RSA 2018

PRESENTATIONS

• 10 Tenets of CISO Success

• 35 Days to GDPR‎. Even If You Prepared, Is Your Firm Truly Ready?

• Abstractions of Security: Mining a Decade of RSA Conference Abstracts

• A Call To (H)arms: The Cry for Harmonization of Security and Privacy Laws

• Adapt or Die—A CISO’s New Role in a Social Media First World

• Advanced Attack Surface Discovery and Exploitation

• Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems

• Adventures in the Underland: Techniques against Hackers Evading the Hook

• A Framework to Effectively Develop Insider Threat Controls

• A General Introduction to Modern Cryptography

• Age of the Machines in Cyber—Machine Learning and AI, the Next Frontier

• Agile and Continuous Threat Models

• AI and Cybersecurity - Applications of Artificial Intelligence in Security. Understanding and Defending Against Adversarial AI.

• AI Deception: Fooling (Artificial) Intelligence Is Easier than You Think

• Alice in Post Quantum Wonderland: Bob through the Digital Looking Glass

• A Multilayered Security Approach to Keeping Healthcare Data Secure

• Anatomy of Exploiting MMORPG’s

• A NICE Way to Find and Keep Cybersecurity Workers

• Application Security—This Is the Future That SaaS Companies Want

• A Quick Start Guide for Critical Infrastructure Protection

• Architectural Frameworks: Which Is Right for Your Organization?

• A SOC in the Sandbox

• Automated, Continuous and Visible: Building a Solid Security Culture at Speed

• Balancing Public Good and Personal Privacy—Challenges in De-Identifying Open Datasets

• Battle Royale: Who Wins in Vendor Security?

• Behavioral eManipulation: Attacking via Care Delivery Workflows

• Behind the Scenes of Cyber-Incident: APT Corp. Communications Case Study

• Big Little Lies—Truth on the New EU Regulations for ID and Data Protection

• Blockchain Applications and Their Weaknesses: A Practical Investigation

• Blockchain—The New Black. What about Enterprise Security?

• Block Ciphers

• Blurred Lines: Hybrid Threats Posed by State-Sponsored Hackers

• Breaking and Entering: How and Why DHS Conducts Penetration Tests

• Bringing Order to Chaos: The Development of Nation-State Cyber-Norms

• Bug Bounty Buzzword Bingo—Deep Dive under a Jumped Shark

• Building a Bug Bounty Program: From the Trenches

• Building a Data-Driven Security Strategy

• Building and Adopting a Cloud-Native Security Program

• Building and Selling Your Security Strategy to the Business

• Building a Security Awareness Ambassador Program

• Building Capacity in Global Incident Response

• Building the Cybersecurity Innovation Pipeline

• Business Executive Fundamentals: How to Beat the MBAs at Their Own Game

• Calculated Risk—How AI is Rewiring Business, Law and Security

• Calling All Fear Mongers: Raising Security Awareness without Creating Cyber-Hysteria

• Can Blockchain Enable Identity Management?

• Care Delivery Workflow Attacks through Behaviorial eManipulation

• CCleaner APT Attack: A Technical Look Inside

• Cebolla Chan 3.0: A Window into the Chaotic Spanish-Language Underground

• Challenges and Solutions to Secure the DevSecOps Toolchain

• Changing Security Culture

• ChaoSlingr: Introducing Security-Based Chaos Testing

• Charles Darwin, Cybersecurity Visionary? Surviving When Predator Is Hacker

• Charting a Clear Course: Prioritizing Security Investments and Activities

• CheapSCAte: Attacking IoT with Less than $60

• Circle the Wagons! How All of Us Defenders Can Work Together

• Cloud Defender: Detecting and Responding to Adversaries in AWS

• Codes and Isogenies

• Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers

• Compromising a Fortune 500 Business without Hacking a Thing!

• Computing on Encrypted Data

• Confessions of a Cloud Security Convert

• Connected Medical Devices—Saving or Harming Patients

• Continuous Security: Securing DevOps and Cloud-Native Environments

• Corpsec: “What Happened to Corpses A and B?”

