RSA 2019

PRESENTATIONS

• 10 Lies You Tell Your Security Vendors—And What to Do Instead

• 12 Ways to Hack 2FA

• 2028 Future State: Long Live the Firewall?

• 4G to 5G Evolution: In-Depth Security Perspective

• 99 Security Products and You Still Got Breached?

• Accelerate and Simplify Incident Response with Security Automation

• Access Control for Multi-Vendor Big Data and BI Environments

• Achieving Operational Security Excellence in Connected IoT Solutions

• Achieving Operational Security Excellence in Connected IoT Solutions

• A Cloud Security Architecture Workshop

• Advanced Smart Contract Hacking

• Advancing Incident Response in the Age of New Compliance Requirements

• Adversarial Machine Learning against Modern Behavioral Biometrics Systems

• A General Introduction to Modern Cryptography

• AI and Machine Learning: Managing the Risks of Major Lawsuits

• AI: Hacking without Humans How Can Human Brains Be Hacked?

• Anatomy of an Enterprise Mobile Security Incident

• Anatomy of an Enterprise Mobile Security Incident (Repeat)

• Anatomy of Phishing Campaigns: A Gmail Perspective

• A New Employer-Driven Model of Cyber-Workforce Development for Dell

• API Security: Assume Possible Interference

• Are Spoof-Proof Biometrics Really Possible?

• A Separate Network for Critical Infrastructure: Is It a Good Idea?

• Attack Vectors in Orbit: The Need for IoT and Satellite Security

• ATT&CK in Practice: A Primer to Improve Your Cyber-Defense

• Automated Fault Analysis of Block Cipher Implementations

• Automation vs. Human Eyes: Optimizing Human Intuition for Success

• Aviation Cybersecurity: Keeping the Wings On

• Back to the Basics: How to Create Effective Information Security Policies

• Back to the Basics: How to Create Effective Information Security Policies

• Bad Intelligence: Or How I Learned to Stop Buying and Love the Basics

• Barney Fife Metrics: The Bullet That We Have but Don’t Use, and Why

• Blackbox Interpretability: Next Frontier in Adversarial ML Evasion

• Blockchain Anchored Swap Meet: A Mock Trial

• Blockchain Augmentation of the Trusted Supply Chain

• Blockchain-Based Identity: Exploring the Messy Space between Promise and Reality

• Blockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective

• Blockchainification of Cyber-Supply Chain Risk: Hype vs. Hope

• Block Cipher: Cryptanalysis

• Block Cipher: Cryptanalysis

• Block Cipher: Design and Evaluation

• Block Cipher: Design and Evaluation

• Bluetooth Reverse Engineering: Tools and Techniques

• Breaking Out of the Security Metrics Matrix: Steps in the Right Direction

• Breaking the Blockchain: Real-World Use Cases, Opportunities and Challenges

• Building a Defensible Cyberspace: 2025

• Building a Defensible Cyberspace: 2025

• Building a Leading Cloud Security Program

• Building—and Keeping—Your Cybersecurity Team with Nontraditional Staff

• Building High Performance and Innovative Security Programs That Embrace Cyber/Physical Convergence

• Building Identity for an Open Perimeter

• Building Security In—DevSecOps

• Building Security Processes for Developers and DevOps Teams

• Build Intelligent Vulnerability Scoring to Optimize Security Residual Risks

• Business Email Compromise: Operation Wire Wire and New Attack Vectors

• Changing Academia

• Changing the World with the UK’s Code of Practice for Consumer IoT Security

• Cheaper by the Dozen: Application Security on a Limited Budget

• CISO: How to Understand and Manage Your Human Risk

• Cloud CTF: Identifying and Resolving Attacks in Azure

• Come Get Your Free NSA Reverse Engineering Tool!

• Communicating with the Board

• Connected Cars: A Security and Privacy by Design Study 10 Years in the Making

• Connected Cars: A Security and Privacy by Design Study 10 Years in the Making (Repeat)

• Container Security at the Speed of CI/CD

• Context-Based Data Sensitivity Classification

• Coordinated Vulnerability Disclosure: Debate from the Trenches

• Cover Your aaS with DevSecOps

• Creating/Building a Phishing Training Program

• Cryptocurrency Hacking and the Legal Climate for Blockchain Technology

• Cryptography and AI

• Crypto Hero (Hands-On)

• Cryptojacking: What’s in Your Environment?

