RSA Conference US Podcast

Trevor Hughes , President & CEO , International Association of Privacy Professionals  As privacy issues continue to explode in the marketplace, we consistently see Facebook, Google, Microsoft and Mozilla in the middle of the debate.  The issues vary—Do Not Track, mobile privacy, third-party applications and social media are all creating very challenging privacy questions.  Join this executive panel of privacy leaders as we explore the state of privacy in the online and IT worlds.  J. Trevor Hughes is the president and CEO of the International Association of Privacy Professionals (IAPP). In this role, Hughes leads the world’s largest association of privacy professionals.  A native of Canada, Hughes is an experienced attorney in privacy, technology and marketing law. He has provided testimony before the U.S. Congress Commerce Committee, the Senate Commerce Committee, the Federal Trade Commission, the Home Affairs Committee of the British Parliament and the EU Parliament on issues of privacy, surveillance, spam and privacy-sensitive technologies.  Hughes previously served as the executive director of the Network Advertising Initiative, a leading online privacy trade association He is an adjunct professor of law at the University of Maine School of Law.  Download <09:19>

Katrina Rodzon, Manager of Security Behavior Design, MAD Security  Her last 9 years have been spent studying psychology and ways to modify and study human behavior. From learning about the power of social pressure on group behavior to how subtle changes in reinforcement can drastically change individual behavior, Katrina has spent the better part of a decade learning how humans work and now applies that to security awareness. When she is not testing the effectiveness of different methods of training, she helps with everything from curriculum development to security awareness video creation.  Download <03:39>

Dave Asprey, Vice President of Cloud Security, Trend Micro  As Vice President of Cloud Security at Trend Micro, Dave Asprey is responsible for thought leadership and technology evangelism for Trend Micro’s cloud computing and virtualization businesses. He is the author of the upcoming book Cloud Networking Simplified (Prentice Hall 2013).  Dave created and launched two early cloud computing service offerings, and his writing on the cloud has been published by the New York Times, GigaOm, Fortune, and he’s been featured on CNN, Forbes, ABC Nightline, and Fast Company. He co-chairs the Cloud Security Alliance Virtualization Working Group and sat on RSA China’s Program Committee. He is a sought-after speaker and panel moderator who has presented at more than 100 cloud, virtualization, and security conferences globally, and previously ran the Web & Internet Systems Engineering Program for the University of California.  Dave joined Trend Micro after a being cloud Entrepreneur in Residence at venture capital firm Trinity Ventures, co-founding a cloud startup, and selling a web-based virtual desktop startup. He was previously VP of Technology & Corporate Development at Blue Coat Systems, ran strategic planning for Citrix’s Virtualization Business Unit, and began his career in the cloud as a co-founder of the professional services group at cloud pioneer Exodus Communications. Tech startups Dave worked for have created more than $1.5 billion in acquisition value.   Download <03:31>

Jay Jacobs, Principal, Verizon Business Bob Rudis, Director of Enterprise Security & IT Risk Management, Liberty Mutual Insurance  Jay Jacobs is an author of the Verizon Data Breach Investigations Report and Principal at Verizon Business specializing in information security data analysis. Prior to joining Verizon, he focused on risk management and analysis and designed and implemented cryptographic solutions.  He is a co-founder of the Society of Information Risk Analysts and currently serves on the organization’s board of directors.  He is also one of the primary authors of the OpenPERT project, an open-source Excel plug-in for risk analysis.   Bob Rudis is Director of Enterprise Security & IT Risk Management for Liberty Mutual Insurance. He has over 20 years of experience building solutions for & defending global Fortune 100 enterprises across a wide spectrum of industry sectors. He is a vocal advocate for developing engaging security awareness programs, adopting a business-centric, risk-based approach to security solutions &  Download <04:56>

Gib Sorebo, Chief Cybersecurity Technologist, SAIC  Gib Sorebo is a Chief Cyber Security Technologist and Vice President for SAIC where he assists government and private sector organizations in complying with legal and regulatory requirements.  he has been working in the information technology industry for more than twenty years in both the public and private sector.  He oversees and coordinates cyber security activities within the energy sector and established the SAIC Smart Grid Security Solutions Center for product security testing and solution development; contributing to a variety of other smart grid security research efforts.  He has co-authored a book on Smart Grid Security that was released last December.  Download <06:38>

Philippe Courtot, Chairman and Chief Executive Officer,  Qualys  The hyperconnected world of intelligent devices is now today's reality. We live in a new era where everyone and everything is powered by devices that collect and process information with context from multiple areas to make decisions. This keynote examines the disruptions intelligent devices are having on the current security model based on identity and trust, and outlines the fundamental changes required to secure this new era.  Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Courtot has worked with thousands of companies to improve their IT security and compliance postures. He received the SC Magazine Editor's Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. Courtot is a member of the board of directors for StopBadware.org, and in 2012, he launched the Trustworthy Internet Movement, a nonprofit, vendor-neutral organization committed to resolving the problems of Internet security, privacy and reliability. Download <11:27>  

