RSA 2017
PRESENTATIONS
A Framework for Analyzing Twitter to Detect Community Crime Activity
AI in Cybersecurity: A Balancing Force or a Disruptor?
A Risk-Based Security Approach for Today’s Global Digital Enterprise
Blockchain Role in Smart Cities/IoT Security—A Cryptographic Perspective!
Building a Risk-Based Cybersecurity Program
Credential Security: Important Things to Know about Storing Your Identity
Cutting through the AI-Hype: Why a Layered Approach Works
Cybercrime and Attacks in the Dark Side of the Web
Cyber Insecurity: Unique Threats in the Middle East and the Need for Collective Defense
Deception for Defeating the Modern Cyberattacker
Enterprise Survival Guide for Ransomware Attacks and Service Availability
From the Trenches: Threats, Trends and Tactics
Hackers Interrupted
Hacking Exposed: Regional Trends, Predictions and Real-World Tradecraft
Incident Response at Scale
Intrusion Tolerance for CT Cloud Security
Measuring Cyber-Exposure on Today’s Modern Assets
Reinventing the SOC—Detection and Response in an Ever-Changing Game
Responding to Global Cyber-Incidents in a Legally Defensible Manner
SCADA Security: How Do I Know if I’ve Already Been Owned?
The Etihad Journey to a Secure Cloud
Turning the Tide: Fending Off Cyberthreats
PRESENTATIONS
10x—Increase Your Team’s Effectiveness by Automating the Boring Stuff
Adventures in Threat Intelligence: Why Organizations Fall Prey to Cyberthreats
A Glimpse behind the Curtain: A Look into Crimeware-as-a-Service
An Aflac Case Study: Moving a Security Program from Defense to Offence
App in the Middle—Mobile Container Pitfalls
APT Attacks in the Asia-Pacific Region
Are We Ready to Comply with Data Privacy?
Balancing Innovation and Security—Cloud Adoption at Governments
Bank Heists and Hacks: Protecting Money Movement in a Cyber-Fraud Strategy
Building a Resilient Security Posture for Effective Breach Prevention
Case Study: Tripling Incident Response Volume with SOC Orchestration
Changing Data Protection: Heading towards a Blockchain-Operated Future
Chasing the Bad Guys from Bangladesh to Costa Rica
ChessMaster: A New Campaign Targeting Japan Using the New ChChes Backdoor
Closing the Gap between Public and Private Threat Intelligence Sharing
Cloud Security Strategy—Adapt to Changes with Security Automation
Connected Cars—What Could Possibly Go Wrong?
Cybersecurity in Singapore: Smart Nation, Safe Nation
Data Analytics, Developers and Automation—What You Want in Next Gen SOCs
Effective Security through Automation
Engineering Excellence in Security on an Agile Smorgasbord
Finding Is Easy. Fixing Is Hard.
General Data Protection Regulation (GDPR): The Impact of Doing Business in Asia
Governing without Clear Standards: Lessons Learned from the Trenches
How APAC IOT Leaders are Handling Security—Next Secure ‘Things’ Roadmap
How Measuring Security Culture Is Different from Counting Employees
In Tech We Trust: Securing Digital Privacy in a Global Surveillance State
Invasion of the Body Snatchers—Combating Account Takeover Fraud
Japan’s Cybersecurity Effort towards Tokyo 2020 and Its Global Significance
Lessons Learned from Responding to Disruptive Breaches
Machine Learning and Cybersecurity: Separating the Hype from the Reality
Malware-as-a-Service—When Your Cloud Begins to Rain Malwares
Mapping Cyber-Protections to Regulatory Requirements for Fintech
Modern Identity Management Patterns for Microservices and Mobile
New Cybercrime Tactics and Techniques
Overcoming the Challenges of Automating Security in a DevOps Environment
Payment Security and Vendor Management Challenges in the Asia Pacific
Phishermen Changing Targets: Impact Shift from Personal to Organizational
Ransomware Seminar
Rise of the Machines
Safety and Speed—How Tenable Runs Swift and Sure in a DevOps World
Securing a US$2.8B Digital Asset: The Movie—Avatar
Securing your Supply Chain: Why Most of What You’re Doing Doesn’t Work
Stop Passing the Bug: IoT Supply Chain Security
Strategies for a Successful Security and Digital Transformation
Tackling Ransomware Attacks
Taking a DevOps Approach to Securing Privileged Credentials in DevOps
The Rising Tide of Data: Managing the Dams of Privacy & Security
Unveiling Vulnerabilities in IoT Firmware
Utilising Agile and LEAN Concepts to Run an Effective Security Team
Vendor Security Alliance: Finally Fixing Third-Party Cybersecurity
We Built a Honeypot and p4wned Ransomware Developers Too
What Ails Our Healthcare Systems?
