Hugh Thompson, Chief Security Strategist, People Security

Internet security guru and bestselling author Dr. Herbert "Hugh" Thompson has seen it all –– hacked voting machines, exposed airline computer insecurities and devised cell phone exploits. As Program Chair for RSA Conference Hugh Thompson provides his take on the sessions at this year’s Conference – the tracks, what to watch for, and the trends he is seeing.

And a sneak peak at what will happen at "The Hugh Thompson Show."  For the sixth year running, Hugh will bring a lifetime of security expertise and a wide–eyed enthusiasm to "The Hugh Thompson Show" at this year's RSA Conference with some special guests.

Hugh Thompson is Program Committee Chairman of RSA Conference, Chief Security Strategist at People Security and a world–renowned expert on application security. He has co–authored several books on the topic and has written more than 80 academic and industrial publications on security. In 2006, Thompson was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine and was featured in "Hacking Democracy", the Emmy–nominated HBO documentary on e–voting vulnerabilities. He is also an adjunct professor at Columbia University in New York where he teaches courses on computer security.

Download <13:21>

Margaret Salter, Technical Director, National Security Agency

The intelligence community and Department of Defense need the ability to communicate anytime, anywhere, regardless of the classification level. They also want the ability to communicate securely using the same kinds of user-friendly devices available commercially. To meet these requirements, the National Security Agency is testing a new mobile infrastructure to secure classified communications.

Margaret Salter is the Technical Director for the Fusion, Analysis and Mitigations Group within the Information Assurance Directorate of the National Security Agency. A senior mathematician with over twenty years of service at the Agency, Salter oversees a commercial security technology lab which evaluates implementations of cryptographic functions in COTS products. She works with DoD customers, commercial vendors, and other Intelligence organizations to provide needed IA solutions.

Download <09:59>

Joji Montelibano, Team Lead, Insider Threat Technical Solutions & Standards, CERT

This session will present case studies of data theft by three different attackers – insiders, outsiders and malware.  Our findings reveal that these attackers employed similar techniques that defenders can exploit to mitigate or altogether prevent these attacks from being successful. We will demonstrate how one such defensive strategy, using open source tools, can be used to accomplish this goal.

Joji Montelibano leads the Insider Threat Technical Solutions team at CERT. Montelibano has over 15 years experience in the fields of software development and network engineering. He began his career developing software for the petroleum and chemical industries, where he created simulation programs for companies such as Shell Oil, Sunoco, and Foster Wheeler. Prior to joining CERT, he was a Senior Information Security Analyst for the RAND Corporation, where his main projects focused on securing and ensuring the availability of military networks and communications. He holds an undergraduate degree in Chemical Engineering from Stanford University, and Master’s degrees from Harvard University and the University of Southern California. His certifications include the CISSP, CSTE, CCNP, and ACSA.

Download <09:43>

Uri Rivner, Head of New Technologies, Identity Protection, RSA

You won't find slides for this session online. We don't even know what topics it will cover. This session is dedicated to the hottest trends and most pressing threats as of the conference week. Join the panel of security researchers as they discuss the latest cyber security threats. Cyberwar? Anonymous? Cloud hack? Serious supply-chain break? All will be revealed.

Panelists

Roel Schouwenberg, Senior Researcher, Kaspersky Lab

David Litchfield, Chief Security Architect, Accuvant

Kevin Mahaffey, Chief Technology Officer, Lookout

Johnathan Tal, President & Chief Executive Officer, TAL Global Corporation

Uri Rivner is responsible at RSA for moving cyber security innovations from concept to reality. Since 2000 he was a key player in the development of risk-based authentication for eCommerce and Online Banking; the RSA eFraudNetwork which is the largest real-time repository of known fraud resources; and other anti-cybercrime technologies now used by thousands of organizations worldwide to stop around $3 billion of online fraud every year. Rivner joined RSA through the acquisition of anti-fraud company Cyota, where he gained a deep perspective on international fraud. He writes blogs at Finextra and RSA Speaking of Security.

Download <10:14>

Christopher Young, Senior Vice President, Security and Government Group, Cisco

With companies moving rapidly toward the cloud, BYOD as the new normal, and stricter policy enforcement demands, every CIO and administrator needs more transparent and efficient networks. The answer is intelligent networks that integrate security technologies and context awareness allowing control over who, what, where, when, and how company data is accessed. Christopher Young will show how enterprises can increase overall network visibility and application control while maintaining secure access for both devices and applications.

As Senior Vice President of the Security and Government Group at Cisco, Chris Young is responsible for Cisco´s overall security vision and the integration of Cisco´s product and cyber security into one platform. With security as one of Cisco´s top engineering priorities, Young is tasked with the development of industry–leading security products and solutions as well as managing a cross–portfolio security strategy and architecture. He oversees a team of more than 2000 employees combining the security technologies group, the global government security solutions group, and Cisco´s own security operations team into a single entity.