• Create a Ten-Year Strategy for Your CISO

• Creating Order from Chaos: Metrics That Matter

• Creating Order from Chaos: Metrics That Matter (repeat)

• Cryptographic Protocols

• Cryptography Panel

• Customer Losses: Who’s Going to Sue You (and What You Can Do about It)

• Cut through the Confusion: 2018 Updates to CIS Critical Security Controls

• Cyber-Comrades: Alliance Building in Cyberspace

• Cyber-Counterintelligence—Deception, Distortion, Dishonesty

• Cyber-Defense of American Companies: Can “Operational” Partnerships Work?

• Cyber-Fatigue and What We Can Do about It

• Cyber Is Hot; Crypto Is Not

• Cyber-Litigation 2018: Recent Cyber-Cases in Federal Courts and Agencies

• Cybersecurity and Data Breaches from a Business Lawyer’s Perspective

• Cybersecurity and International Trade: The New Landscape

• Cybersecurity Capability Readiness: Necessary Conversations, Next Steps

• Cybersecurity Framework 1.1 Adoption Experiences and Opportunities

• Cybersecurity Impact on Mental Health: Managing Stress, Building Resilience

• Cybersecurity Impact on Mental Health: Managing Stress, Building Resilience (repeat)

• Cybersecurity Tips, Tools and Techniques for All Security Professionals

• Cyberwar Game: Behind Closed Doors with the National Security Council

• Cyberwar on a Shoestring: How Kim Jong Un Stole My Malware

• DARPA R&D Enabling US Cyber-Deterrence

• DARPA R&D Enabling US Cyber-Deterrence (repeat)

• Data Integrity: The Elephant Threat in the Room

• Dear 2020 CISO: Are You Ready? Let’s Build a Two-Year Plan

• Debunking Myths for Cyber-Insurance

• Decision-Maker Dementia: How Today’s Security Leaders Stay Lucid

• Defeating Insider Threats to Critical Infrastructure

• Defending Digital Democracy

• Defining Who We Are by Our Narratives: Why Diversity Matters

• Demystifying Big Data, Analytics and Machine Learning in Cyber Security

• Derived Unique Token per Transaction

• Detection of Authentication Events Involving Stolen Enterprise Credentials

• DevOps and the Future of Enterprise Security

• DevSecOps—Cyberattack Kill Chain with Active Mitigations

• DevSecOps—Using Containers to Speed Up Your Testing

• Digital Signatures

• Does Malware Have Citizenship? Who's Infecting Us and Does It Matter

• Do Not Prepare for a Data Breach—On Second Thought, Prepare!

• Dos and Don'ts of DevSecOps

• Dungeons and Data, Let’s Role Play an Incident

• Dungeons and Data, Let’s Role Play an Incident (repeat)

• Early Detection of Malicious Activity—How Well Do You Know Your DNS?

• Efficacy of Layered Application Security through the Lens of Hacker

• Efficacy of Layered Application Security through the Lens of Hacker (repeat)

• Eleventh Hour IoT Security

• Emerging Security Management and Legal Challenges for Executives.

• Emerging Strategic and Structural Trends in State Cybersecurity

• Endpoint Security: A Marketplace of Silver Bullets

• Endpoint Security and the Cloud: How to Apply Predictive Analytics and Big Data

• Enhance Virtualization Stack with Intel CET and MPX

• Ephemeral DevOps: Adventures in Managing Short-Lived Systems

• Ethical Dilemmas in Cybersecurity

• Evaluating AI- and ML-Based Security Products

• Evidence-Based Security: The New Top Five Controls

• Evolution of AI Bots for Real-Time Adaptive Security

• Evolve or Die, How to Stop Getting Slaughtered Due to Bad Vulnerability Management

• Evolve or Die, How to Stop Getting Slaughtered Due to Bad Vulnerability Management (repeat)

