Over eighty Black Hat sessions crowded into two days is a lot. So it helps to get some advance sorting and some info-distillation—those are the key missions of the Executive Briefings. We have designed the day to help parse the information deluge, guiding your team deployment strategy for team members who have accompanied you to Black Hat.
Web application security
With over twenty sessions impacting Application Security, and facing the evolution of HTML5, Nathan Hamiel will be providing an overview of what is coming in this fast moving space.
Black Hat Review Board member Nathan Hamiel is charing the Web Application Security track, serves as Principal Consultant for FishNet Security's Application Security Practice. He is also an Associate Professor of Software Engineering at the University of Advancing Technology.Presented By:
Mobile devices were among the first 'bring your own device' landscape, and have evolved into one of the more interesting attack targets in the Enterprise. It is true that the mobile track includes elements you might expect, but there are more unconventional topics emerging as well. Vincenzo, the track chair, says it all has something to do with peeling an onion.
Presentation by Black Hat Review Board member Vincenzo Iozzo, Director of Vulnerability Intelligence at Trail Of Bits Inc. He's perhaps best known for co-writing the exploits for BlackBerryOS and iPhoneOS to win Pwn2own 2010 and Pwn2own 2011.Presented By:
Defense doesn't always get as much airplay at Black Hat, where much of the buzz tends to focus on breaking things. Defense, always harder than offense, gets attention from some great minds at Black Hat this year.
Presentation by Black Hat Review Board member Shawn Moyer, who manages the Research Consulting Practice for Accuvant Labs.Presented By:
Special Guest Speaker
An update on national issues from DHS Deputy Under Secretary for Cybersecurity Mark Weatherford.Presented By:
Analytical Response and Discussion
Rounding out the day's discussions and presentations, Black Hat has assembled a top-shelf panel to break down and discuss top concerns highlighted through the day, evaluate down-stream implications of upcoming Black Hat research, and help process what to do in response to this year's content.
This panel, comprised of three leading analysts and two (crowd elected) CSO's are charged with working with the attendees to synthesize, challenge, clarify what questions to carry forward into the next two days of Black Hat Briefings.Joshua Corman is Director of Security Intelligence for Akamai Technologies and has more than a decade of experience with security and networking software. Most recently he served as Research Director for Enterprise Security at The 451 Group, following his time as Principal Security Strategist for IBM Internet Security Systems. Mr. Corman's cross-domain research highlights adversaries, game theory, and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps drive evolutionary strategies toward emerging technologies and shifting incentives.
Corman can be found on twitter @joshcorman and on his blog at http://blog.cognitivedissidents.com/
Rob Joyce is the Deputy Director of the Information Assurance Directorate (IAD) at the National Security Agency. His organization is the NSA mission element charged with providing products and services critical to protecting our Nation's systems that carry classified communications, military command and control or intelligence information. IAD provides technical expertise on cyber technologies, cryptography, security architectures and other issues related to information assurance, as well as supplying deep understanding of the vulnerability and threats to national security systems. Joyce has spent more than 23 years at NSA, beginning his career as an engineer.
Rich Mogull, Analyst and CEO at Securosis, has twenty years of experience in information security, physical security, and risk management. He specializes in data security, application security, emerging security technologies, and security management. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team where he also served as research co-chair for the Gartner Security Summit. Rich is the Security Editor of TidBITS and a frequent contributor to publications ranging from Information Security Magazine to Macworld. He is a frequent industry speaker at events including the RSA Security Conference and DefCon, and has spoken on every continent except Antarctica.
