Event details
When: Friday, February 18, 2011
Where: House of Blues Downtown Cleveland (Cambridge Room)
Cost: Free (as always!)
RSVP: Registration is SOLD OUT! Sorry, you need to be pre-registered to attend.
Follow us on the Twitter: @BSidesCLE
Invite your friends by posting this on Twitter: "#BSidesCLE February 18, 2011: Discover the next big thing! http://bit.ly/BSidesCLE"
Sponsors
| Your organization's name would look awesome right here. Contact bsidescle@gmail.com if interested in sponsoring! |
Event Sponsors
|
|
| |
|
|
Schedule
Day 1
| [Day] - [Date] |
Track 1
|
| 9:00 AM - 10:00 AM |
Name: Jeff "ghostnomad" Kirsch
Talk: Please Step Away from the Binaries: Educating Security
|
10:00 AM- 11:00 AM
|
Name: Bill Sempf
Talk: Are You Aware Of Claims
|
|
11:00 AM - 12:00 PM
|
Name: Mick Douglas
Talk: Blue Team is Sexy -- Refocusing on Defense
|
12:00 PM - 1:00 PM
|
LUNCH!!!
|
|
1:00 PM - 2:00 PM
|
Name: Gary Sheehan
Talk: Building an Effective IT GRC Environment
|
| 2:00 PM - 3:00 PM |
Name: Steve Ocepek / nosteve
Talk: thicknet: it does more than Oracle
|
| 3:00 PM - 4:00 PM |
Name: Steve Jaworski
Talk: Where's the Flow?
|
| 4:00 PM - 5:00 PM |
Name: Dave Kennedy (ReL1K)
Talk: Where we at? A look at Information Security
|
| 5:00 PM - 5:30 PM |
Live performance by Int0x80 from DualCore |
Talks
Name: Dave Kennedy (ReL1K)
Title: Where we at? A look at Information Security
Abstract: The Information Security field has grown into something few imagined. From regulatory and compliance to dedicated security personnel, security is a field that technology birthed and it's not going away anytime soon. Like any new field, it has its share of concerns and problems but how are we looking as a whole? We have more and more budget being spent every year on protecting our organizations from hackers, and yet we continuously see a large trend of breaches and attacks largely successful. As an industry we are getting there slowly, but with anything in technology we have to be fluid, responsive, and proactive. This talk is a look at the Information Security field, what we are doing to protect ourselves and where we need to go. In traditional Dave fashion, we'll be showing some cutting-edge hacks and breaking things, and a look at what's to come. Welcome to 2011, a new year, a new set of breaches, a new set of regulations, and a new set of attacks.
Speaker Bio: David Kennedy (ReL1K) is a security ninja and penetration tester that likes to write code, break things, and develop exploits. Dave is on the BackTrack development team and heavily involved with the Social-Engineer Framework. David continues (and strives) to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nation’s largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has (responsibly) released a number of public exploits. David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation.
Name: Steve Jaworski
Title: Where's the Flow?
Abstract: Do you need to see every conversation on your network, but cannot afford to put sensors everywhere. Using flow based technologies such as sFlow and Netflow will make you life easier. Imagine being able to look deep into your network to find IP attacks, SPAM, data leakage, or new P2P applications with your existing network infrastructure. This presentation will cover different flow technologies and how you can use them to improve your security posture.
Speaker Bio: Steve Jaworski is an Associate with Booz | Allen | Hamilton supporting a DoD client. He is an information security professional with more than 12+ years experience in enterprise IT. Some of his security interests are network flow analysis, log analysis, and wireless security. Steve has a Bachelors of Science in Information Systems from Baldwin-Wallace College. When not sniffing packets, Steve presents on various security topics in the Northeast Ohio area. Steve is a SANS mentor and maintains five GIAC certifications the GSEC, GCFA, GCFW, GCIH and GCIA.
Name: Mick Douglas
Title: Blue Team is Sexy -- Refocusing on Defense
Abstract: The Pen Testers (aka Red Team) get all the glory... and they shouldn't! It's time the defenders get their due. This talk will illustrate the most effective defenses currently employed and provide tips and tricks for how any organization can up their game to make things much rougher on the bad guys, and better prove their worth to management so limited funding is protected appropriately.
Speaker Bio: Mick is a white hat hacker who hates the term white hat. He is a member of the PaulDotCom podcast. While he will join in pentests, his passion is network and system defense.
Name: Jeff "ghostnomad" Kirsch
Title: Please Step Away from the Binaries: Educating Security
Abstract: In a traditional educational environment we are taught in a linear, binary fashion. We are presented with a topic, drilled on the topic, tested on the topic, and pass or fail on the topic. Regardless of the outcome, we move on to build upon each part of the foundation we are given. As time has gone on we discovered not everyone learns the same way or at the same pace, so we identified the road blocks we faced and were given assistance in our areas of weakness. Yet after we leave school and enter the workforce we often fall back into the binary type of education/awareness where we pass or fail and remediation is granted after we fail too many times. There are new approaches in place today in the education system that can benefit the way we address security education/awareness programs and ultimately make our organizations stronger. In this discussion we will focus on topics like Response to Intervention and the three tier model, progress monitoring, and making security not seem so hard for general users.