He joined Cisco from VMware, where he served as Senior Vice President and General Manager, responsible for strategy, products, engineering, and delivery across all of VMware´s end–user computing solutions. Previously, he served as Senior Vice President at RSA, the security division of EMC, where he was responsible for strategy, product management, product marketing, engineering, and delivery of products across all of RSA's identity and access assurance, security information and event management, governance risk and compliance and data security solutions. He built the company's identity protection and verification business, which today protects more than 200 million online accounts. He has served as Vice President of safety and security premium services for America Online, Inc. (AOL) and prior to that, he founded and served as president of Cyveillance, a technology provider leveraging search technologies to help companies manage business risk.

As an expert in topics related to information–centric security, he is a regular speaker at security industry events. He has testified in front of the United States Senate Judiciary Committee on the subject of cyber–squatting. Outside of Cisco, Young serves on the board of Rapid7, a privately held company in Boston, Massachusetts, and has served on Princeton University´s Board of Trustees. He holds a Bachelor of Arts degree, cum laude, from Princeton University and a Master´s degree in Business Administration, with distinction, from the Harvard Business School.

Download <11:59>

Ben Rothke, Manager Information Security, Major Hospitality Company

Social networks simultaneously offer huge business benefits and unheard of security risks.  How can enterprises effectively use social networks while not putting their security and data at risk?

Ben Rothke, CISSP, CISM, CISA, has over 15 years of industry experience in information systems security and privacy. He is the author of Computer Security - 20 Things Every Employee Should Know (McGraw-Hill), and writes a monthly security book review for Security Management and Slashdot. Ben is also a frequent speaker at industry conferences, such as RSA, MIST and ISACA is a member of ASIS, NY-NJ/ECTF, Society of Payment Security Professionals and InfraGard.

Download <08:31>

Craig Spiezle, Executive Director, Founder & President, OTA Alliance

Email continues to be the attack vector of choice by cybercriminals. This session will review how email authentication and the use of IETF standards (SPF and DKIM) can aid the enterprise in detecting forged email and help protect business and government data. Speakers will review recent research revealing adoption in various industries compiled by the Online Trust Alliance.

Panelists

Mike Hammer, Web Operations Security, American Greetings Interactive

John Scarrow, General Manager of Safety Services at Microsoft, Microsoft Corporation

Andy Steingruebl, Manager of Internet Standards & Governance, PayPal, Inc.

Craig Spiezle is a widely acclaimed security and privacy professional with a deep understanding of consumer trust, social computing and business impact. As a trusted advisor to business, members of Congress, the White House and various governmental agencies, he is recognized as an advocate for consumer trust, brand protection and the need for innovation. Recently appointed to the Federal Communication Commission Communications Security, Reliability and Interoperability Council's, Spiezle serves on the Board of the Identity Theft Council, and an active member of AWPG, IAPP and InfraGard.  Previously he worked at Microsoft for over a decade, most recently as director of security & privacy product management for Internet Explorer and previously led anti-spam and anti-phishing product management.

Download <07:39>

Josh Corman, Director, Security Intelligence, Akamai Technologies

Gene Kim, Researcher and Author

Cloud IT velocity is breathtaking: while most IT struggle with monthly releases, agile IT businesses routinely conjure thousands of AWS servers, performing over 10 deploys per day. This agility delights the business and terrifies security. DevOps aligns the former adversaries of Dev and Ops.  Security needs to enable ludicrous speed or be left behind. We make a case for Rugged DevOps as an answer.

Joshua Corman is Director of Security Intelligence for Akamai Technologies. Corman has more than a decade of security experience, most recently serving as Research Director for The 451 Group. His research cuts across sectors to the core challenges of the industry, and drives adaptive strategies amidst changing landscapes. He is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, SANS, DEFCON, and ShmooCon – and was recognized by NetworkWorld as a top Influencer of IT for 2009. As a staunch advocate for CISOs, he serves as a Ponemon Institute Fellow, as an IANS Faculty, and

co-founded www.ruggedsoftware.org. He received a bachelor’s degree in philosophy, Phi Beta Kappa, summa cum laude, from the University of New Hampshire.

Since 1999, Gene Kim has been studying and benchmarking high performing IT operations and information security organizations.  When Kim was the CTO/founder of Tripwire, he wrote the “Visible Ops Handbook,” which codified how these organizations transformed from “good to great,” which has sold over 200K copies to date.

Download <13:26>

Lucy Thomson, Senior Engineer - Attorney, CSC

To address the problem of escalating data breaches, nearly all states have passed data breach laws and HITECH covers health records. Using recent massive breaches as case studies, legal and encryption experts sort out the complexities and ambiguities that result in uncertainties for global business and health providers – focusing on both the legal and technical aspects, including encryption.

