Loading…
BSidesLV 2017 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

I Am The Cavalry [clear filter]
Tuesday, July 25
 

11:30

IATC Kickoff
“Our dependence on connected technology is growing faster than our ability to secure it, affecting human life, public safety, national security, and global GDP.” This realization launched I Am The Cavalry four years ago at BSidesLV. While there’s been a lot of progress and enlightenment among government and corporate leaders, in the footrace with adversaries, defenders started way behind. As I Am The Cavalry enters its fifth year. Our BSidesLV track will highlight many of the successes for Cyber Safety, and build capabilities for scale, speed, and agility so we can look forward to what’s needed and what’s next.
Josh Corman and Beau Woods will kick off the track, giving a brief overview of I Am The Cavalry, mention some notable wins, and give a roadmap for the two day track. And Keren Elazari will deliver a rousing keynote, laying a foundation for BSidesLV participants to help make us safer, sooner, together.

Presenters
avatar for Josh Corman

Josh Corman

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The... Read More →
avatar for Keren Elazari

Keren Elazari

@k3r3n3, BSidesTLV
avatar for Beau Woods

Beau Woods

Atlantic Council/I Am The Cavalry
Beau Woods is a cyber safety Innovation Fellow at the Atlantic Council, and core contributor to the I Am The Cavalry initiative, in addition to Founder/CEO of Stratigos Security, and board member of the non-profits ICS Village and Biohacking Village. Beau works with policymakers... Read More →


Tuesday July 25, 2017 11:30 - 12:25
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

Public Policy of Things
Cybersecurity policy is becoming more and more of a hot topic on Capitol Hill, with topics like the WannaCry outbreak, healthcare cybersecurity, and power grid cybersecurity taking top billing. Jessica will walk through some of the hearings, bills, and events that have happened over the past year, and then discuss how security researchers and the security community at large can get involved to help guide policymakers as they work to address cybersecurity challenges.

Presenters
avatar for Jessica Wilkerson

Jessica Wilkerson

Professional Staff Member, House Energy and Commerce
Jessica Wilkerson is a Professional Staff Member with the House Committee on Energy and Commerce, covering cybersecurity issues across the Committee's broad jurisdiction. As part of that work, she has investigated issues in the telecommunications, commercial, energy, and healthcare... Read More →


Tuesday July 25, 2017 14:00 - 14:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

15:00

Feds
Feds <3 H4ckers. No really, it's true! Some Feds do anyway. We've arranged for some live, tame Feds to make their way out to Las Vegas to prove it! This panel will let them highlight some of the ways they show that they <3 us, and give YOU the BSidesLV participants, a chance to ask questions.

Presenters
avatar for Suzanne Schwartz

Suzanne Schwartz

Associate Director for Science and Strategic Partnerships, Emergency Preparedness/Operations & Medical Countermeasures (EMCM) Director (Acting), FDA's Center for Devices and Radiological Health (CDRH)
Suzanne B. Schwartz, MD, MBA is the Associate Director for Science and Strategic Partnerships in the Center for Devices and Radiological Health (CDRH) at the FDA. She also continues to serve as the Director (Acting) of CDRH’s Emergency Preparedness/Operations and Medical Countermeasures... Read More →
avatar for Jessica Wilkerson

Jessica Wilkerson

Professional Staff Member, House Energy and Commerce
Jessica Wilkerson is a Professional Staff Member with the House Committee on Energy and Commerce, covering cybersecurity issues across the Committee's broad jurisdiction. As part of that work, she has investigated issues in the telecommunications, commercial, energy, and healthcare... Read More →


Tuesday July 25, 2017 15:00 - 15:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Healthcare in Critical Condition
Over the past year, healthcare has been under assault from bad actors, yet has had important bright spots that highlight the progress being made. WannaCry impacted 20% of UK healthcare trusts, and Nyetya/NotPetya hurt patient care Ukranian hospitals for days. Meanwhile, FDA guidance and workshops made clear their expectation that medical device makers will engage with the security research community, and a high-profile example proved the value of collaboration to protect patient safety.