PRESENTATIONS
100% Encrypted Web: New Challenges for TLS
2017 Selected Topics
Achieving and Measuring Success with the Security Awareness Maturity Model
A CISO-Focused Panel on Cloud Security and Artificial Intelligence
A Clear View: Cybersecurity by the Numbers
Adding Security to Your ICS Environment? Fine! But How?!
Advances in Cloud-Scale Machine Learning for Cyber-Defense
Advancing Information Risk Practices
Adventures in Underland: What System Stores on the Disk Without Telling You
A Field Guide to Insider Threat Helps Manage the Risk
A Fully Automated SOC: Fact or Fiction
A General Introduction to Modern Cryptography
A Hard Privacy Impact Assessment: Monitoring and Protecting Children Online
An Aflac Case Study: Moving a Security Program from Defense to Offense
Analytics and Detection through Coding, Scripting and Organizing Data
Anatomy of Industrial Cyber Attacks
An Introduction to Graph Theory for Security People Who Can't Math Good
Applied Cognitive Security: Complementing the Security Analyst
Applied Machine Learning: Defeating Modern Malicious Documents
Applying OODA and Feedback Loops to Security Processes
A Successful Application Security Program: Envision, Build and Scale
A Sustainable Strategy for Critical Infrastructures and Key Resources
Auditors in the Cloud: Audit Risk and SaaS Applications
Au Naturale: Natural Language Processing and Threat Intel
Automated Prevention of Ransomware with Machine Learning and GPOs
A View from the Outside: A New Perspective on Security
A Virtual and Software-Defined Security Architecture Workshop
A Vision for Shared, Central Intelligence to Ebb a Growing Flood of Alerts
Avoiding Pitfalls of Static Analysis
A Worldwide Journey to Build a Secure Development Environment
Beyond Stuxnet: State of the Art in Cyberwarfare and Weapons
Big Metadata: Machine Learning on Encrypted Communications
Break the Risk Paradigms: Overhauling Your Risk Program
Briefing the Board: Lessons Learned from CISOs and Directors
Building a Strategic Plan for Your Security Awareness Program
Business Folds: Security Doesn't
BYOK: Leveraging Cloud Encryption Without Compromising Control
Can I Get a Witness? Technical Witness Bootcamp
Catching Ghosts: Smart Strategies for Successful Recruitment
Changing Behaviors at Enterprise-Scale
Changing Face/Fate of Identity
Changing Regulatory Approaches to Big Data
Charting the Course to GDPR: Setting Sail
CISO as Change Agent: Getting to Yes
Client-Side Encryption without Knowing Its Limits Is a Ticking Time Bomb!
Cloud Security Assessments: You’re Doing It Wrong!
Cloud Security: Automate or Die
Collaborative Security: Securing Open Source Software
Combatting Advanced Cybersecurity Threats with AI and Machine Learning
Confusion and Deception: New Tools for Data Protection
Congressional Oversight in the Wake of Russian Hacking
Containers: The Dr. Jekyll and Mr. Hyde of Security
Continuous Authentication and Distributed Session Management
Could US Anti-Hacking Laws Handicap Cybersecurity?