• Examining North Korea’s Pursuit of Cryptocurrencies

• Exfiltrating Data through IoT

• Exploiting Cloud Synchronisation to Mass Hack IoTs

• Exploring the Real-World Application Security Top 10

• Extending Behavioral Insights into Risk Adaptive Protection and Enforcement

• Fighting Malware with Graph Analytics: An End-to-End Case Study

• FIM and System Call Auditing at Scale in a Large Container Deployment

• First Recourse or Last Resort? The National Interest in Regulating the IoT

• Five Steps to Defend Against Social Media Weaponization

• Fool Proof: Protecting Digital Identity in the Age of the Data Breach

• Former NSA and Israeli Intelligence Directors on Resilience

• Foundations of Bitcoin, Blockchain and Smart Contracts

• Foundations of Bitcoin, Blockchain and Smart Contracts

• Foundations of Bitcoin, Blockchain and Smart Contracts

• Foundations of Bitcoin, Blockchain and Smart Contracts

• Foundations of Bitcoin, Blockchain and Smart Contracts

• Foundations of Bitcoin, Blockchain and Smart Contracts

• From IT to IoT: Bridging the Growing Cybersecurity Divide

• From “No Data” to “Drowning in Data”—It’s Time for a Reality Check

• From SIEM to SOC: Crossing the Cybersecurity Chasm

• Game of Pwns: The Pillars of Cyber-Risk Resilience

• Gamification: Emerging Regulation (aka “Make Money and Avoid Jail”)

• GDPR Compliance—You Forgot Your Digital Environment

• GDPR Essentials - After Lunch Introduction - Chantos - Koetzle

• GDPR Essentials - Closing - Chantos - Koetzle

• GDPR Essentials - GDPR Essential Enforcement - Refalo

• GDPR Essentials - GDPR, the Future of International Regulation - Chantos - Chourasia - Holla - Scwartz - Shri - Watson

• GDPR Essentials - Get Up to Speed on GDPR Fast - Knowles

• GDPR Essentials - Introduction - Chantos - Koetzle

• GDPR Essentials - Opening Keynote - Lepassaar

• GDPR Essentials - Practical Guide to GDPR Breach Notification and Security Requirements - Jacobson - Sher-Jan

• GDPR Essentials - Top 10 Pitfalls to Avoid - Dezeure

• GDPR Essentials - Will the GDPR and Related Rules Prove a Competitive Differentiator for Europe - Helmbrecht - Koetzle - Winn

• General Cryptography

• Generations of AI in Security

• Get Cookin’ with GDPR—Practical Techniques and Recipes for Success

• Going Beyond Defense: How Security Becomes a Business Enabler

• Google and Microsoft Debut: Replacing Passwords with FIDO2 Authentication

• Google on BeyondCorp: Empowering Employees with Security for the Cloud Era

• GPS Spoofing: No Longer a Fish Story

• Hack Back for Good, Not Vengeance: Debating Active Defense for Enterprises

• Hacking Closed Networks

• Hacking Exposed: Melting Down Memory

• Hacking Exposed NextGen (AI Powered)

• Hacking Healthcare Live: Bits and Bytes Meet Flesh and Blood

• Hacking in Space

• Hacking the Giants

• Hacking the Vote: How to Get Your Candidate Elected in a Few Simple Steps

• Hash and MAC Functions

• Hello, Moscow. Greetings, Beijing. Addressing Risk in Your IT Supply Chain

• Help Me Network Visibility and AI; You’re Our Only Hope

• Hoarding Data Is Risky Business

• Honeypots 2.0: Defending Industrial Systems with Dynamic Deception

• Hot Topics In Cyber-Law 2018

• How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days

• How Can We Regulate Critical Energy Infrastructure Security?

• How Cloud, Mobility and Shifting App Architectures Will Transform Security

• How Hackers Learn and Why You Want This in Your School

• How Secure Is the Hyper-Connected Car?

• How the Best Hackers Learn Their Craft

• How to Engineer Privacy Rights in the World of Artificial Intelligence

• How-to for Innovators and Entrepreneurs

• How to Measure the Impact of Your Security Awareness Program

• How to Measure the Impact of Your Security Awareness Program - Handouts

• How to Measure the Impact of Your Security Awareness Program - Summary

• How to Measure the Security of Your Network Protection Devices

• How to Measure the Security of Your Network Protection Devices - Handout

• Humans and Data Don’t Mix: Best Practices to Secure Your Cloud

• Hype or Myth: Smart Home Security

• Identify Theft through OSINT

• Identity-Based Security and Privacy for the Internet of Things

• Identity Insecurity—Another Data Hurricane without “building codes”

• Identity in Ten Hundred Words

• Identity’s Role in Securing the IoT Connected Car

• IDPro: How a Professional Organization Will Change the Future of Identity

• If CISOs Are from Mars, Is the Rest of the C-Suite from Venus?

• I Forgot Your Password: Breaking Modern Password Recovery Systems

• Implanting Microchips: Innovative Idea or Heading Down a Dangerous Path?