Presenters
avatar for Josh Corman

Josh Corman

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The... Read More →
avatar for Christian Dameff

Christian Dameff

Christian Dameff is an emergency medicine physician and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization... Read More →
avatar for Jeff Tulley

Jeff Tulley

Jeff Tully is a pediatrician and researcher with an interest in understanding the ever-growing intersections between health care and technology. Prior to medical school he worked on “hacking” the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medical... Read More →


Tuesday July 25, 2017 17:00 - 17:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

18:00

HHS Task Force (Panel)
“Healthcare cybersecurity is in critical condition,” announced the US Department of Health and Human Services at the end of its year-long task force, analyzing the current state of the field. Distinguished members of the HHS Task Force will discuss its process, findings, and recommendations. Find out why they felt their own health suffered as a result of serving on the task force. There were no easy problems or solutions.

Presenters
avatar for Josh Corman

Josh Corman

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The... Read More →


Tuesday July 25, 2017 18:00 - 18:25
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30

Internet of Cars
It's been almost a year since the DMCA exemption made hacking your own car legal and 3 years since I Am The Cavalry launched our 5 Star Automotive Cyber Safety Framework. We've had demonstrations of vehicle hacks, research on secure over the air updates, and new open source hardware projects to simplify RE'ing your vehicle. Has there been a wave of vuls in vehicle systems? What are automakers doing to secure connected vehicles? What about that whole Vehicle-to-Vehicle communication mandate? Where is automotive security is going, what has the impact of policy been, and, most importantly - how can more researchers get involved in helping to find solutions to all this? This session will have guest speakers bringing some exciting "inside" perspective to these questions and more.

Presenters
avatar for Abe Chen

Abe Chen

Head of Product Security, NIO
Abe T. Chen is a recognized security leader in end-to-end digital and physical investigations, advanced layered security architectures, compliance/risk mitigation methodologies, and product security. Abe has made a career of successfully bringing bleeding-edge security techniques... Read More →
avatar for Chris King

Chris King

Cyber Defense Manager, Rockwell Automation
Chris is a member of I am the Cavalry and a security researcher focusing on cyber-physical systems, vulnerability disclosure issues, and security policy. At his day job, Chris is the Cyber Defense manager at Rockwell Automation, a leading industrial automation company. He manages... Read More →
avatar for Kevin Tierney

Kevin Tierney

Director - Product Cybersecurity, General Motors
Kevin is a Director of Product Cybersecurity at GM and leads the team focused on in-vehicle security architecture, red team, governance and risk management, and advanced development.


Tuesday July 25, 2017 18:30 - 19:25
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169
 
Wednesday, July 26
 

10:30

Technical Tactics: Embedded Linux Software BOM
Manufacturers in the medical, industrial and automotive industries can no longer just design a product and sell it, unchanged, for a decade. Keeping their products up to date on OS and library versions is crucial for maintaining safety and security. This is a herculean task for many manufacturers. Many do not even know what libraries are installed on their device. Those that do find it hard to keep up to date on known library vulnerabilities.

I will go over how to use open source tools to generate a software Bill of Materials for an embedded linux system (even one you didn't design! *wink wink*) and how to cross reference that BOM with the NIST NVD to search for known 3rd party vulnerabilities. I will then show how to integrate that process into a continuous integration system so that you can get automated updates when new CVEs are discovered.

Presenters
avatar for daniel beard

daniel beard

Vp of Technology, Promenade Software
Daniel is VP of Technology at Promenade Software, a medical device software services company and Director of MedISAO, an information sharing and analysis organization specifically targeting small-to-medium medical device manufacturers. Talk to him about anything regarding medical... Read More →


Wednesday July 26, 2017 10:30 - 10:40
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

10:45

Technical Tactics: Fear & loathing in building management systems
Since December 2015 I've had a bit of an unhealthy obsession with building management systems. Having first identified a building that shouldn't have been on the internet (see itnews.com.au/news/the-it-flaw-that-left-an-aussie-natsec-agency-base-open-to-attack-459743) I had enumerated facilities from airports to nuclear reactors in Australia. This is not however all bad news. Over the past 18-24 months Ive had a range of outcomes with stakeholders from legal threats all the way to pragmatic approaches to securing applications and environments and I wanted to share the lessons I've learnt.

Presenters
avatar for Edward Farrell

Edward Farrell

director, Mercury ISS


Wednesday July 26, 2017 10:45 - 10:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

Lightning Talks: Thinking Different

Beau Woods, Deputy Director of the Cyber Statecraft Initiative and core contributor to I Am The Calvalry, will host discussions on multidisciplinary approaches to solving some of the most important and complex problems in security today. 

Join him for this session at 11 am and the Red/Blue Q&A session that follows at noon.

***

Significant Soft Skills - It Takes a Village

Security requires more than just technical solutions. There’s a difference between knowing how to solve a problem and being able to effectively communicate that to someone else whose buy-in is needed to move things forward. Real impact and change require people to agree to an action plan and put processes in place to ensure the right things happen in a coordinated and repeatable manner.

Caroline Wong, VP of Security Strategy at Cobalt, will share key stories from her career where effective communication was critical to getting the job done (including an e-commerce firm’s response to an international security incident and one CISO’s approach to justifying a 15x information security budget for his team). She will also discuss an approach that any security professional can use to easily talk about risk tolerance with a non-security expert.

***

Healthcare Data Protection Hazards - The Big Picture is Key

Protecting medical data is one of the cyber security industry's top challenges today. Banks and credit card companies now have processes and technology in place to protect customers from financial fraud, but stolen medical records can directly affect someone, potentially for the rest of their life.

Robert Wood, Director of Trust at Nuna, will discuss approaches to identifying and talking about risk effectively; creating stories around various technical and process-related scenarios to communicate what needs to be done to get buy-in for appropriate controls.

***

Cyber Mutual Assistance – Bringing Mutual Assistance to Electric Utility Operators

Owners and operators of the electric grid in the United States are facing an unprecedented number of physical and cyber security risks. This session will discuss the methods that electric utilities are using to address the wide variety of risks, with special focus on a new program called “Cyber Mutual Assistance”

Based on lessons learned from major destructive cyber incidents overseas, and from exercises in North America, the Cyber Mutual Assistance program was developed. It is an extension of the electric power industry’s longstanding approach of sharing critical personnel and equipment when responding to emergencies.

David Batz, Senior Director of Cyber & Infrastructure Security at Edison Electric Institute, will be providing information about the Cyber Mutual Assistance program, one example of a variety of industry initiatives developed by the Electricity Subsector Coordinating Council (ESCC) to provide resilience and restoration capability to entities in the electricity sector.

***

Stopping a Cyber Hurricane - A Call for Proactive National Cybersecurity

A hurricane and malicious cyber activity are analogous based on their ability to affect our nation’s critical infrastructure, our safety, and our security. But, hurricanes are unpredictable, natural events in a domain no human can control, while significant malicious cyber activity starts in a human’s mind and exists in a domain humans exert some control over. Current US government efforts to counter significant malicious cyber activity are focused on using existing agencies to prepare for and react to these threats.

Steven Luczynski, Deputy Director of Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon, will discuss methods for the government and private industry to take a more proactive approach to counter these threats before they can affect our nation. The potential exists to build upon the model used in the fight against drug trafficking to synchronize capabilities across a wide-range of government agency authorities, in conjunction with improved private industry participation. While there are numerous legal and regulatory concerns to address, it will take leadership from all levels, particularly from the bottom up, to initiate the effort required to solve these complex issues.


Presenters
avatar for David Batz

David Batz

Senior Director, Cyber & Infrastructure Security, Edison Electric Institute
With over 20 years of electric company experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition, Mr. Batz leverages a decade of energy regulatory compliance as well... Read More →
avatar for Steven Luczynski

Steven Luczynski

CISO, T-Rex Solutions, LLC
Steve Luczynski currently serves as the Deputy Director, Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon. He works with national policymakers, interagency counterparts, and combatant command staff to support the Department of Defense mission... Read More →
avatar for Caroline Wong

Caroline Wong

Chief Security Strategist, Cobalt.io
Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital (now Synopsys). She is currently VP of Security Strategy at Cobalt, a company that connects... Read More →
avatar for Robert Wood

Robert Wood

Chief Security Officer, Simon Data
Robert Wood is a security technologist, strategic advisor, and speaker. He currently leads the security efforts at Simon Data where he is responsible for security, privacy, compliance, and overall risk management. After working as a consultant for many years, Robert made the switch... Read More →



Wednesday July 26, 2017 11:00 - 11:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

12:00

Red/Blue Q&A: Pressure Test Lightning Talk Ideas
Following up on their Lightning Talks, the four presenters will let the audience explore their ideas in more detail and pressure test their assumptions. A little friendly red teaming and improv can improve effectiveness.