Critical Hygiene for Preventing Major Breaches
Crowdsourced Security at the Government Level: It Takes a Nation (of Hackers)
Crown Jewels Risk Assessment: Cost-Effective Risk Identification
Cryptographic Protocols
Cyber, an Evolving Ecosystem: Creating the Road for Tomorrow's Smart Cities
Cyber-Heist: Two Bytes to $951m—Collaborate to Defend
Cyber-Insurance: Fraud, Waste or Abuse
Cyber-Insurance--I Do Not Think That Word Means What You Think It Means
Cyber-Overlord: Nation-State Cyberattack Exercise
Cyber/Physical Security and the IoT: National Security Considerations
Cybersecurity Challenges and Innovative Hardware Solutions from Intel
Cybersecurity Culture in ICS Organization: Human Factor as the Weakest Link In This Chain
Cybersecurity Framework Draft Version 1.1: Success on the Road Ahead
Cybersecurity--It's a Small-Town Problem!
Cybersecurity Roadmap: Global Healthcare Security Architecture
Cybersecurity Roadmap: Global Healthcare Security Architecture (Focus-On)
Cybersecurity vs. Tokenization
Cyber Strategy & Business Innovation: Integrating InfoSec Into Real Business
Cyber Threat Alliance: Could 7.4Bn+ Collaborate Together Against the Bad Minority?
Data Breach Digest—Perspectives on “the Human Element”
Decoding LoRa, a Wireless Network for the Internet of Things
Deconstructing Identity Analytics for Higher Risk Awareness
Deconstructing Identity Analytics for Higher Risk Awareness (Focus-On)
Deep Impact: Explore the Wide-Reaching Impact of a Cyberattack
Delivering Secure, Client-Side Technology to Billions of Users
Demystifying Debugging and Disassembling Applications
Designing a New Consent Strategy for Digital Transformation
Detecting and Responding to Advanced Threats within Exchange Environments
Developing Useful Metrics
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevSecOps--Building Continuous Security into IT and App Infrastructures
DevSecOps In The Cloud Is Not Just CI/CD: Embracing Security Automation
DevSecOps on the Offense: Automating Amazon Web Services Account Takeover
DevSecOps: Rapid Security for Rapid Delivery
Diagnosis SOC-Atrophy: What to Do When Your SOC Is Sick
Digital Signatures and Random Numbers
Doin' the Regulatory Rumba
Drive Revenue by Protecting Customer Privacy: Progress and 2017 Predictions
Drones, Security, Privacy and Rights: Are There Lines of Responsibility?
Eggs and Beacon--Scrambling IoT Beacon Indoor Proximity Systems
Electoral Dysfunction--What Up?
Empower, Encourage, Recruit: Changing Our Approach to Building the Workforce
Encryption and Back Doors: The Line between Privacy and National Security
Encrypt: Protect the Business, Prevent the Threats
Establishing a Quality Vulnerability Management Program
EU Data Privacy: What US Orgs Need to Do Now to Prepare for GDPR
Evolution of Deliberate Threats to Satellite Navigation Systems
Expanding Your Blue Team by Creating Security Culture
Expert Mobility: Managing the Wi-Fi World of Wearables, Sensors and IoT
Fact or FUD? ICS Cyberattack Simulation and Impact Analysis Fun for the Whole Family
Fault and Glitch Resistant Implementations
FedEx Case Study: Managing Complexity and Chaos
Fighting Cybercrime Using the Blockchain
Final Boarding for DevOps! You Don't Have to Go Home, but...
Final Boarding for DevOps! You Don’t Have to Go Home, but... (Focus-On)
Find Map, Get Treasure, Avoid Pirates--Data Security and Privacy Best Practice
Fixing the Fixing
Foreign Espionage, Social Media, and the Unwitting Insider Threat
From Boot-to-Root: A Method for Successful Security Training
From Design to Resign: Securing the Electronics Lifecycle
From Vision to Reality: Delivering Emerging Cyber-Technologies Effectively
Gamification Using "Science of Habit Cycle" to Transform User Behavior
Geopolitics Meets Hacking
Getting Off the Hamster Wheel of Testing
Global Approaches to Protecting Critical National Infrastructure
Global Traffic Analysis 101
Government's Role in Vulnerability Disclosures
Hacker's Perspective on Your Windows Infrastructure: Mandatory Check List
Hacking Blockchain
Hacking Blockchain (Focus-On)
Hacking Exposed NextGen
Hacking Exposed: Real-World Tradecraft of Bears, Pandas and Kittens
Hands-On Exploit Development for Beginners
Hands-On Perspectives: Deploying FIDO-Based Modern Authentication Solutions
Hardening the Cloud: Assuring Agile Security in High-Growth Environments
Hashes for the Masses
Hello False Flags! The Art of Deception in Targeted Attack Attribution
Help Wanted: Security Heroes and Heroines Only Need Apply
Hey Android, Where Is My Car?