• Cutting the Wrong Wire: How a Clumsy Hacker Exposed a Global Cyberattack

• Cyber-Influence: Cyberwar and Psychological Operations

• Cyber-Risk Management: New Approaches for Reducing Your Cyber-Exposure

• Cybersecurity and Hospital Infection Control: Overlaps and Opportunities

• Cybersecurity and Privacy: The Two Main Tenets in the Smart City Project

• Cybersecurity: Federalism as Defense-in-Depth

• Cybersecurity Futures 2025

• Cybersecurity Head On: How Successful Organizations Win

• Cybersecurity Is All About Protecting the “Seams”

• Cybersecurity Leadership Effectiveness Using the 7-S Framework

• Cybersecurity Rubicon: Is US Domestic and Foreign Cyber-Policy on Track

• Cybersecurity Silo-Busters 1, Cyberthreat Actors 0 (Game in Progress)

• Cybersecurity Tips, Tools and Techniques for Your Professional Toolbag

• Cybersecurity Tips, Tools and Techniques for Your Professional Toolbag (Repeat)

• CyberSmart Parents Education Seminar—Keeping Your Family Safe Online

• CyberSmart Parents Education Seminar—Keeping Your Family Safe Online

• CyberSmart Parents Education Seminar—Keeping Your Family Safe Online

• CyberSmart Parents Education Seminar—Keeping Your Family Safe Online

• CyberSmart Parents Education Seminar—Keeping Your Family Safe Online

• Data Breach or Disclosure: A Quantitative Risk Analysis

• Debunking the Hacker Hype: The Reality of Widespread Blackouts

• Decentralized Identity: No Promises Edition

• Deep Modernization of a Corporate IT Infrastructure

• Defending Digital Democracy: How Security Professionals Can Help

• Defining a Cyber-Risk Appetite That Works

• Defining a Cyber-Risk Appetite That Works (Repeat)

• Delivering Automated, Modern Enterprise App Auth in Old Orgs, Quickly

• Democratizing Cloud Security: Journey to Secure the Public Cloud

• Democratizing Security: A Story of Security Decentralization

• Demystifying Quantum Computers

• Designing Effective Security UX: If It’s Not Usable, It’s Not Secure

• Designing for Doomsday: Effective API Security Approaches from the Edge

• Developing Key Performance Indicators for Security

• DevOps’ Seven Deadly Diseases

• DevSecOps for the Rest of Us!

• DHS Hackers and the Lawyers Who Advise Them

• Digital Surveillance and Cyberespionage at Scale

• Doing Security Orchestration, Automation and Response before It Was Born

• Don’t Hand Me That! The Art of Incident Analysis

• Do You Know Your Organization’s Top 10 Security Risks?

• Due Diligence Meets Small Business: Nightmares from the Other Side

• Effectiveness vs. Efficiency: 10 Capabilities of the Modern SOC

• Election Hacking Is No Longer Theoretical: Russians Are Pwning Our Votes

• Election Hacking Is No Longer Theoretical: Russians Are Pwning Our Votes (Repeat)

• Election Hacking: Trading Malware for Votes

• Elections at Risk: Global Threats / Local Impact

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Emerging Threats

• Empowering International Security Teams

• Empowering International Security Teams (Repeat)

• Engaging Internationally in Support of Cybersecurity for Critical Functions

• Engaging the Media 101

• Engineering Out the Cyber-Risk to Protect What Matters Most

• Ethical Bias in AI-Based Security Systems: The Big Data Disconnect

• Evasion Tactics in Malware from the Inside Out

• Everything You Need to Know about Cybersecurity and Privacy Law in Two Hours!