• Implementing a Quantitative Cyber-Risk Framework: A FinSrv Case Study

• Improving Mobile Authentication for Public Safety and First Responders

• Incident Response in the Cloud

• Incorporating Security Practices into Business Processes

• Industrial Cyberattacks: A Quest for Nuance with Lessons from the Field

• Infiltration: Successes and Pitfalls of Penetrating Hostile Online Groups

• Infosec 101 for ICOs: How the Most “Secure” Transaction Protocol Failed

• Insecure Cities and Rogue Robots: The Impact of Industrial IoT Exploits

• Inside Cloudbleed

• Inside Cyber-Balance Sheets: A Rare Window on Digital Risk in the Boardroom

• Insights from NSA’s Cybersecurity Threat Operations Center

• Integrating Security with DevOps Toolchains

• Internet of Wild Things—A Mock Trial

• Introducing Cisco Security for AWS

• Investigative Journalists Speak Out

• In Your Face! The Privacy and Security Implications from Facial Recognition

• iOS Trustjacking - New iOS Vulnerability

• IoT and Critical Infrastructures: A Collision of Fundamentals?

• IoT Archaeology: Dig Security Lessons

• IoT Hardware Hacking - Demoing Firmware Extraction and Protection Methods

• IoT—The Gift That Keeps on Giving

• IoT Trust by Design: Lessons Learned in Wearables and Smart Home Products

• IPv6: Is There an Open Door in Your Network?

• Is Car Hacking Over? AUTOSAR Secure Onboard Communication

• Is Cloud-Native Security Enough?

• Is Malware the New Weapon of Mass Destruction?

• Issues of Quantifying Risk around Identity and Access Management (IAM)

• It’s in the Air(waves): Deconstructing 2017’s Biggest RF Attacks

• It’s Time to Kill the Pentest

• Keeping Up with Generation App: New Approaches for Cybersafety and Communicating with Kids

• Keeping Your Security Cool in a DevOps and Agile World

• Knowledge Assets, Their Defense and Regulation—Making Them Work for You

• Lateral Attacks between Connected Devices In Action

• Lattice-Based Cryptography

• Leaking Ads—Is User Data Truly Secure?

• Learning from the Three-Ring Circus of NotPetya

• Learning from the Three-Ring Circus of NotPetya (repeat)

• Let’s Blow Up Security Awareness and Start Over

• Lost in the Ether: How Ethereum Hacks Are Shaping the Blockchain Future

• Make Your Car Self-Driving Using Open-Source Software

• Measuring and Modeling Human Trafficking: A Data-Driven Approach

• Medical Device Threat Modeling with Templates

• Meeting Business Needs by Filling the Cybersecurity Skills Gap

• Mind the Air-Gap: Exfiltrating ICS Data via AM Radios and Hacked PLC Code

• Mirror Chess: Why Mature, Predictable Security Is a Disaster

• Mobile Payment Security—Risk and Response

• Model-Driven Security: It’s Closer than You Think

• Model-Driven Security: It’s Closer than You Think (repeat)

• Modern Exploitation: Owning All of the Things

• Modern Exploitation: Owning All of the Things (repeat)

• Monty Python and the Holy RFP

• MSPs and SMBs Need Real Intelligence Not Raw Data

• My Firsthand Experience with Ransomware

• My Life as a CISO

• My Voice Is Your Command: The Perils of Smart Voice Assistants

• Nation-State Espionage: Hunting Multi-Platform APTs on a Global Scale

• Navigating the Data Labeling Bottleneck as Security Embraces AI

• NCCoE Trusted Cloud: A Secure Solution

• Network Monitoring Is Going Away...Now What? TLS, QUIC and Beyond

• Nobody Puts Privacy in a Corner: Privacy in Enterprise Risk Management

• No IOUs with IoT

• No One Wants to Work on Your Infosec Team...How to Fix It

• “No You May Not Have a Pony”—The Art of the Possible in Secure IAM Design

• Nudging: Can We Use Behavioral Economics to Drive Better Security?