High-Performance Computing Will Make or Break Cybersecurity
Honesty Is the Best Policy--A Mock Trial on What You Say Versus What You Do
Hot Topics in Cyber-Law 2017
Hot Topics in Privacy: A Conversation with Google, Microsoft and Cisco
How Android and iOS Security Enhancements Complicate Threat Detection
How Can CISO's Obtain Pertinent Information in the Real World?
How Google Protects Its Corporate Security Perimeter without Firewalls
How International Law Enforcement Is Addressing Cyberthreats
How Leaders of Tomorrow Attack Security Problems Holistically and Head-On
How Nation-States and Criminal Syndicates Use Exploits to Bypass Security
How to Catch a Snowden
How to Delete Data for Realz: This Presentation Will Self-Destruct In...
How to Delete Data for Realz: This Presentation Will Self-Destruct In… (Focus-On)
How to Do Security WITH Your Organization, Not TO It
How to Go from Responding to Hunting with Sysinternals Sysmon
How to Improve Phishing Awareness by 300 Percent in 18 Months
How-to Series: Year One Innovators and Entrepreneurs
How to Transform Developers into Security People
Identity Squatting: Laws, Tools and Methods for Security Professionals
IEEE MACSec and NSA ESS: How to Protect Your WAN, LAN and Cloud
IIOT Vulnerabilities, Where Do They Lie?
Improved Key Recovery Algorithms
Integrated Solutions for Trusted Clouds and SDI
Integrating IT and OT: Design Challenges in Critical Infrastructure Security
Intelligence-Led Security: Powering the Future of Cyber-Defense
Internet of Insecurity: Can Industry Solve It or Is Regulation Required?
Investigating and Prosecuting Cybercrime—Enter the Law Enforcement Trenches
IoT and Data's Perilous Journey
IoT and SCADA: Lessons Learned and Case Studies
IoT Ecosystems: An Adversary's Perspective
IoT Ecosystems: An Adversary's Perspective (Focus-On)
IoT End of Days
IoT Evidence Analysis and Preservation in Investigations and Litigation
IRL: Live Hacking Demos!
Isolating the Ghost in the Machine: Unveiling Post Exploitation Threats
Keeping Up with the Adversary: Creating a Threat-Based Cyber-Team
Lattice-Based Cryptanalysis
Law Enforcement: Prevention through Risk Reduction
Learnings from the Cloud: What to Watch When Watching for Breach
Lessons from a Billion Breached Records
Lessons from a Recovering Runtime Application Self-Protection Addict
Lessons Learned from Responding to Disruptive Breaches
Less Tech, More Talk: The Future of the CISO Role
Life and Death: Security Considerations for Safety-Critical Industries
Lightweight Protocol! Serious Equipment! Critical Implications!
Look, C-Suite, No Hands! Communicating the Top 10 Privacy and Security Topics
Look, Ma, No Hands! Risk and Liabilities in the Era of Autonomous Cars
Machine Learning: Cybersecurity Boon or Boondoggle
Making the Business Case for Managing Cyber-Risk
Managing Cyber-risk: Unlocking the Mystery of the Boardroom
Managing Enterprise Risk through Legacy System Testing
Market-Driven Cybersecurity: Cyber-Innovation as Competitive Advantage
Maximum Security with Minimum Impact--Going Beyond Next Gen?
Meaningful Use or Meltdown: Is Your Electronic Health Record System Secure?