• Evolution of AI-Bot Swarming Intelligence with Robots

• Expense in Depth: Managing Your Total Cost of Controls

• Finding the Right Answers—Facilitating Insider Threat Analysis Using OCTAVE

• Fine-Tuning Your Cyber-Defense Technologies with the ATT&CK Framework

• First Steps in RF: Lessons Learned

• Five Secrets to Attract and Retain Top Tech Talent in Your Future Workplace

• Fixing the Mess of IoT Security

• Flash War: Tapering an Accelerating Attack Chain

• Foundation

• Foundation

• From Ephemeral Infrastructure to Ephemeral Communications

• From Ephemeral Infrastructure to Ephemeral Communications (Repeat)

• Functional Encryption

• Functional Encryption

• Future Forests: Realistic Strategies for AD Security & “Red Forest” Architecture

• Future-Proof Cybersecurity Strategy

• GDPR: How to Work Out If Your Security Is “Appropriate”

• GDPR: How to Work Out If Your Security Is “Appropriate” (Repeat)

• Getting Practical with Addressing Risks in OT Networks: Where to Start?

• Getting Product Cybersecurity Right in a Large Mature Corporation

• (Girl) Scouting for Talent: The Solution in the Next Generation

• Global Regulatory Trends in Privacy and Cybersecurity for 2019

• Government Needs You

• Hacked by Crypto

• Hacking and Hardening Kubernetes

• Hacking Exposed: Hacking Macs

• Hacking Exposed: LIVE—Bypassing NextGen

• Hacking Healthcare Live: Digital Disease, Clinical Crisis

• Hacking the Human: Special Edition

• Hacking the Human: Special Edition

• Hacking the Human: Special Edition

• Hacking the Human: Special Edition

• Harnessing the Law of Data Gravity: Cyber-Defense and the Hybrid Cloud

• Hearing Voices: The Cybersecurity Pro’s View of the Profession

• Hello? It’s Me, Your Not So Smart Device. We Need to Talk.

• Hindsight and 2020: A Clear-Eyed Look at Shared Responsibil-I-o-T

• Holistically Mitigating Human Vulnerabilities and Attacks

• Homomorphic Encryption

• Homomorphic Encryption

• Honeypot Predators: Hunter vs. Prey

• Hot Topics in Cyber-Law 2019

• How Bad Incentives Led to Crypto-Mining Malware, and What to Do about It

• How CTI Can Play a Key Role to Get Security on Board

• How I Learned Docker Security the Hard Way (So You Don’t Have To)

• How Long to Boom: Understanding and Measuring ICS Hacker Maturity

• How Public Interest Technologists are Changing the World

• How the H@ck R U? A Modern Identity Assurance Approach in a Hacked World

• How to Apply a Zero-Trust Model to Cloud, Data and Identity

• How to Create a Truly Diverse Cyber-Workforce

• How to Design and Operate a DDOS Testing Program

• How to Detect and Stop Attacks as They Occur with a Limited Budget

• How to Eliminate a Major Vulnerability in the Cybersecurity Workforce

• How to Evolve Threat Hunting by Using the MITRE ATT&CK Framework

• How-To for Innovators and Entrepreneurs

• How-To for Innovators and Entrepreneurs

• How-To for Innovators and Entrepreneurs

• How-To for Innovators and Entrepreneurs

• How-To for Innovators and Entrepreneurs

• How to Make Sense of Cybersecurity Frameworks

• How to Make Sense of Cybersecurity Frameworks (Repeat)

• How to Measure Ecosystem Impacts

• How to Run a Cyber-Incident Response Exercise Using an Open-Source Scenario

• How to Run a Cyber-Incident Response Exercise Using an Open-Source Scenario

• How to Run a Cyber-Incident Response Exercise Using an Open-Source Scenario

• How Understanding Risk Is Changing for Open Source Components

• How Vault 7 Leaks Helped Develop My Own Cyberespionage Weapon

• HTTPS: Is Privacy Making Us Less Secure?