Speaker Bio: After 14 years as both an internal/external auditor, I decided to "see the light" and got into the field of information security. Most of my time in audit was spent reviewing IT systems in both the private and public sector. Being a father of four young children helps me keep things simple, while being married to a School Neuropsychologist helps me understand the way people think and learn. I have tried to bring a different perspective by associating real life events with information security at my blog ghostnomad.com while I try to simplify the complexities of Technology through the simplicity of Haiku at it-haik.com.
Name: Gary Sheehan
Title: Building an Effective IT GRC Environment
Abstract: Information technology governance, compliance and security play an integral role in managing enterprise risk. To be effective, risk and security must be addressed from a business perspective, using business terminology and metrics. The most efficient way to deal with the ever-growing array of regulations, risk management requirements and governance requirements is to establish a GRC program founded in frameworks. This presentation is going to focus on some of the issues and solutions surrounding GRC. In this presentation you will see what has made past GRC implementations fail and succeed.
Speaker Bio: Gary is the Director of GRC Services and Solutions for Advanced Server Management Group, Inc. He has over 25 years experience in information technology with over 20 years experience in information security, specializing in security management, assessments, policy and awareness development, compliance and security project management. He has worked in a variety of industries, including manufacturing, chemical, insurance, and banking. Prior to ASMGi, Gary was a Managing Consultant with Wolcott Group where he advised and assisted customers with their governance, compliance, risk and security needs. Gary has a B.A. in Business Administration from Baldwin-Wallace College. He is the founder of the Information Security Summit, now in its 9th year. He received his CISSP certification in 2002, attended the FBI Citizen’s Academy in 2006 and received his HISP certification 2007.
Name: Steve Ocepek / nosteve
Title: thicknet: it does more than Oracle
Abstract: thicknet came out last year, and that lazy good-for-nothing nosteve hasn't written any new modules for it since. It started as a man-in-the-middle tool for Oracle, but it's supposed to be easy to target other protocols. This presentation serves as a burning to-do item that will force that lazybones to make it do something new. In the process, people will learn how to roll their own thicknet modules through the wonders of pcap analysis.
Speaker Bio: Steve Ocepek is the director of security research at Trustwave's SpiderLabs, where he is in charge of keeping the wiresharks fed. Prior to SpiderLabs, Steve created NAC based on a hallucination, sold it to cowboys, got stung by a scorpion, and wandered out of sales engineer training. Now he's just trying to find his keys.
Name: Bill Sempf
Title: Are You Aware Of Claims
Abstract: Escalation of privilege is based on a model of security that is driven by roles and groups for a given application. I am in the Administrator role, the Accounting group contains your username. What if instead you carried a token with a verifiable set of claims about your identity? One that is encrypted, requires no round trip to an authorization server, and can be coded against in a native API? Would that bring more security to our government and medical applications? Or is it just as full of holes as everything else? Join Bill in checking out Claims Based Security via Windows Identity Foundation, and see if it fixes problems or is the problem.
Speaker Bio: In 1992, Bill Sempf was working as a systems administrator for The Ohio State University under Sandy Wambold, and formalized his career-long association with internetworking. While working for one of the first ISPs in Columbus in 1995, he built the second major web-based shopping center, Americash Mall, using Cold Fusion and Oracle. Bill’s focus started to turn to security around the turn of the century. Internet driven viruses were becoming the norm by this time, and applications were susceptible to attack like never before. In 2003, Bill wrote the security and Deployment chapters of the often-referenced Professional ASP.NET Web Services for Wrox, and began his career in pen testing and threat modeling with a web services analysis for the Ohio Department of Health. Currently, Bill is working as a security-minded software architect specializing in the Microsoft space. He has recently designed a global architecture for a telecommunications web portal, modeled threats for a global travel provider, and provided identity policy and governance for the State of Ohio. Additionally, he is actively publishing, with the C# 2010 All In One available now, and Programming Data (with Chris Sells) coming out next year.
Planners
- Tom Eston, Matt Neely, Chris Clymer, Greg Feezel (Sponsors get positions on the planning/CFP committee..contact us if you want to be a sponsor!!)
Volunteers
Participants
- Registration open January 3, 2011 and closes February 14th.
Task List
(please -cross out- when it's done)
Tech
Wifi
Projector, White Boards
Photo
Video
Audio
Streaming or Stickam or Skype
Non-tech
Breakfast
Lunch
Coffee/Tea
Tables and chairs
Tags for flickr, twitter, blog, etc.
Please use the tag #BSidesCLE for content related to this event
Who's blogging?
Comments (0)
You don't have permission to comment on this page.