Hugh Thompson, Chief Security Strategist, People Security

Internet security guru and bestselling author Dr. Herbert "Hugh" Thompson has seen it all –– hacked voting machines, exposed airline computer insecurities and devised cell phone exploits. As Program Chair for RSA Conference Hugh Thompson provides his take on the sessions at this year’s Conference – the tracks, what to watch for, and the trends he is seeing.

And a sneak peak at what will happen at "The Hugh Thompson Show."  For the sixth year running, Hugh will bring a lifetime of security expertise and a wide–eyed enthusiasm to "The Hugh Thompson Show" at this year's RSA Conference with some special guests.

Hugh Thompson is Program Committee Chairman of RSA Conference, Chief Security Strategist at People Security and a world–renowned expert on application security. He has co–authored several books on the topic and has written more than 80 academic and industrial publications on security. In 2006, Thompson was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine and was featured in "Hacking Democracy", the Emmy–nominated HBO documentary on e–voting vulnerabilities. He is also an adjunct professor at Columbia University in New York where he teaches courses on computer security.

Download <13:21>

Margaret Salter, Technical Director, National Security Agency

The intelligence community and Department of Defense need the ability to communicate anytime, anywhere, regardless of the classification level. They also want the ability to communicate securely using the same kinds of user-friendly devices available commercially. To meet these requirements, the National Security Agency is testing a new mobile infrastructure to secure classified communications.

Margaret Salter is the Technical Director for the Fusion, Analysis and Mitigations Group within the Information Assurance Directorate of the National Security Agency. A senior mathematician with over twenty years of service at the Agency, Salter oversees a commercial security technology lab which evaluates implementations of cryptographic functions in COTS products. She works with DoD customers, commercial vendors, and other Intelligence organizations to provide needed IA solutions.

Download <09:59>

Joji Montelibano, Team Lead, Insider Threat Technical Solutions & Standards, CERT

This session will present case studies of data theft by three different attackers – insiders, outsiders and malware.  Our findings reveal that these attackers employed similar techniques that defenders can exploit to mitigate or altogether prevent these attacks from being successful. We will demonstrate how one such defensive strategy, using open source tools, can be used to accomplish this goal.

Joji Montelibano leads the Insider Threat Technical Solutions team at CERT. Montelibano has over 15 years experience in the fields of software development and network engineering. He began his career developing software for the petroleum and chemical industries, where he created simulation programs for companies such as Shell Oil, Sunoco, and Foster Wheeler. Prior to joining CERT, he was a Senior Information Security Analyst for the RAND Corporation, where his main projects focused on securing and ensuring the availability of military networks and communications. He holds an undergraduate degree in Chemical Engineering from Stanford University, and Master’s degrees from Harvard University and the University of Southern California. His certifications include the CISSP, CSTE, CCNP, and ACSA.

Download <09:43>

Uri Rivner, Head of New Technologies, Identity Protection, RSA

You won't find slides for this session online. We don't even know what topics it will cover. This session is dedicated to the hottest trends and most pressing threats as of the conference week. Join the panel of security researchers as they discuss the latest cyber security threats. Cyberwar? Anonymous? Cloud hack? Serious supply-chain break? All will be revealed.

Panelists

Roel Schouwenberg, Senior Researcher, Kaspersky Lab

David Litchfield, Chief Security Architect, Accuvant

Kevin Mahaffey, Chief Technology Officer, Lookout

Johnathan Tal, President & Chief Executive Officer, TAL Global Corporation

Uri Rivner is responsible at RSA for moving cyber security innovations from concept to reality. Since 2000 he was a key player in the development of risk-based authentication for eCommerce and Online Banking; the RSA eFraudNetwork which is the largest real-time repository of known fraud resources; and other anti-cybercrime technologies now used by thousands of organizations worldwide to stop around $3 billion of online fraud every year. Rivner joined RSA through the acquisition of anti-fraud company Cyota, where he gained a deep perspective on international fraud. He writes blogs at Finextra and RSA Speaking of Security.

Download <10:14>

Christopher Young, Senior Vice President, Security and Government Group, Cisco

With companies moving rapidly toward the cloud, BYOD as the new normal, and stricter policy enforcement demands, every CIO and administrator needs more transparent and efficient networks. The answer is intelligent networks that integrate security technologies and context awareness allowing control over who, what, where, when, and how company data is accessed. Christopher Young will show how enterprises can increase overall network visibility and application control while maintaining secure access for both devices and applications.