Moderator:

Lucy Thomson, Senior Engineer - Attorney, CSC

Panelists:

Eric Hibbard, Chief Technology Officer Security & Privacy, Hitachi Data Systems

Thomas Smedinghoff, Partner, Wildman Harrold

Robert Thibadeau, Chief Scientist & SVP, Wave Systems Corp.

Lucy Thomson, J.D., M.S., CIPP/G, focuses her practice at the intersection of law and technology.  As Chair-Elect of the American Bar Association Section of Science & Technology Law, Thomson leads an organization that is widely recognized as the global authority on science and technology law.  She is a Senior Principal Engineer, Information Security, and Privacy Advocate at CSC, a global technology company.

Appointed Consumer Privacy Ombudsman in 11 of the largest federal bankruptcy cases, she has overseen the disposition of 125 million electronic consumer records. A former federal criminal prosecutor, she is Editor of the ABA’s groundbreaking Data Breach and Encryption Handbook (2011).  She holds an M.S. from Rensselaer Polytechnic Institute and a J.D. from Georgetown.

Download <07:26>

Mischel Kwon, President & Chief Executive Officer, MKA

Mobile devices – phones, tablets on cellular, Wi-Fi, government networks are being used to support the mission.  What are the current threats and attacks to the mobile technology?  How do we balance the risk and productivity gained? This panel of Federal Government executives will share lessons learned by early adopters around security strategy, policy, data protection, access control and more.

Moderator:
Mischel Kwon , President & Chief Executive Officer, MKA

Panelists:
Holly Ridgeway , Department of Justice
Thomas Schankweiler , Information Security Officer, Center for Medicare and Medicaid (CMS)
Chris Smith , Chief Information Officer, USDA

Mischel Kwon, President and CEO Mischel Kwon and Associates, LLC, is the former Director of US-CERT, and former Deputy CISO, former Director of the JSOC, and former Chief IT Security Technologist at USDOJ. She has a very balanced approach to cyber security issues, whether technical, defensive, or compliance related. Her experience at DHS and DOJ give her in depth knowledge of the current threat and attack landscape as well as how this affects all sectors of cyber space.

Download <08:27>

Arthur Coviello,  Jr., Executive Vice President, EMC Corporation; Executive Chairman, RSA, The Security Division of EMC

Through a constant and growing flow of digital information, we are living in a hyperconnected world–not just as consumers, or friends on social networking sites, but through our corporate supply chains, the cloud and as trading partners in interconnected global markets. The challenge for us all is that the resulting openness and hyperconnection of our enterprises in an increasingly–digital universe has introduced new vulnerabilities that attackers have learned to exploit. Over the past 18 months, organizations throughout the world have been under attack by nation states, hacktivists and various cyber criminals. What our industry has demonstrated time and time again is an enormous resiliency and ability to innovate that has accelerated the growth and unlimited potential of the digital universe. In his remarks, Art Coviello discusses our roles and responsibilities at an enterprise, industry and geopolitical level to secure the promise of a trusted digital world.

Art Coviello is responsible for RSA's strategy as it delivers EMC's global vision of information-centric security. Coviello was Chief Executive Officer of RSA Security, Inc. prior to its acquisition by EMC in 2006. He joined the company in 1995 and has been a driving force in its rapid growth, increasing revenue from $25 million in 1995 to revenues of over $700 million in 2010. His expertise and influence have made him a recognized leader in the industry, where he plays a key role in several national cyber security initiatives. He has spoken at numerous conferences and forums around the world.

Coviello has more than 30 years of strategic, operating and financial management experience in high technology companies. In addition, he currently serves on the Board of Directors at EnerNOC (a leader in Demand Response Systems for energy conservation). He graduated magna cum laude from the University of Massachusetts.

Download <09:23>

David Adler, Partner, Leavens, Strand, Glover & Adler, LLC

Behnam Dayanim, Partner, Axinn Veltrop & Harkrider LLP

The past few years have witnessed an explosion of legal and regulatory activity involving social and other new media. This session will examine several key areas, including copyright, trademark and related intellectual property concerns; defamation, obscenity and related liability; false advertising and marketing restrictions; gaming; data privacy issues presented by social media; and impacts of social media on employees and the workplace. Attendees will learn how to identify legal risks and issues before they become full-scale emergencies and how to develop appropriate policies and guidelines covering social media activity.

David Adler is an attorney, educator and nationally-recognized speaker in the fields of intellectual property and technology law with a multidisciplinary practice focused on counseling businesses across the interrelated areas of Intellectual Property Law, Media & Entertainment, Information Technology and Corporate Law. He provides legal counsel on trademark and copyright clearance, registration and enforcement, digital and new media licensing, production, finance, regulations, litigation and corporate-commercial transactions. Adler assists interactive and digital marketing and advertising companies, content providers and licensors with advice on affiliate, publisher and partnership agreements, content licensing, syndication, distribution, Social Media and many other related deals.