Kevin Overcash, Chief Software Architect of Accuvant, has been designing and building commercial software products and services for over fifteen years. Starting with Internet Security Systems' (ISS) Internet Scanner in the late 90's, he has designed and served as product manager for ISS RealSecure IDS, SPI Dynamics WebDefend and Assessment Management Platform (AMP), Breach Security WebDefend Web Application Firewall, and most recently the WhiteHat Sentinel Web Application Assessment Service. Mr. Overcash has been speaking at industry events for over a decade, including SANS and RSA.Presented By:
Premium & Dinner Co-SponsorBack to Top
Qualys, Inc., is a pioneer and leading provider of cloud security and compliance solutions with over 5,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of applications helps organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
For more information, please visit www.qualys.com
Philippe Courtot, Chairman and CEO for Qualys
Philippe's leadership experience includes serving as Chairman and CEO of Signio, an electronic payment company later acquired by Verisign, President and CEO of Verity, and CEO of Thomson CGR Medical. Philippe holds a Masters Degree in Physics from the University of Paris.
Amer Deeba, Chief Marketing Officer for Qualys
Amer came to Qualys from VeriSign, where he was the General Manager for the Payment Services Division, and has a variety of technical and management positions at Adobe, Verity and Amdahl. Amer earned MS and BS degrees in Computer Sciences.
Wolfgang Kandek, Chief Technical Officer for Qualys
Wolfgang's more than 20 years of experience in IS management includes positions at myplay.com,iSyndicate, EDS, MCI and IBM. Wolfgang earned a Masters and a Bachelors degree in Computer Science from the Technical University of Darmstadt, Germany.
John Wilson, Executive Vice President of World Wide Field Operations for Qualys
John's more than 20 years of sales and operations leadership includes roles at Verizon Business, Ubizen, The Sayers Group, Winstar Communications, and Johnson & Johnson. John holds a Bachelor of Science degree from the U.S. Military Academy at West Point and a Master of Business Administration degree from Fordham University.
Foundation SponsorBack to Top
Adobe is changing the world though digital experiences. We help our customers develop and deliver high-impact experiences that differentiate brands, build loyalty, and drive revenue across every screen, including smartphones, computers, tablets and TVs. Adobe content solutions are used daily by millions of companies worldwide—from publishers and broadcasters, to enterprises, marketing agencies and household-name brands. Building on our established design leadership, we enable customers not only to make great content, but to manage, measure and monetize it for maximum impact.
Brad Arkin, Senior Director of Security for Adobe
Brad Arkin is the senior director of security for Adobe products and services. Arkin also oversees the Corporate Standards Group as well as the open source and accessibility teams.
David Lenoe, Adobe
David Lenoe leads the Product Security Incident Response Team (PSIRT) at Adobe, responsible for Adobe's security incident response and vulnerability information sharing programs.
event sponsorsBack to Top
Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and prove real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.
Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.
BlackBerry Security, Research in Motion (RIM), is a world class organization providing end to end security focus including: driving the BlackBerry security message globally, security accreditations, development of security products, advanced threat research, building mitigations into BlackBerry products, and by rapidly responding to security incidents. More information: www.blackberry.com/security
SAIC is a FORTUNE 500® scientific, engineering, and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy and the environment, critical infrastructure, and health. The Company's approximately 41,000 employees serve customers in the U.S. Department of Defense, the intelligence community, the U.S. Department of Homeland Security, other U.S. Government civil agencies and selected commercial markets. Headquartered in McLean, Va., SAIC had annual revenues of approximately $10.6 billion for its fiscal year ended January 31, 2012. For more information, visit http://www.saic.com/. SAIC: From Science to Solutions®
Dinner Co-SponsorBack to Top
Veracode is the only independent provider of cloud-based application intelligence and security verification services. The Veracode platform provides the fastest, most comprehensive solution to improve the security of internally developed, purchased or outsourced software applications and third-party components. By combining patented static, dynamic and manual testing, extensive eLearning capabilities, and advanced application analytics, Veracode enables scalable, policy-driven application risk management programs that help identify and eradicate numerous vulnerabilities by leveraging best-in-class technologies from vulnerability scanning to penetration testing and static code analysis. Veracode delivers unbiased proof of application security to stakeholders across the software supply chain while supporting independent audit and compliance requirements for all applications no matter how they are deployed, via the web, mobile or in the cloud. Visit www.veracode.com