Measuring Authentication: NIST 800-63 and Vectors of Trust
Medical Device Security Considerations: Case Study
MEDJACK.3: New Research on Attacks on Hospital Medical Devices
Meet and Greet with the macOS Malware Class of 2016
Meet the Leaders of the Startup Nation
Mirai and IoT Botnet Analysis
Mobile Authentication at Different Levels of Assurance
Mobile Containers—The Good, the Bad and the Ugly
Modern Cyber-Defense with Automated Real-Time Response: A Standards Update
Monetizing Vulnerability Disclosures: Market, Ethical and Legal Considerations
Mushrooms Not Honey: Making Deceptive Defenses More Toxic for Attackers
Nation Under Attack: Live Cyber-Exercise
Navigating Cybersecurity in the Connected-Car Revolution
Navigating Transatlantic Cybersecurity Challenges in a Sea of Change
Network Pixies: Abusing PXE
New Certification Methods Keeping IT Pros on the Leading Edge of Cyber
No More Security Empires: The CISO as an Individual Contributor
One-Hit Wonders: Dealing with Millions of Anomalies
One-Hour Privacy Primer for Security Officers
Opening the Door to DoD Perspectives on Cyberthreat Intelligence
Open Security Controller: Security Orchestration for OpenStack
Optimize Your Supply Chain Cybersecurity
Orchestration Ownage: Exploiting Container-Centric Data Center Platforms
OSX Pirrit: Why You Should Care about Malicious Mac Adware
Phish Your Employees Now or Get Phished!
Pitching Infosec in the Boardroom When Your Customers Don't Care
Post-Quantum Crypto
PQ Crypto Panel
Practical Appsec Lessons Learned in the Age of Agile and DevOps
Practical Intelligence Sharing: ISACs and ISAOs
Privacy Enhancing Technologies Work--But Can Anyone Use Them?
Privileged Access Management--Unsticking Your PAM Program
Professional Mobile Espionage Attacks: Pegasus and Beyond
Profiling Exposed Cyber-Infrastructure in Cities in the United States
Project Overwatch: Multinational Effort to Combat IMSI Catchers
Protecting Knowledge Assets: Case and Method for New CISO Portfolio
Psychology of an Eastern European Cybercriminal: Mindset Drives Behavior
Public Key Algorithms
Public Key Implementations
Random Number Generation Is Getting Harder—It’s Time to Pay Attention
Ransomware
Ransomware, Drones, Smart TVs, Bots: Protecting Consumers in the Age of IoT
Recognizing, Preventing and Responding to Radicalization in the Workplace
Regulating the Internet of Things
Resurrecting Privacy in the Cloud: A Privacy Engineering Implementation
Rethinking Product Security: Cloud Demands a New Way
Reversing the Year: Let’s Hack IoT, Ransomware and Evasive Payloads
Safety First! Strategic Solutions to Protect the Industrial Internet of Things
Saving CVE with OpenSource
Saving CVE with OpenSource (Focus-On)
Securely Moving Data to the Cloud with Confidence and Customer Focus
Securely Moving Data to the Cloud with Confidence and Customer Focus (Focus-On)
Securing 100 Products--How Hard Can It Be?
Securing 100 Products—How Hard Can It Be? (Focus-On)
Securing Diversity: Women in Cybersecurity
Securing Medical Devices Using Adaptive Testing Methodologies
Securing Serverless Applications in the Cloud
Securing the Making of the Next Hollywood Blockbuster
Securing the North American Electric Grid
Securing the Things with Internet: Law and Technical Issues for IoT
Securing What You Don't Own or Control: The Current State of Wi-Fi Security
Security at Slack: The First Three Years
Security Bulletins on Trial: Are Vendors Guilty of Information Obscurity?
Security Foundations
Security Investigative Journalists Speak Out
Security Leadership Lessons from the Dark Side
Security Policy, Behavior and Analytics for Emerging Architectures
Serverless Security: Are You Ready for the Future?
Side-Channel Analysis
Side-Channel Resistant Implementations
Sizzle or Fizzle: Is Threat Intelligence Really Worth My Time?
Solving Cybersecurity in the Next Five Years: Systematizing Progress for the Short Term
So You Are an Unwitting Cyberterrorist Accomplice?
State of Cybersecurity: Overcome Workforce Challenges, Build a Skilled Team
STRONG: Leading Security into the Future
Symmetric Key Constructions
Symmetric Key Cryptanalysis
Taming the Wild West: Trends in the Development of Nation-State Cyber-Norms
Targeted Attacks against Corporate Inboxes—A Gmail Perspective
Ted Schlein and Michele Flournoy on the Future of Security and Defense
Terrorism in Cyberspace
The Adversary’s New Game Plan
The Art and Science of Making Better Decisions: The Pathway to Leadership
The Blockchain Identity Crisis
The Connected World Has Been Disconnected: Survival Guide in IoThreats Era
The Dawn of Competitive Adversary Disclosure
The Dridex Swiss Army Knife: Big Data Dissolves the APT and Crime Grey Area
The Finance Sector and Countering Cyberthreats: Lessons from the Front Lines
The Five Secrets of High-Performing CISOs
The Future of Privacy
The Future of Ransomware on the Internet of Things
The Future: Revealed
The General Data Protection Regulation and the Impact on Incident Response
The Human Exploitation Kill Chain
The Internet of Attacking Things
The Internet of Criminals Things
The Internet of Criminals Things (Focus-On)
The Malware Monetization Machine
The Night of the Living XP: Attacks on Legacy and Embedded Systems
The NIST Cybersecurity Framework: Who, What, Where?
The Problem of Voice Aging in Biometric Security
The Quest to Measure Strength of Function for Authenticators: SOFA, So Good
The Real $100 Million Question: What Is the Cybersecurity Standard of Care?
The Shell Game of Electronically Stored Information (ESI)?
The State of Digital Supplier Risk Management: In Partners We Trust
The Strategic Advantage of Adaptive Multi-Engine Advanced Threat Protection
Threat Modeling Demystified
Threat Modeling the Trenches to the Clouds
Tidal Forces: The Changes Ripping Apart Security as We Know It
Tomorrow's Cyber-Risk Analyst
Top Five Secrets to Successfully Jumpstarting Your Cyber-Risk Program
Toward Distributed and Virtualized Enterprise Security
Tracking Darknet: A Window into Attackers’ Motives, Methods and Targets
Tracking Ransomware - Using Behavior to Find New Threats
Transforming Security Part 1: Cloud and Virtualization
Transforming Security Part 2: From the Device to the Data Center
Trusted IT and Cloud Infrastructures for Business Purposes
Unexpected IoT--Solar Panels Compromise
Updating Surveillance Law on Government Access to Your Online Data
Up for a Challenge? Learn How to Become a Successful Higher Education CISO
User Error: The Economics of Privacy and Proprietary Data
Vendor Security Alliance: Finally Fixing Third-Party Cybersecurity
Voice Privacy in the Enterprise: Are You Listening?
War Stories: Corporate Cyberespionage Tales from the Trenches
Weaponizing Intelligence: Interdiction in Today's Threat Landscape
Weaponizing IoT
Website Shadow IT: Where the Risks Lurk
Welcome to the Age of Immersive Security
What CISOs Wish They Could Say Out Loud
What Do You Mean, "Patch"? A Shared Vision of IoT Security Updates
What Is Needed in the Next Generation Cloud Trusted Platform?
What's Next in Cyber-Policy
What We've Learned Building a Cybersecurity Operation Center: du Case Study
Who's Touching Our Stuff: Locking in Pervasive Security in a Digitized World
Who Will Guard the Guards Themselves? The Truth behind Security Devices
Who Will Oversee the Private Sector Cybersecurity under Trump?
Why Cyber-Training Is Key, and How to Do It Right
Why Johnny STILL Can't Encrypt
Wilderness of Shlemiels
Wireless Sensors' Power Consumption and IoT Security
Workplace Violence and IT Sabotage: Two Sides of the Same Coin?
Your Sector Doesn't Matter: Achieving Effective Threat Prioritization
Zero-Touch Device Onboarding to IoT Control Platforms