Notes on recent talks…

DEFCON 18

Hacking The Future: Weaponizing the Next Generation

  • Abstract:
  • Co-presenters:
  • Recording:
  • Slides:
  • Commentary:

Internet Wars

  • Abstract:
  • Co-presenters:
  • Recording:
  • Slides:
  • Commentary:

SCADA and ICS for Security Experts: How to avoid cyberdouchery

  • Abstract:
  • Co-presenters:
  • Recording:
  • Slides:
  • Commentary:

PCI Panel

  • Abstract:
  • Co-presenters:
  • Recording:
  • Slides:
  • Commentary:

Security BSides Las Vegas 2010

Infosec Mentors Panel

  • Abstract: Mentoring, Mentee-ing (Telamachusing? Manatee-ing?) In Information Security: A How-To Panel. Come and learn how to get the most of out the Mentor/Protege relationship from our panel of experts including @joshcorman, @SecBarbie, @gattaca, @dewzi, @hypatiadotca, @myrcurial and @rafallos. Also learn about pitfalls to avoid including “mantoring”. This should be a lively discussion and we expect a lot of audience participation.
    * Being a good mentor/mentee
    * the “internship experience”
    * formal + informal mentoring
    * paying your dues
    * hostile to newcomers or not?
    * certifications, education
    * gender + race issues
    * impostor syndrome
    * charlatans / impostors
    * perfectionism
    * ablism
    Sample Questions
    - How did you get here? Who mentored you along the way?
    - Who most influenced your career as it is today? ??What did you learn from him/her?
    - Why do you think the InfoSec field is so hostile to new-comers?
    - What 3 things would you suggest to anyone thinking of becoming a career security-focused?
    - What 3 things make a good mentor?
  • Co-presenters: Joshua Corman, Marisa Fagan, Erin Jacobs, Dave Lewis, Leigh Honeywell, Rafal Los
  • Recording:
  • Slides: No Slides
  • Commentary:

BlackHat USA 2010

SCADA and ICS for Security Experts: How to avoid cyberdouchery

  • Abstract:
  • Co-presenters:
  • Recording:
  • Slides:
  • Commentary:

The Next HOPE

The Black Suit Plan Isn’t Working – Now What?

  • Abstract: The suit plan isn’t working. At The Last HOPE, James told you all about the awesomeness of The Black Suit. But you’re finding that it’s not really working out… maybe it’s possible to lower the goal? Can we take advantage of the Econopocalypse, the fact that two years have gone by, and infiltrate the upper echelons without having to leave the Black Hat behind? With cyber humor, blistering criticism, and awesometastic possibilities, spend some time in a discussion about ways to get to the place we all want to be – employed and happy.
  • Co-presenters: n/a
  • Recording: http://vimeo.com/13544289
  • Slides:
  • Commentary:

Notacon 7

Social Engineering Security Into Your Business

  • Abstract: Finding security vulnerabilities is easy. Getting them remediated is HARD. Many of the real problems in information security are not about technical prowess with packet dumps or disassemblers, they’re about exercising the “soft skills” you discarded when entering IT. In this talk the four of us will show how social engineering can be applied not to break into systems, but to secure them. How do you convince your DBAs they really do need to apply the latest Oracle patch? How do you convince the CIO that you need funds and people to perform dedicated vulnerability scanning? How do you convince your users that they really shouldn’t put that password on their monitor? We’ll cover all this and more with a little shouting, a lot of scolding, and some live demonstrations.
  • Co-presenters: Chris Clymer, Mick Douglas, and Brandon Knight
  • Recording: http://vimeo.com/12463486
  • Slides:
  • Commentary:

SCADA and ICS for Security Experts: How to avoid cyberdouchery

  • Abstract: The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories. Suddenly, every consultant is an expert and every product fixes SCADA. And because they don’t know what the hell they’re talking about — ‘fake it till ya make it’ doesn’t work — they’re making all of us look stupid.

    Attendees will gain a practical level of knowledge sufficient to keep them from appearing foolish should they choose to opine on any of the various real issues stemming from Industrial Control or SCADA systems. Attendees will also feel embarrassed for something they’ve said, empowered to call out charlatans, and much less worried about cyberhackers unleashing cyberattacks which cybercause cyberpipelines and cybermanufacturing plants to cybergonuts and cybertakeovertheplanet using cybercookiesofdeath.

  • Co-presenters: N/A
  • Recording: http://vimeo.com/12001380
  • Slides: http://www.slideshare.net/Myrcurial/notacon-7-scada-and-ics-for-security-experts
  • Commentary:

Hacking The Future: Weaponizing the Next Generation

  • Abstract: Join this panel of experts who will discuss, debate, enlighten, and do battle on the topic of Hacker Parenting. From a multitude of viewpoints – paternal, maternal, fictive aunt and victim – the methodologies and techniques of applying the hacker mindset to parenting will be discussed. It is expected that the audience will participate as this topic is one on which everyone has an opinion. Maybe it’s possible to do great work and develop a generation of people primed to hack the planet and take over.
  • Co-presenters: Tiffany Rad and Leigh Honeywell
  • Recording: http://vimeo.com/12224481
  • Slides: http://www.slideshare.net/Myrcurial/notacon-7-hacking-the-future-weaponizing-the-next-generation
  • Commentary:

BlackHat Europe 2010

SCADA and ICS for Security Experts: How to avoid being a Cyber Idiot

  • Abstract: The traditional security industry has somehow decided that they are the white knights who are going to save everyone from the horror of insecure powergrids, pipelines, chemical plants, and cookie factories.

    Suddenly, every consultant is an expert and every product is loudly advertising how it solves SCADA SECURITY AND COMPLIANCY ISSUES!!!

    And because they don’t know what the hell they’re talking about – ‘fake it till ya make it’ doesn’t work – they’re making all of us look stupid.

    Let’s sit down for a little fireside chat and discuss all things SCADA and ICS with an eye towards increasing our knowledge to the point where we can confidently say: “I’m not an expert at everything, I can help some, may we work together on a solution?”

    It’s time to stop being a Cyber Idiot and start being a positive contributor. Learn some truth, look behind the curtain, bust some FUD, Oh – and make government agents have kittens. That’s fun for everyone.

  • Co-presenters: n/a
  • Recording: http://vimeo.com/12116003
  • Slides: http://www.slideshare.net/Myrcurial/blackhat-europe-2010-scada-and-ics-for-security-experts
  • Commentary: