Loading…
BSidesLV 2017 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

I Am The Cavalry [clear filter]
Tuesday, July 25
 

14:00

Public Policy of Things
Cybersecurity policy is becoming more and more of a hot topic on Capitol Hill, with topics like the WannaCry outbreak, healthcare cybersecurity, and power grid cybersecurity taking top billing. Jessica will walk through some of the hearings, bills, and events that have happened over the past year, and then discuss how security researchers and the security community at large can get involved to help guide policymakers as they work to address cybersecurity challenges.

Presenters
avatar for Jessica Wilkerson

Jessica Wilkerson

Professional Staff Member, House Energy and Commerce
Jessica Wilkerson is a Professional Staff Member with the House Committee on Energy and Commerce, covering cybersecurity issues across the Committee's broad jurisdiction. As part of that work, she has investigated issues in the telecommunications, commercial, energy, and healthcare... Read More →


Tuesday July 25, 2017 14:00 - 14:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

17:00

Healthcare in Critical Condition
Over the past year, healthcare has been under assault from bad actors, yet has had important bright spots that highlight the progress being made. WannaCry impacted 20% of UK healthcare trusts, and Nyetya/NotPetya hurt patient care Ukranian hospitals for days. Meanwhile, FDA guidance and workshops made clear their expectation that medical device makers will engage with the security research community, and a high-profile example proved the value of collaboration to protect patient safety.

Presenters
avatar for Josh Corman

Josh Corman

Joshua Corman is a Founder of I am The Cavalry (dot org) and CSO for PTC. Corman previously served as Director of the Cyber Statecraft Initiative for the Atlantic Council, CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The... Read More →
avatar for Christian Dameff

Christian Dameff

Christian Dameff is an emergency medicine physician and researcher. Published works include topics such as therapeutic hypothermia after cardiac arrest, novel drug targets for myocardial infarction patients, and other Emergency Medicine related works with an emphasis on CPR optimization... Read More →
avatar for Jeff Tulley

Jeff Tulley

Jeff Tully is a pediatrician and researcher with an interest in understanding the ever-growing intersections between health care and technology. Prior to medical school he worked on “hacking” the genetic code of Salmonella bacteria to create anti-cancer tools, and throughout medical... Read More →


Tuesday July 25, 2017 17:00 - 17:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

18:30

Internet of Cars
It's been almost a year since the DMCA exemption made hacking your own car legal and 3 years since I Am The Cavalry launched our 5 Star Automotive Cyber Safety Framework. We've had demonstrations of vehicle hacks, research on secure over the air updates, and new open source hardware projects to simplify RE'ing your vehicle. Has there been a wave of vuls in vehicle systems? What are automakers doing to secure connected vehicles? What about that whole Vehicle-to-Vehicle communication mandate? Where is automotive security is going, what has the impact of policy been, and, most importantly - how can more researchers get involved in helping to find solutions to all this? This session will have guest speakers bringing some exciting "inside" perspective to these questions and more.

Presenters
avatar for Abe Chen

Abe Chen

Head of Product Security, NIO
Abe T. Chen is a recognized security leader in end-to-end digital and physical investigations, advanced layered security architectures, compliance/risk mitigation methodologies, and product security. Abe has made a career of successfully bringing bleeding-edge security techniques... Read More →
avatar for Chris King

Chris King

Cyber Defense Manager, Rockwell Automation
Chris is a member of I am the Cavalry and a security researcher focusing on cyber-physical systems, vulnerability disclosure issues, and security policy. At his day job, Chris is the Cyber Defense manager at Rockwell Automation, a leading industrial automation company. He manages... Read More →
avatar for Kevin Tierney

Kevin Tierney

Director - Product Cybersecurity, General Motors
Kevin is a Director of Product Cybersecurity at GM and leads the team focused on in-vehicle security architecture, red team, governance and risk management, and advanced development.


Tuesday July 25, 2017 18:30 - 19:25
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169
 
Wednesday, July 26
 

10:30

Technical Tactics: Embedded Linux Software BOM
Manufacturers in the medical, industrial and automotive industries can no longer just design a product and sell it, unchanged, for a decade. Keeping their products up to date on OS and library versions is crucial for maintaining safety and security. This is a herculean task for many manufacturers. Many do not even know what libraries are installed on their device. Those that do find it hard to keep up to date on known library vulnerabilities.

I will go over how to use open source tools to generate a software Bill of Materials for an embedded linux system (even one you didn't design! *wink wink*) and how to cross reference that BOM with the NIST NVD to search for known 3rd party vulnerabilities. I will then show how to integrate that process into a continuous integration system so that you can get automated updates when new CVEs are discovered.

Presenters
avatar for daniel beard

daniel beard

Vp of Technology, Promenade Software
Daniel is VP of Technology at Promenade Software, a medical device software services company and Director of MedISAO, an information sharing and analysis organization specifically targeting small-to-medium medical device manufacturers. Talk to him about anything regarding medical... Read More →


Wednesday July 26, 2017 10:30 - 10:40
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

10:45

Technical Tactics: Fear & loathing in building management systems
Since December 2015 I've had a bit of an unhealthy obsession with building management systems. Having first identified a building that shouldn't have been on the internet (see itnews.com.au/news/the-it-flaw-that-left-an-aussie-natsec-agency-base-open-to-attack-459743) I had enumerated facilities from airports to nuclear reactors in Australia. This is not however all bad news. Over the past 18-24 months Ive had a range of outcomes with stakeholders from legal threats all the way to pragmatic approaches to securing applications and environments and I wanted to share the lessons I've learnt.

Presenters
avatar for Edward Farrell

Edward Farrell

director, Mercury ISS


Wednesday July 26, 2017 10:45 - 10:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

11:00

Lightning Talks: Thinking Different

Beau Woods, Deputy Director of the Cyber Statecraft Initiative and core contributor to I Am The Calvalry, will host discussions on multidisciplinary approaches to solving some of the most important and complex problems in security today. 

Join him for this session at 11 am and the Red/Blue Q&A session that follows at noon.

***

Significant Soft Skills - It Takes a Village

Security requires more than just technical solutions. There’s a difference between knowing how to solve a problem and being able to effectively communicate that to someone else whose buy-in is needed to move things forward. Real impact and change require people to agree to an action plan and put processes in place to ensure the right things happen in a coordinated and repeatable manner.

Caroline Wong, VP of Security Strategy at Cobalt, will share key stories from her career where effective communication was critical to getting the job done (including an e-commerce firm’s response to an international security incident and one CISO’s approach to justifying a 15x information security budget for his team). She will also discuss an approach that any security professional can use to easily talk about risk tolerance with a non-security expert.

***

Healthcare Data Protection Hazards - The Big Picture is Key

Protecting medical data is one of the cyber security industry's top challenges today. Banks and credit card companies now have processes and technology in place to protect customers from financial fraud, but stolen medical records can directly affect someone, potentially for the rest of their life.

Robert Wood, Director of Trust at Nuna, will discuss approaches to identifying and talking about risk effectively; creating stories around various technical and process-related scenarios to communicate what needs to be done to get buy-in for appropriate controls.

***

Cyber Mutual Assistance – Bringing Mutual Assistance to Electric Utility Operators

Owners and operators of the electric grid in the United States are facing an unprecedented number of physical and cyber security risks. This session will discuss the methods that electric utilities are using to address the wide variety of risks, with special focus on a new program called “Cyber Mutual Assistance”

Based on lessons learned from major destructive cyber incidents overseas, and from exercises in North America, the Cyber Mutual Assistance program was developed. It is an extension of the electric power industry’s longstanding approach of sharing critical personnel and equipment when responding to emergencies.

David Batz, Senior Director of Cyber & Infrastructure Security at Edison Electric Institute, will be providing information about the Cyber Mutual Assistance program, one example of a variety of industry initiatives developed by the Electricity Subsector Coordinating Council (ESCC) to provide resilience and restoration capability to entities in the electricity sector.

***

Stopping a Cyber Hurricane - A Call for Proactive National Cybersecurity

A hurricane and malicious cyber activity are analogous based on their ability to affect our nation’s critical infrastructure, our safety, and our security. But, hurricanes are unpredictable, natural events in a domain no human can control, while significant malicious cyber activity starts in a human’s mind and exists in a domain humans exert some control over. Current US government efforts to counter significant malicious cyber activity are focused on using existing agencies to prepare for and react to these threats.

Steven Luczynski, Deputy Director of Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon, will discuss methods for the government and private industry to take a more proactive approach to counter these threats before they can affect our nation. The potential exists to build upon the model used in the fight against drug trafficking to synchronize capabilities across a wide-range of government agency authorities, in conjunction with improved private industry participation. While there are numerous legal and regulatory concerns to address, it will take leadership from all levels, particularly from the bottom up, to initiate the effort required to solve these complex issues.


Presenters
avatar for David Batz

David Batz

Senior Director, Cyber & Infrastructure Security, Edison Electric Institute
With over 20 years of electric company experience, David Batz brings significant industry knowledge in understanding and applying appropriate security solutions to address emerging threats and issues. In addition, Mr. Batz leverages a decade of energy regulatory compliance as well... Read More →
avatar for Steven Luczynski

Steven Luczynski

CISO, T-Rex Solutions, LLC
Steve Luczynski currently serves as the Deputy Director, Cyber Plans and Operations for the Under Secretary of Defense for Policy at the Pentagon. He works with national policymakers, interagency counterparts, and combatant command staff to support the Department of Defense mission... Read More →
avatar for Caroline Wong

Caroline Wong

Chief Security Strategist, Cobalt.io
Caroline is a dynamic cybersecurity expert with more than a decade of industry experience as a day-to-day manager at eBay and Zynga, product manager at Symantec, and managing consultant at Cigital (now Synopsys). She is currently VP of Security Strategy at Cobalt, a company that connects... Read More →
avatar for Robert Wood

Robert Wood

Chief Security Officer, Simon Data
Robert Wood is a security technologist, strategic advisor, and speaker. He currently leads the security efforts at Simon Data where he is responsible for security, privacy, compliance, and overall risk management. After working as a consultant for many years, Robert made the switch... Read More →



Wednesday July 26, 2017 11:00 - 11:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169

18:45

IATC Closing
Time to say goodbye, until next year. 

Wednesday July 26, 2017 18:45 - 18:55
IATC (Siena) 255 E Flamingo Rd, Las Vegas, NV 89169