• Humans Are Awesome at Risk Management

• Hunt Advanced Attackers on a Budget Less than the GDP of a Small Country

• Hunt Advanced Attackers on a Budget Less than the GDP of a Small Country (Sandbox)

• Hunting and Tracking Rogue Radio Frequency Devices

• I Belong Here

• ID-Based and Predicate Encryption

• ID-Based and Predicate Encryption

• IMF Case Study: Metrics That Matter—Help Management with Decision Making and Improve Security Posture of the Organization

• Important Things You Need to Know about Storing Your Identity

• Incident Response beyond Enterprise IT

• Infecting the Embedded Supply Chain

• Innovative Answers to the IoT Security Challenges

• Inside the Timehop Breach Response

• Intelligence-Driven Industrial Security with Case Studies in ICS Attacks

• Internal Affairs: Building Incident Command Frameworks through Diplomacy

• Internet of Food: How IoT Threatens Fields, Farms and Factories

• Internet of Laws: Navigating the IoT Legal Landscape

• Into the Breach: Dealing with Law Enforcement and Counsel in a Cyber-Crisis

• Introduction to Defending the Enterprise Using Automated SecOps

• Investigating IoT Crime: The Value of IoT Crime Classification

• Investigative Journalists Speak Out Year V

• Japan’s New Cybersecurity Strategy to Close an IoT Gap

• Joining Forces: Transforming Cybersecurity through Diversity and Data

• Key Management and Protection: Evaluation of Hardware, Tokens, TEEs and MPC

• Key Management Architectures for Multinational Compliance

• Kubernetes Runtime Security: What Happens if a Container Goes Bad?

• Law Enforcement: The Secret Weapon in the CISO’s Toolkit

• Lesson Learned: What I Have Experienced While Implementing GDPR

• Lessons from Applying MITRE ATT&CK in the Wild

• Lessons Learned from 30+ Years of Security Awareness Efforts

• Lessons Learned in Automating Decision-Making: Pitfalls and Opportunities

• Let’s Make Risk a Game! 4,000 Cyber-Risks in Your Hand.

• Lift and Shift, Don’t Lift and Pray: Pragmatic Cloud Migration Strategies

• Lost Boys: How Linux and Mac Intersect in a Windows-Centric Security World

• MAC and Authenticated Encryption

• Machine Learning: The What and Why of AI

• Machine Learning Toolbox for Cybersecurity Risk Management

• Making Security a Best Practice in Every Aspect of Open Source

• Making Security a Competitive Advantage

• Making Security Automation Real

• Malicious, Misbehaving or Misunderstood? Making Bad USBs Good Again

• Manufacturers Approach towards Cybersecurity Threats Targeting Healthcare

• Math Is Hard: Compliance to Continuous Risk Management

• Mechanical Backdoors in Cold War Encryption Machines

• Mechanical Backdoors in Cold War Encryption Machines (Repeat)

• Mental Health in Cybersecurity: Preventing Burnout, Building Resilience

• Mobile Security and the Post-Perimeter World: 10 Years of Mobile Threats

• More than Vaulting: Adapting to New Privileged Access Threats

• Multiparty Computation and Application

• Multiparty Computation and Application

• Multiparty Vulnerability Disclosure: From Here to Where?

• Mushrooming Economic Inequality Menaces Security: Here’s How to Fix It

• Nation-State Exploitation of Cryptocurrencies

• Nation-States Behaving Badly: The Evolving Rules of the Game in Cyberspace

• Navigating Today’s Data Privacy Regulation Labyrinth

• New Rules: Comparing the CA Consumer Privacy Act and EU GDPR—What Every Security Professional Needs to Know

• NIST Cybersecurity Framework and PCI DSS

• No More Firewalls! How Zero-Trust Networks Are Reshaping Cybersecurity

• No More Firewalls! How Zero-Trust Networks Are Reshaping Cybersecurity

• NONE of Us Are as Smart as ALL of Us

• Passwords and Patching: The Forgotten Building Blocks of Enterprise Security

• Phantom Menace, Episode I? The Attack That Undressed the Mexican Banks in ’18

• Playing with Fire: How Cyber-Physical Attacks Threaten Our Connected World

• Post-Quantum Cryptography

• Post-Quantum Cryptography

• Practical Approaches to Cloud Native Security

• Practical Malware Analysis Essentials for Incident Responders

• Privacy and Anonymity

• Privacy and Anonymity

• Privacy Essentials for Security Professionals

• Procuring IoT: Purchasing Guidance for Government Officials

• Prosilience: Moving beyond Operational Resilience

• Protecting the Cloud with the Power of Cloud

• Protecting the Cloud with the Power of Cloud (Repeat)