• #FakeNews as an Information Security Problem

• OAuth 2.0 Threat Landscapes

• Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond

• Open Source in Security-Critical Environments

• Open Source in Security-Critical Environments (repeat)

• Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence

• Other Cryptography

• Over-the-Horizon Cybersecurity Technologies and Threats

• Parrot Drones Hijacking

• Partnering in Governance: Cybersecurity Tools for Board/Manager Interaction

• Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication

• Personality Profiling Your Third Parties for Effective Supplier Management

• Personality Profiling Your Third Parties for Effective Supplier Management (repeat)

• Perspectives from Government Leaders on Managing Global Partnerships

• Playing Games in the Sandbox—Dynamic Analysis and Modern Evasion Tactics

• Poison Pixels—Combatting Image Steganography in Cybercrime

• Post-Quantum Cryptography

• POTUS Is Posting: Social Media and National Security

• Practical Planning for the GDPR

• Pragmatic Security Automation for Cloud

• Predicting Exploitability—Forecasts for Vulnerability Management

• Privacy as a Stakeholder: How to Get a Seat at the Table

• Privacy Essentials for Security Professionals

• Protecting Containers from Host-Level Attacks

• Protecting Enterprise Data with the National Security “100 Coins” Approach

• Quantum Computing Is Here, Powered by Open Source

• Ransomware and Destructive Attacks - Abe - Townsend

• Ransomware and Destructive Attacks - Antova

• Ransomware and Destructive Attacks - Baskin - Lee

• Ransomware and Destructive Attacks - Beek - Samani

• Ransomware and Destructive Attacks - Felker

• Ransomware and Destructive Attacks - Gorman - Kaplan

• Ransomware and Destructive Attacks - Marinho

• Ransomware and Destructive Attacks - McNamee

• Ransomware and Destructive Attacks - Raman

• Ransomware and Destructive Attacks - Rothke

• Realizing Software Security Maturity: The Growing Pains and Gains

• Recognizing and Beating Cyber-Fatigue

• Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow

• Red Phish, Blue Phish: A New Approach to Phishing Simulations

• Red Team vs. Blue Team on AWS

• ReproNow—Save Time Reproducing and Triaging Security Bugs

• Rethinking Employee Surveillance in a New Digital Era

• Rise of the Machines: DevOps and the Role of Secrets Management

• Risk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank

• Robotic Telepresence—Is Your Enemy Watching You?

• RSAC CyberSmart Parents Education Seminar - Brooklyn - Madison

• RSAC CyberSmart Parents Education Seminar - Herzog

• RSAC CyberSmart Parents Education Seminar - Pelavin 1

• RSAC CyberSmart Parents Education Seminar - Pelavin 2

• RSAC CyberSmart Parents Education Seminar - Schrader

• RSAC CyberSmart Parents Education Seminar - Van Natta

• SCADA 101

• Scaling an Application Security Program at the IMF: A Case Study

• SDN and Security: A Marriage Made in Heaven. Or Not.

• SecOps: Navigate the New Landscape for Prevention, Detection and Response

• Secrets of the Encrypted Internet—Worldwide Cryptographic Statistics

• Secure Storage

• Securing Innovation: Shifting the Conversation from Fear to Possibility

• Securing the Future of Mobility: Is Your Connected Car Unhackable?

• Securing the IoT Connected Car with Digital Identity

• Security 101: The Critical Need to Go Back to the Basics

• Security and Privacy of Machine Learning

• Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore

• Security Culture Hacking: Disrupting the Security Status Quo

• Security Debt: What Lurks Beneath

• Security Foundations

• Security Foundations

• Security Foundations

• Security Foundations

• Security Foundations

• Security Foundations

• Security Orchestration and Incident Response

• Security Programs. ROI not CYA.

• Seeing Is Believing: Making the Cyber-Hype Real with Hacking Demos

• Sending a Human to Do a Machine’s Job: Addressing Threats with Analytics

• Seven Tips for Mentoring Security Newbies

• Shaping the Future of Security: Lessons from Today

• Shifting Organizational Culture through Cyber-Awareness

• Show Me the Money: Making the Cost-Benefit Pitch That Prevails

• Show Me the Money: Making the Cost-Benefit Pitch That Prevails (repeat)

• Side Channels – 1

• Side Channels - 2

• Skate to Where the Puck Is Going: The VC Perspective on the Security Market

• Sneak Your Way to Cloud Persistence—Shadow Admins Are Here to Stay

• SOC 2030—SOCs Are Broken. Let’s Fix Them.

• Spectre Attacks: Exploiting Speculative Execution

• Spectre Attacks: Exploiting Speculative Execution (repeat)

• STIX Patterning: Viva la Revolución!

• Stop Translating, Start Defending: Common Language for Managing Cyber-Risk

• Strategic Cyber-Actions and How They Could Affect Your Company

• Strategies to Finding and Building Your Robust Workforce

• Super Forecasting: Even You Can Perform High-Precision Risk Assessments

• Surviving Contact: Keeping Your CEO Employed and Your Business in Business

• Swimming in a Sea of Enemies—The Dilemmas of the Threat Researcher

• Taking the Pulse on Cyber-Intelligence

• Tech Scams: It’s Time to Release the Hounds

• The Bottom of the Barrel—Scraping Pastebin for Obfuscated Malware

• The Cybersecurity Job Seekers Report: Results and Implications

• The “Darknet” Quandary

• The Dark Web and How It Affects Your Industry

• The Emergent Cloud Security Toolchain for CI/CD

• The Emerging Product Security Leader Discipline

• The Entrepreneur and the CISO—10 Traits to Drive Success

• The EU’s General Data Protection Regulation—Beauty or Beast?

• The Fascination of Connectivity—Rediscovered

• The Future of Cyberterrorism

• The Future of Trust in Ecosystems—Global Challenges

• The GDPR Is Only for Europe—Right?

• The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem

• The Impact of Multi and Hybrid Clouds to Cybersecurity Priorities

• The Incident Response Class of 2018: Tactics and Tales from the Frontline

• The Life and Times of Cybersecurity Professionals

• The Long Road to Identity on the Blockchain

• The New Barons of Cyberspace: ICO Creators and Ransomware Authors

• The New Geopolitics of Cybersecurity Research

• The New Landscape of Airborne Cyberattacks

• The NIST Cybersecurity Framework: What’s Next!

• The Promise of IoT Best Practices, Testing and Hazards of Inaction

• The Realities of Enterprise Blockchain

• There’s No Such Thing as a Cyber-Risk

• The Rise of Confidential Computing

• The Rise of Supply Chain Attacks

• The Sad Tale of Etaoin ShrdLu and the Danger of Automated Pen Tests

• The Sky Is Falling! Responding Rationally to Headline Vulnerabilities

• The Supply Chain Threat

• “The System...Is People!” Designing Effective Security UX

• The Top Nine Factors for Effective Data Protection Controls

• The Trump Administration & Congress: Decrypting the Cybersecurity Agenda

• The Unexpected Attack Vector: Software Updaters

• The Untold Story of 8200: A Launching Point for Women in Cybersecurity

• They’re In! Now What? Containment—Is It Possible, Worthwhile, Effective?

• Think Like a Hacker but Act Like an Engineer

• ...This Is Your Enterprise on O365

• ...This Is Your Enterprise on O365 (repeat)

• Threat Hunting Strategy: How to Catch Bears and Pandas

• Threat Intel and Content Curation Organizing the Path to Successful Detection

• Threat Intelligence Insights—DNS-Based Data Exfiltration in the Wild

• Threat Models: Into the Deep!

• Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud Defense

• Transparency of SW and IoT Components: An Open Approach to Bill of Materials

• Trusted Supply Chain and Remote Provisioning with the Trusted Platform Module

• Turning DNS from Security Target into Security Tool

• Turning Your Security Strategy Inside Out—Managing Insider Threat

• Two Keys Are Better than One but Three Keys Are Better than Two

• Value-At-Risk: Decision-Making in Cybersecurity Investments

• Vulnerability Disclosure: Are We Sharing Too Much Too Soon?

• Vulnerability Disclosure: Are We Sharing Too Much Too Soon? (repeat)

• Wanted: Better Cybersecurity Job Descriptions. Apply Within.

• Web Application Testing—Approach and Cheating to Win

• What Time Is It? How Manipulating “Now” Can Crash Our World

• When in Russia: Hacking Vice Abroad

• Why Did We Make Security So Hard?

• Why Your NAC Projects Keep Failing: Addressing Products, People, Processes

• WiFi Security: The Details Matter

• Winning the Battle of the Budget

• Winning the OS X Malware War: Neurally Finding Outbreaks

• Within 10 Years, Autonomous Vehicles Will Change Every CISO’s Job

• Within 10 Years, Autonomous Vehicles Will Change Every CISO’s Job (repeat)

• Women in Security: A Progressive Movement