RSA Conference US Podcast

Daniel Ayoub, Manager, Product Marketing, Dell SonicWALL  It is becoming increasingly popular for tablets and smartphones to be allowed access to corporate resources, however, many enterprises do not block 'rooted' and 'jailbroken' devices. In this session, we will examine several of the penetration testing tools available for ARM platforms and demonstrate the risk posed by 'jailbroken' and 'rooted' mobile devices connecting to the corporate network.   Daniel Ayoub is a network security engineer most recently engaged as the Manager of Product Marketing for Dell SonicWALL. Daniel has been involved with implementing information security systems and methodologies to public-sector corporations and numerous small-medium sized businesses. He has also been published in several publications including: 2600 magazine, SC magazine, and Network World. His areas of interest include penetration testing, CSIRT, malware and digital forensics. He has a Bachelor’s of Science in Electrical Engineering from the University of California, Irvine and numerous technical certifications including CISSP, CISM, CISA, CCNP, CCSP & CEH.  Download <03:23>

Arthur W. Coviello, Jr. Executive Chairman, RSA, The Security Division of EMC, Executive Vice President, EMC  Does anyone believe that perimeter defenses are enough to protect businesses today? With massive amounts of digital information, Bring Your Own Device, Cloud, Big Data and more, our perimeter is more porous and harder to defend. It's imperative to rethink security in a more balanced way, devoting additional resources to detection and response. Art Coviello will discuss how an Intelligence-Driven Security model that evaluates risk, security spend allocation, and skills of the security team can enable businesses to get ahead of the latest threats.  Art Coviello is responsible for RSA's strategy and overall operations as it delivers EMC's global vision of information-centric security. Mr. Coviello was Chief Executive Officer of RSA Security, Inc. prior to its acquisition by EMC in 2006. He joined the company in 1995 and has been a driving force in its rapid growth since that time. Mr. Coviello's expertise and influence have made him a recognized leader in the industry, where he plays a key role in several national cyber-security initiatives. Mr. Coviello has spoken at numerous conferences and forums around the world. Mr. Coviello has more than 30 years of strategic, operating and financial management experience in high-technology companies. In addition, he currently serves on the Board of Directors at EnerNOC, a leader in demand response systems for energy conservation, and AtHoc, a leading provider of enterprise-class network-based mass notification systems for the security, life safety and defense sectors.  Mr. Coviello graduated magna cum laude from the University of Massachusetts.  Download <6:36>

Tom Corn, Chief Strategy Officer, RSA, The Security Division of EMC  The surge of smartphones and tablets connecting to corporate networks can create massive security risks, such as multiplying threat vectors and rampant data leakage. This panel shares new research on risk management strategies that can enable enterprises to realize the business benefits of mobile devices and applications, including BYOD. Learn how leading CISOs are adapting to the mobile paradigm.  Tom Corn is Chief Strategy Officer for RSA, the Security Division of EMC. Tom is a 20-year veteran of the technology industry. He currently leads RSA’s Corporate Strategy and Technology Strategy teams – including RSA Labs, and Advanced Development. Previous roles at RSA include VP and GM of the Data Security Business and VP of Product Marketing. Prior to RSA, Tom held executive, consulting and sales engineering roles at Mazu Networks, NextNine, Avid Technology, Accenture and AICorp. Tom holds a B.S. in electrical and computer engineering from the University of Waterloo and a MBA from Harvard.  Download <9:10>

Philippe Courtot, Chairman and CEO, Qualys.  IT Infrastructures are becoming increasingly complex and virtualized. Workload mobility, cloud computing and “bring-your-own-computer” are becoming the norm. These shifts are forcing organizations to aggregate more data and threatening to breach the IT safeguards constructed to keep corporate data secure. Using real-world examples that protect IT environments and ensure compliance, this session will explore these fundamental changes - and expose the most effective ways to deal with them.  Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. Philippe received the SC Magazine Editor's Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. He is a member of the board of directors for StopBadware.org and TechAmerica, and in 2012, he launched the Trustworthy Internet Movement, a nonprofit, vendor-neutral organization committed to resolving the problems of Internet security, privacy and reliability.  Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that he repositioned to become a significant e-commerce player. In February 2000, VeriSign acquired Signio for more than a billion dollars. Today, VeriSign's payment division, based on the Signio technology, handles 30% of electronic transaction in the U.S., processing $100-million in daily sales. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. Under Philippe's direction, the company completed its initial public offering in November 1995. Philippe also turned an unknown company of 12 people, cc:Mail, into the dominant e-mail platform provider, achieving a 40% market share while competing directly against IBM and Microsoft. Acknowledging the market leading position of cc:Mail and the significance of e-mail in corporate environments, Lotus acquired the company in 1991. In 1986, as CEO of Thomson CGR Medical, a medical imaging company, Philippe received the Benjamin Franklin award for his role in the creation of a nationwide advertising campaign promoting the life-saving benefits of mammography. Philippe served on the Board of Trustees for The Internet Society, an international non-profit organization that fosters global cooperation and coordination on the development of the Internet. French and Basque born, he holds a Masters Degree in Physics from the University of Paris, came to the US in 1981 and has lived in Silicon Valley since 1987.  Download <7:31>