• Protecting You Better with Advanced Malware Research

• Protecting your Achilles heel: Managing security risk in your legacy product portfolio

• Public Interest Tech in Silicon Valley

• Public Key Encryption

• Public Key Encryption

• Raiding Lost BTC and Other Cryptocurrencies

• Ransom: A Real-World Case Study in Data Theft, Forensics and the Law

• Ransomware Attack Protection and Recovery: Lessons from the Front Lines

• Red Team View: Gaps in the Serverless Application Attack Surface

• Release Your Inner DevSecOp

• Responding to and Recovering from Cybersecurity Incidents

• Results of the (ISC)² Workforce Survey

• Retaining and Growing Cybersecurity Talent: A Proven Model

• Rethinking Efficient Third-Party Risk Management

• Reverse Engineering Attribution: The Man Behind the Man Behind the Curtain

• Risks and Results: Counter-Risks to the Nation’s Critical Infrastructure

• Roadmap to Entrepreneurial Success: Lessons Learned along the Way

• Run for Your Life—No Literally—Do It!

• Safety Systems Are the New Target: Design Security Using Safety Methods

• SCADA Attack Detection 101

• Schrodinger's Pentest: Scoping Entanglement

• Secure Computation

• Secure Computation

• Secure Innovation in Public Cloud, Myth or Reality?

• Securely Deploying Micro Services, Containers and Serverless PaaS Web Apps

• Secure the Pod Bay Doors, HAL: Cybersecurity Risks of IoT Automation

• Securing Cloud-Native Applications at Scale

• Securing Intel PC for FIDO Support: Industry Standard to Remove Passwords

• Security at 36,000 Feet!

• Security at the Speed of DevOps: A Reality Check

• Security Foundations

• Security Foundations

• Security Foundations

• Security Foundations

• Security Foundations

• Security Foundations

• Security Foundations

• Security Learns to Sprint: DevSecOps

• Security Model and White-Box Crypto

• Security Model and White-Box Crypto

• Security Precognition: Chaos Engineering in Incident Response

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Security, Privacy and Human Behavior

• Shadow IoT Hacking the Corporate Environment: Office as the New Smart Home

• She Speaks Security: Gaining Confidence Speaking and Submitting to Speak

• She Speaks Security: Gaining Confidence Speaking and Submitting to Speak

• She Speaks Security: Gaining Confidence Speaking and Submitting to Speak

• She Speaks Security: Gaining Confidence Speaking and Submitting to Speak

• She Speaks Security: Gaining Confidence Speaking and Submitting to Speak

• Side Channel and Leakage Resilience

• Side Channel and Leakage Resilience

• Simplicity from Complexity: Cybersecurity Insights That Matter Most

• SOC Automation, Enterprise Blueprinting and Hunting Using Open-Source Tools

• Software Bill of Materials: Progress toward Transparency of Third-Party Code

• Solving Our Cybersecurity Talent Shortage

• Solving Our Cybersecurity Talent Shortage

• Solving Our Cybersecurity Talent Shortage

• Solving Our Cybersecurity Talent Shortage

• Solving Our Cybersecurity Talent Shortage

• Solving Our Cybersecurity Talent Shortage

• STIR SHAKE’N SIP to Stop Robocalling

• Stop That Release, There’s a Vulnerability!