As Senior Vice President of the Security and Government Group at Cisco, Chris Young is responsible for Cisco´s overall security vision and the integration of Cisco´s product and cyber security into one platform. With security as one of Cisco´s top engineering priorities, Young is tasked with the development of industry–leading security products and solutions as well as managing a cross–portfolio security strategy and architecture. He oversees a team of more than 2000 employees combining the security technologies group, the global government security solutions group, and Cisco´s own security operations team into a single entity.

He joined Cisco from VMware, where he served as Senior Vice President and General Manager, responsible for strategy, products, engineering, and delivery across all of VMware´s end–user computing solutions. Previously, he served as Senior Vice President at RSA, the security division of EMC, where he was responsible for strategy, product management, product marketing, engineering, and delivery of products across all of RSA's identity and access assurance, security information and event management, governance risk and compliance and data security solutions. He built the company's identity protection and verification business, which today protects more than 200 million online accounts. He has served as Vice President of safety and security premium services for America Online, Inc. (AOL) and prior to that, he founded and served as president of Cyveillance, a technology provider leveraging search technologies to help companies manage business risk.

As an expert in topics related to information–centric security, he is a regular speaker at security industry events. He has testified in front of the United States Senate Judiciary Committee on the subject of cyber–squatting. Outside of Cisco, Young serves on the board of Rapid7, a privately held company in Boston, Massachusetts, and has served on Princeton University´s Board of Trustees. He holds a Bachelor of Arts degree, cum laude, from Princeton University and a Master´s degree in Business Administration, with distinction, from the Harvard Business School.

Download <11:59>

Ben Rothke, Manager Information Security, Major Hospitality Company

Social networks simultaneously offer huge business benefits and unheard of security risks.  How can enterprises effectively use social networks while not putting their security and data at risk?

Ben Rothke, CISSP, CISM, CISA, has over 15 years of industry experience in information systems security and privacy. He is the author of Computer Security - 20 Things Every Employee Should Know (McGraw-Hill), and writes a monthly security book review for Security Management and Slashdot. Ben is also a frequent speaker at industry conferences, such as RSA, MIST and ISACA is a member of ASIS, NY-NJ/ECTF, Society of Payment Security Professionals and InfraGard.

Download <08:31>

Craig Spiezle, Executive Director, Founder & President, OTA Alliance

Email continues to be the attack vector of choice by cybercriminals. This session will review how email authentication and the use of IETF standards (SPF and DKIM) can aid the enterprise in detecting forged email and help protect business and government data. Speakers will review recent research revealing adoption in various industries compiled by the Online Trust Alliance.

Panelists

Mike Hammer, Web Operations Security, American Greetings Interactive

John Scarrow, General Manager of Safety Services at Microsoft, Microsoft Corporation

Andy Steingruebl, Manager of Internet Standards & Governance, PayPal, Inc.

Craig Spiezle is a widely acclaimed security and privacy professional with a deep understanding of consumer trust, social computing and business impact. As a trusted advisor to business, members of Congress, the White House and various governmental agencies, he is recognized as an advocate for consumer trust, brand protection and the need for innovation. Recently appointed to the Federal Communication Commission Communications Security, Reliability and Interoperability Council's, Spiezle serves on the Board of the Identity Theft Council, and an active member of AWPG, IAPP and InfraGard.  Previously he worked at Microsoft for over a decade, most recently as director of security & privacy product management for Internet Explorer and previously led anti-spam and anti-phishing product management.

Download <07:39>

Josh Corman, Director, Security Intelligence, Akamai Technologies

Gene Kim, Researcher and Author

Cloud IT velocity is breathtaking: while most IT struggle with monthly releases, agile IT businesses routinely conjure thousands of AWS servers, performing over 10 deploys per day. This agility delights the business and terrifies security. DevOps aligns the former adversaries of Dev and Ops.  Security needs to enable ludicrous speed or be left behind. We make a case for Rugged DevOps as an answer.

Joshua Corman is Director of Security Intelligence for Akamai Technologies. Corman has more than a decade of security experience, most recently serving as Research Director for The 451 Group. His research cuts across sectors to the core challenges of the industry, and drives adaptive strategies amidst changing landscapes. He is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, SANS, DEFCON, and ShmooCon – and was recognized by NetworkWorld as a top Influencer of IT for 2009. As a staunch advocate for CISOs, he serves as a Ponemon Institute Fellow, as an IANS Faculty, and

co-founded www.ruggedsoftware.org. He received a bachelor’s degree in philosophy, Phi Beta Kappa, summa cum laude, from the University of New Hampshire.

Since 1999, Gene Kim has been studying and benchmarking high performing IT operations and information security organizations.  When Kim was the CTO/founder of Tripwire, he wrote the “Visible Ops Handbook,” which codified how these organizations transformed from “good to great,” which has sold over 200K copies to date.

Download <13:26>