophisticated actor demonstrating the tools and […]
Read moreToday’s network advanced persistent threats by definition evade detection by perimeter defenses and current concepts for defense in depth – whether you know it or not. Most organizations have developed an over-reliance upon network-layer, perimeter focused solutions that require signatures or profile-based foreknowledge of a given technical threat. As proven through numerous security breaches over […]
Read more