Michael Fey, Chief Technology Officer, McAfee  McAfee's Worldwide CTO, Michael Fey, warns the current trajectory of the security landscape will lead to industry failure. Security experts must apply a new set of fundamentals to protect the always–on, always–connected enterprise of the future. Learn what IT professionals must do today to prepare for what's on the horizon tomorrow and how strategies must change to account for all threat vectors. Michael Fey is worldwide chief technology officer for McAfee, responsible for overseeing the Office of the CTO including the management of McAfee's team of regional and sector CTOs and go–to–market teams, as well as ensuring the success of global sales engineers and advanced technology groups. Prior to his current role, Fey was Senior Vice President of field sales engineering and advanced technology at McAfee, responsible for collaborating with global customers and prospects to define, design, and implement strategic security solutions. Before McAfee, he held multiple technical management positions at Opsware and Mercury Interactive. Fey is a co–author of "Security Battleground: an Executive Field Manual", which provides guidance to executives who find themselves shouldering oversight responsibility for information security.  Download <09:33>

GW Ray Davidson, Professor of Practice, SANS Technology Institute Ronald Woerner, Director, Cybersecurity Studies, Bellevue University  GW Ray Davidson received his Ph.D. in engineering from Purdue University, and worked as a pharmaceutical scientist for the first half of his career. This gave him intimate familiarity with the challenges of a regulated industry. After a dozen years in research, Davidson was seduced by the flashing lights and bright colors of corporate IT, and used his middle management position to take a leadership role in securing the enterprise. After contributing personally to his employer's downsizing effort, he taught Networking and Security at Purdue's Calumet campus for two years before taking his current position as Professor of Practice at the SANS Technology Institute. He holds numerous industry certifications and lives in Kalamazoo Michigan.  Ron Woerner, CISSP, a noted speaker and writer in the Security industry is the Director of Cybersecurity Studies at Bellevue University.  Woerner has over 20 years IT and Security experience and has established the security practices for multiple Midwest companies including CSG Systems, ConAgra Foods and TD Ameritrade.  He earned degrees from Michigan State University and Syracuse University. He was awarded the CISSP, Certified Ethical Hacker (CEH) and Toastmasters Advanced Communicator and Leader designations.  He loves to talk to others who are passionate about Security and Privacy.  Download <06:10>

Seth Wilson, Information Security, Twitter  Seth R. Wilson is a senior auditor at Twitter, with over 5 years of audit experience in the Risk Assurance practice at PricewaterhouseCoopers working with companies in the Internet, Software, Semiconductor and Networking industries, including multiple Fortune 500 companies. Wilson has performed business process IT audits, operational audits, ERP systems implementation assurance, SOX404, ISO27000 and PCI compliance. He has over 5 years of experience assessing the design and operation of information security controls and control testing. He earned his B.S. in Management Information Systems at the University of Arizona. He is CISA certified and is a member of the ISACA Silicon Valley Chapter.  Download <05:25>

Ed Skoudis , CEO , Counterhack Two attack vectors account for 90%+ of successful intrusions grabbing sensitive information. Both are gaining new sophistication and 3 new vectors are demonstrating how innovative attackers can be. In this session, two people in unique positions to understand the newest attacks will illuminate the 5 most dangerous new attack vectors and describe how attack vectors may evolve over the coming year. Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including NetWars, Cyber Quests, and Cyber Foundations.  Ed also provides security research and consulting services, along with expert witness support for large-scale breach cases.  At the request of White House personnel, he helped analyze the Trusted Internet Connection architecture, and also was the main author of the SANS Top 20 Critical Controls.  Ed's expertise includes hacker attacks and defenses, and the information security industry, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504).   Download <07:48>

Christofer Hoff, Chief Security Architect, Juniper Networks New application architectures, programmatic languages and frameworks, the (un)availability of exposed platform security capabilities combined with virtual/physical networking and workload mobility are beginning to stress our "best practices" from a security perspective. What are the real security issues (or hype) of Software Defined Networking (SDN) and the vision of the Software Defined Datacenter? Christofer Hoff is a Senior Director at Juniper Networks where he serves as Chief Security Architect responsible for worldwide security solutions architecture, customer advocacy, field enablement and security evangelism. Hoff was previously Director of Cloud & Virtualization Solutions at Cisco Systems where he focused on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities. Prior to Cisco, he was Unisys Corporation’s Chief Security Architect, served as Crossbeam Systems' Chief Security Strategist, was the CISO and director of enterprise security and was founder/CTO of a national security consultancy amongst other startup endeavors.  Download <10:08>