Presenters
avatar for David Batz

David Batz

Senior Director, Cyber & Infrastructure Security, Edison Electric Institute
With over 20 years of electric company experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition, Mr. Batz leverages a decade of energy regulatory compliance as well... Read More →
avatar for Steven Luczynski

Steven Luczynski

CISO, T-Rex Solutions, LLC
Steve Luczynski currently serves as the Deputy Director, Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon. He works with national policymakers, interagency counterparts, and combatant command staff to support the Department of Defense mission... Read More →
avatar for Caroline Wong

Caroline Wong

Chief Security Strategist, Cobalt.io
Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital (now Synopsys). She is currently VP of Security Strategy at Cobalt, a company that connects... Read More →
avatar for Robert Wood

Robert Wood

Chief Security Officer, Simon Data
Robert Wood is a security technologist, strategic advisor, and speaker. He currently leads the security efforts at Simon Data where he is responsible for security, privacy, compliance, and overall risk management. After working as a consultant for many years, Robert made the switch... Read More →


Wednesday July 26, 2017 12:00 - 12:25
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

14:00

IATC Cyber Crisis Simulation
A SIMULATED crisis is unfolding on a national scale. Triggered by a yet-unknown adversary, what started as a technical issue has become a society-wide impact, affecting millions of citizens, several industries, and spanning government jurisdictions. Who is in charge, how do they cooperate with others, and how do they make decisions? BSidesLV and I Am The Cavalry are teaming up with the Atlantic Council to bring public policy makers together with security researchers and others, to find out how our nation would respond to a widescale “Cyber” crisis.

Presenters
avatar for Josh Corman

Josh Corman

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The... Read More →
avatar for Jay Healey

Jay Healey

Sr. Research Scholar, Columbia School of International Policy Affairs
Jason Healey is Sr. Research Scholar at Columbia University School for Int’l and Public Affairs. He is a Senior Fellow and previously was Director of the Cyber Statecraft Initiative of the Atlantic Council. Healey edited A Fierce Domain: Cyber Conflict, 1986 to 2012 and co-authored Cyber... Read More →
avatar for Beau Woods

Beau Woods

Atlantic Council/I Am The Cavalry
Beau Woods is a cyber safety Innovation Fellow at the Atlantic Council, and core contributor to the I Am The Cavalry initiative, in addition to Founder/CEO of Stratigos Security, and board member of the non-profits ICS Village and Biohacking Village. Beau works with policymakers... Read More →


Wednesday July 26, 2017 14:00 - 15:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

IATC Mock Congressional Hearing
In the wake of a crisis, people inevitibly want answers. Who knew what, when? What could have been done to prevent it? Who will be held accountable? In the wake of our simulated crisis, we will hold a simulated Congressional hearing. Hard questions, grand standing, and much audience participation are expected, though no one will go to jail for perjury. We don't think. Led by current and former Congressional staff, some of our community who have actually testified before Congress will be in the hot seat and BSidesLV participants will get the chance to grill them...and maybe get grilled themselves. 

Presenters
avatar for Jay Healey

Jay Healey

Sr. Research Scholar, Columbia School of International Policy Affairs
Jason Healey is Sr. Research Scholar at Columbia University School for Int’l and Public Affairs. He is a Senior Fellow and previously was Director of the Cyber Statecraft Initiative of the Atlantic Council. Healey edited A Fierce Domain: Cyber Conflict, 1986 to 2012 and co-authored Cyber... Read More →
avatar for Jessica Wilkerson

Jessica Wilkerson

Professional Staff Member, House Energy and Commerce
Jessica Wilkerson is a Professional Staff Member with the House Committee on Energy and Commerce, covering cybersecurity issues across the Committee's broad jurisdiction. As part of that work, she has investigated issues in the telecommunications, commercial, energy, and healthcare... Read More →


Wednesday July 26, 2017 17:00 - 18:45
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

18:45

IATC Closing
Time to say goodbye, until next year. 

Wednesday July 26, 2017 18:45 - 18:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169