• Studies of 2FA, Why Johhny Can’t Use 2FA and How We Can Change That

• Studies of 2FA, Why Johhny Can’t Use 2FA and How We Can Change That

• Superforecasting II: Risk Assessment Prognostication in the 21st Century

• Supply Chain Security for Critical Energy Infrastructure

• Tales from the Front Lines

• Tales from the PSIRT: 10 Years of Bugs, Vulnerabilities and CVEs

• The Advantage of Ignoring the Long Tail of Security: A Product View

• The Art of the Nudge, Cheap Ways to Steer User Behavior

• The Detrimental Nature of Proofs of Work, and Risks to Cryptocurrencies

• The Digital Risk Dilemma: How to Protect What You Don’t Control

• The Emerging Grey App Threat: Mobile Kids Apps Are Gateway to Parents

• The Etiology of Vulnerability Exploitation

• The EU’s General Data Protection Regulation: One Year Later

• The Fallacy of the "Zero-Trust Network"

• The Fine Art of Creating a Transformational Cybersecurity Strategy

• The Foreshadow Attack: From a Simple Oversight to a Technological Nightmare

• The Future Is Hybrid: Key Considerations for Cloud and DevOps

• The Future of Public Interest Tech

• The Metrics Manifesto

• The NIST Cybersecurity Framework: Building on Success

• The NIST Privacy Framework: What It Is and What It Means for You

• The Rise of the Cyber-Culture Hacker

• The Rise of the Machines, AI- and ML-Based Attacks Demonstrated

• The State of the Union on Cyber-Intelligence

• The Upside Down: The Roles and Responsibilities of Cybercrime Syndicates

• The Women Driving Innovation in State Cybersecurity

• Threat Hunting across Thousands of Multicloud Workloads

• Threat Hunting Using 16th-Century Math and Sesame Street

• Threat Modeling in 2019

• Top 10 Ways to Make Hackers Excited: About the Shortcuts Not Worth Taking

• Treating Cloud-Specific Threats with Automatic Remediation

• U-Boot, I-Hack

• Unmasking Operation Shaheen

• Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors

• Update on Confidential Computing

• Use Model to Deconstruct Threats: Detect Intrusion by Statistical Learning

• Use of Facial Recognition to Combat Terrorism

• Using Automation to Help Achieve Security in a Multicloud Environment

• Using High-Entropy Encryption for Enterprise Collaboration

• Using the Cloud to Secure vs. Securing the Cloud

• Verizon Incident Preparedness Report—Taming the Data Beast

• Virtual Pen Testing Using Risk Models

• Vulnerabilities: What Is the Future

• We’re Not in Kansas Anymore: Measuring the Impact of a Data Breach

• We’re Not in Kansas Anymore: Measuring the Impact of a Data Breach (Repeat)

• What Does Cyber-Insurance Really Bring to the Table and…Are You Covered?

• What Every Security Professional Needs to Know about WiFi 6

• What Happens to Your Threat Model When Hardware Isn’t Really Hardware?

• What Lurks within Your IT: Spotlight on the Dark Side of the Supply Chain

• What Makes a Good KRI? Using FAIR to Discover Meaningful Metrics

• What Sennacherib Taught Me about Security: How to Translate Cyber-Speak

• What Should a US Federal Privacy Law Look Like?

• What You Need to Know about the Cybersecurity Landscape and Cyber-Cases

• When the One You Trust Hurts You Most: Real-World Attack, Real-Time Response

• When the One You Trust Hurts You Most: Real-World Attack, Real-Time Response (Repeat)

• Who Watches the Watchers: IP Protection for Privileged Users

• Why Data-Driven Personalized Journeys Are the Future of Security Training

• Why Industrial IoT Security Is Really about Saving Lives

• Why the Role of CISO Sucks and What We Should Do to Fix It!

• Will Your Application Be Secure Enough When Robots Produce Code for You?

• Wireless Offense and Defense, Explained and Demonstrated!

• Women in Cybersecurity: Finding, Attracting and Cultivating Talent

• Working in Civil Society

• Yet Another IoT Hack

• You Can’t Manage What You Can’t Measure: Are We Measuring the Right Stuff?

• Your Data’s Integrity: Protect and Respond to Ransomware and Critical Events

• Your Ideal Victim Is My Hero

• You’ve Predicted the Future, Now What? Pulling the Right Security Levers

• Zero-Knowledge (ZK) Proofs—Privacy-Preserving Authentication

• Zero-Trust Networking Is Facilitating Cloud Transformation