Christopher Pierson, Executive Vice President, Chief Security Officer and Chief Compliance Officer, LSQ Holdings James Shreve, Attorney, BuckleySandler LLP  Dr. Chris Pierson is the EVP, CSO/CCO for LSQ Holdings where he oversees its cybersecurity and compliance program.  Prior to joining LSQ, Pierson was the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s U.S. banking operations.  He was also a corporate attorney for Lewis and Roca where he established its Cybersecurity Practice and advised on data breaches. He serves as an appointed member for the DHS Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee providing advice and guidance to the Secretary and Chief Privacy Officer.  He is also a Distinguished Fellow of the Ponemon Institute. He is a graduate of Boston College (B.A., M.A.) and The University of Iowa (Ph.D., J.D.). He speaks at national events and is frequently quoted on cybersecurity.  James T. Shreve (CIPP) is an attorney in the Washington, DC, office of BuckleySandler LLP.  Shreve represents financial services industry and other clients in a wide range of compliance matters with a focus on privacy and data security issues.  His practice includes advising clients regarding information sharing limitations, safeguarding and disposal requirements, privacy and data security policies, identity theft red flags programs, privacy and data security provisions in contracts and drafting privacy notices.  He also has assisted clients in addressing hundreds of data security incidents.  He is a frequent speaker at conferences (including RSA Conference, ISSA, ISC2, IAPP) on data security and privacy topics and he has authored several articles on these subjects.  Download <08:11>

Samuel Merrell, Member of the Technical Staff, Carnegie Mellon University, Software Engineering Institute, CERT Matthew Butkovic, Team Lead-Critical Infrastructure Protection, Carnegie Mellon University  As a part of the Infrastructure Resilience Team at CERT®, Samuel Merrell works with the U.S. Department of Homeland Security to assist Critical Infrastructure and Key Resource owners and operators to improve their information security management practices. This work has included co-developing a cybersecurity diagnostic assessment that has been used by DHS hundreds of times across the 18 Critical Infrastructure sectors.  Merrell is also a co-author of the Department of Energy’s Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2).  Matthew Butkovic leads critical infrastructure protection efforts within the Infrastructure Resilience team of the CERT Program at the Software Engineering Institute. As a member of the team, Butkovic performs critical infrastructure protection research and develops methods, tools and techniques for managing risk. He has more than 15 years of managerial and technical experience in information technology (particularly information systems security, process design and audit) across the banking and manufacturing sectors.  Prior to joining CERT in 2010, he was leading information security and business continuity efforts for a Fortune 500 manufacturing organization. He is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).  Download <04:44>

Bruce Schneier, Chief Security Technology Officer, BT Feudalism is an apt model for security today.  We pledge our allegiance to service providers, and expect them to provide us with security in return.  Too often, this security is completely opaque, with results all over the map.  Navigating this new world of feudal security is going to be the major challenge for CISOs in the current decade.  This talk examines both the challenges and the solutions. Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 12 books -- including his latest best-seller Liars and Outliers: Enabling the Trust Society Needs to Survive -- as well as hundreds of articles and essays, and many more academic papers. His influential newsletter "Crypto-Gram," and his blog "Schneier on Security," are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, served on several government technical committees, and is regularly quoted in the press.  Schneier is the Chief Security Technology Officer of BT.  Download <09:26>

Arthur Coviello, Jr., Executive Chairman, RSA, The Security Division of EMC,  Executive Vice President, EMC Welcome to a universe of Big Data, the next wave in Information Technology. Big data has the potential to transform our lives for the better; our health, environment, our livelihood, almost every facet of our daily lives. Big Data is more than just a whole lot of data. It's the ability to extract meaning: to sort through the masses of data elements to find the hidden pattern, the unexpected correlation, the surprising connection. Did you know the volume of information in the world is doubling every two years and less than one percent of the world's data is analyzed, and less than 20 percent of it is protected? Coviello will discuss how Big Data is transforming information security and how an Intelligence-driven security strategy that uses the power of big data analytics will put the advantage of time back on the side of security practitioners enabling them to detect attacks, respond more quickly and reduce attacker dwell time. Arthur Coviello Jr. is responsible for RSA's strategy and day-to-day operations as it delivers EMC's global vision of information-centric security. Coviello was Chief Executive Officer of RSA Security, Inc. prior to its acquisition by EMC in 2006. He joined the company in 1995 and has been a driving force in its rapid growth, increasing revenue from $25 million in 1995 to revenues of more than $828 million in 2011. His expertise and influence have made him a recognized leader in the industry, where he plays a key role in several national cyber security initiatives. He has more than 30 years of strategic, operating and financial management experience in high technology companies. He graduated magna cum laude from the University of Massachusetts.  Download <07:08>