Behnam Dayanim co-chairs AV&H’s Litigation and Regulatory Practice. Dayanim counsels clients on regulatory compliance, handles internal and regulatory investigations and transactional matters and is an experienced litigator. He advises on data privacy, advertising and marketing, export controls, internet gaming and e-commerce regulation.  He has been named a leading lawyer in Chambers USA, Chambers Global and the Legal 500, and was honored as a BTI Client Service “All-Star” in 2009.  He writes and speaks widely, including several times at RSA Conferences in the past.  Visit his blog at www.caveat-vendor.com.

Download <09:16>

Rob Rachwald, Director of Security Strategy, Imperva Inc.

Amichai Schulman, Chief Technology Officer & Co-Founder, Imperva Inc.

2011 was great if you were a hacker. With mega-breaches at Epsilon and Sony, a massive increase in malicious mobile apps, Lulzsec, Anonymous, APT and the collapse of News of the World, 2011 may well go down as the year of the hacker. What has 2012 got in store for us? In this talk we will present the top ten security trends for 2012 that every security professional should know.

Rob Rachwald is Director of Security Strategy at Imperva.  Rachwald received his BA from UC Berkeley and MBA from Vanderbilt University. He works with Imperva’s security research team, investigating how hackers and insiders steal data, appearing as a security commentator with the BBC, CNN, NBC and USA Today.   He has been in the security industry for six years and in the Silicon Valley for more than a decade.  Before working in the Valley, Robert worked in Washington, DC as a policy analyst.

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Mr. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Mr. Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Prior to Imperva, Mr. Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions. Mr. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques.

Download <13:50>

Dave Aitel, Chief Technology Officer, Immunity Inc.

Many sources for cyber strategy and policy that affects it focus on three facets of the cyber domain: cyber attacks are asymmetric, cyber attacks are unattributable and cyber attacks are non-kinetic. None of these is true. This talk explains why.

Dave Aitel is the founder and CTO of Immunity. Prior to starting Immunity Aitel was a security consultant with @stake and a research scientist with the United States National Security Agency. His background lies in Linux and Unix security research. His focus changed to Windows exploitation after founding Immunity, and in more recent years has expanded to include web applications and engine development for CANVAS such as MOSDEF, the engine's C compiler. He is the author of several books, including the popular “Shellcoder's Handbook”, and he has spoken on security issues at many of the world's leading security conferences.

Download <08:21>

Rick Miller, Director, IBM Managed Security Services - Global Technology Services, IBM

Business executives today understand the importance of having a strong security infrastructure. However in today’s challenging economy, CIOs need to see and be able to articulate true business value from their investment in security.

Rick Miller is an executive at IBM, responsible for all Managed Security Services, worldwide.  In his position Miller hears from thousands of customers who are of various sizes and in many industries, but all have the same security challenges and want to know how they communicate security to their key executives. He is the IBM Board Member for the Information Technology Information Sharing & Analysis Center (IT-ISAC) and is one of the early pioneers of the Managed Security Services market.  In his position at IBM Rick hears from thousands of customers who are of various sizes and in many industries but all have the same security challenges and want to know how they communicate security to their key executives.

Download <09:22>

Gib Sorebo, Chief Cybersecurity Technologist, SAIC

For years government agencies have complained that federal government security requirements were nothing but  paper drills that did little to improve security.  Now there is renewed emphasis on automation and continuous monitoring that would both provide a better and more current picture of compliance efforts and improve security.  But just what does continuous monitoring mean and how can it be implemented cost effectively?

Moderator

Gib Sorebo, Chief Cybersecurity Technologist, SAIC

Panelists

Scott Cogan, Strategic Alliances, RSA, The Security Division of EMC

Jasvir Gill, Chief Executive Officer & Founder, AlertEnterprise, Inc.

Andy Ozment, Director for Federal Information Security Policy, White House

Ron Ross, Senior Computer Scientist, National Institute of Standards and Technology

Gib Sorebo is a Chief Cybersecurity Technologist and Assistant VP for SAIC where he assists government and private sector organizations in complying with legal and regulatory requirements.  Sorebo has been working in the information technology industry for more than nineteen years in both the public and private sector.  As a former Windows system administrator and network penetration tester, he has extensive technical abilities and is familiar with a wide variety of network security tools and exploit methods.  He also holds a law degree and teaches information security courses for the Univ. of Fairfax.  He is also a frequent speaker at national security conferences where he has given talks on information security liability, Sarbanes-Oxley, e-discovery, breach notification, and many others.

Download <12:09>