Keyun Ruan, Researcher, Center for Cybersecurity and Cybercrime Investigation, University College Dublin  In this presentation, the speaker will first share an overview of cloud forensics and its challenges and opportunities. The session will then will talk about the forensic implications of cloud security reference architecture, and forensic artefacts that can be found on different layers in the Cloud system environment. The talk will conclude with several investigative sample scenarios and case studies.  Keyun Ruan is a researcher at Center for Cybersecurity and Cybercrime Investigation, School of Computer Science and Informatics, University College Dublin. She has done her PhD on Cloud Forensics and was one of the 1st to identify this emerging area. She is the editor of the IGI Global book "Cloud Forensics and Cyber Crime: Applications of Investigation Processes". She is the founder of a New York based R&D platform XENSIX Inc with collaborative research networks in Berlin, Dublin, and New Delhi to advance R&D in the area of cloud forensics.  Download <7:21>

Mario de Boer, Research Director, Gartner  Organisations need protection for sensitive data held mobile devices. Although mobile devices include native controls such as access control and encryption, additional products are available. This presentation helps organisations decide in what cases native platform controls suffice, and when additional solutions such as application containers should be considered.  Mario de Boer, Ph.D., is an analyst in the Gartner for Technical Professionals Security and Risk Management Strategies team. He covers endpoint and email encryption, mobile device security, Web browser security, and client virtualization security. Previously, Mr. de Boer was enterprise security architect at a global semiconductor company, responsible for delivering and advising on security solutions for a wide variety of IT and business initiatives. He has more than 15 years of industry experience in security, risk and compliance topic areas, working for enterprises, government organizations and consulting firms.  Download <11:50>

Dennis Moreau, Senior Technology Strategist, RSA, The Security Division of EMC Samir Saklikar, Principal Technologist, RSA, The Security Division of EMC  Big Data offers the promise of delivering deep insights into the growing ocean of information, but at the risk of newer security, privacy and transparency concerns that are uniquely the result of Big Data analytic capability. This session discusses how these challenges are both similar yet different from Cloud Security, and how we can improve on our learning from that space to secure Big Data.  Dennis Moreau is specialist in the application of leading edge technologies to the solution of complex problems in the Information Systems and Utility Computing management domains.Prior to joining RSA's CTO Office, he was a founder and the CTO for Configuresoft. He holds a doctorate in Computer Science and has held faculty positions in Computational Medicine and Computer Science (tenured in 1993)  Samir Saklikar is a Principal Technologist in the Office of the CTO at RSA, The Security Division of EMC. His work focuses on the convergence of Big Data and Security, identifying and establishing relationships between them, both as enabling or depending on each other. This includes working on Big Data analytics for solving security problems, as well as designing security frameworks for Big Data. Previously, as lead of the Advanced Development team within RSA, he has worked on architecting and implementing novel ideas around Cloud Computing and Mobile Security. He has authored over 10 papers in international conferences and journals, and has 20 patent applications in areas of security and identity management.  Download <7:52>

Francis deSouza, Group President, Enterprise Products and Services, Symantec Corporation  With new weapons, new business models and new actors, cybercriminals continue to intensify their attacks against organisations of all sizes.  How do we win in a world where they only have to be right once, but we have to be right every time?  The answer is intelligence — about our adversaries, as well as our own organisations.  Francis deSouza will reveal exclusive Symantec intelligence on new attack methods to help you better understand the threats you face.  He’ll also discuss how applying intelligence about your own organisation will help you prevent more - and react less..  As group president of Enterprise Products and Services at Symantec, Francis deSouza leads product management, engineering, industry relations and operations for Symantec’s enterprise security,information management, storage and availability management and managed security services solutions. deSouza joined Symantec through the company’s acquisition of IMlogic in February 2006. At IMlogic, he was the founder andCEO, building the company into a recognized leader in the rapidly growing market for instant messaging security. Prior to founding IMlogic, deSouza served as product unit manager at Microsoft, founder and CEO of Flash Communications, management consulting and computer science researcher at IBM’s TJ Watson Research Labs. deSouza holds a number of patents in computer security.  Download <5:54>

Laura Mather, Founder and Chief Visionary, Silver Tail Systems  Proportionally, there are far fewer women security professionals than men. This statistic is detrimental to the field for many reasons including the loss of a different perspective, the loss of understanding of 50% of a company’s customers, and missing out on 50% of the talent pool. This panel will discuss these disadvantages and what can be done to encourage more women to enter the field.  Laura Mather, Ph.D., is a world expert in attacks against websites and online infrastructure.  Her career includes time at the National Security Agency and the Risk Management group of eBay.  As the founder and Chief Visionary of Silver Tail Systems, she and her team are protecting more than 780 million online users and more than 40% of online banking traffic in the United States.  She has a Ph.D. in Computer Science and a B.S. in Applied Mathematics.  She is a sought after speaker and is passionate about helping entrepreneurs build successful businesses.  Download <7:07> 

Tyler Shields, Senior Researcher, Veracode, Inc.  Risks to mobile devices are similar to those of traditional software applications and a result of insecure coding practices. But mobile devices aren’t just small computers: they are designed around personal and communication functionality. This makes the top mobile applications risks different from the top traditional computing risks - and an easier opportunity for those with malicious intent. Tyler Shields is a Senior Researcher with the Veracode Research Lab whose responsibilities include understanding and examining interesting and relevant security and attack methods for integration into the Veracode product offerings. While specialized in application security, Mr. Shields also has lead security engagements in the areas of wireless security, network and product penetration testing, secure development lifecycle design, secure application architecture review, and forensics and incident response. While at Symantec, Mr. Shields also led the Symantec Vulnerability Research team. This team was tasked with the responsible disclosure of vulnerabilities discovered by the Symantec employees in the course of their daily work. The goal of the team was to interface with both the vendor and the vulnerability finder to work towards a mutual timeline of repair and information disclosure. In the past, Tyler has worked as a consultant for both @Stake and Symantec, delivering security assessments to fortune 500 companies, major financial institutions, institutions of higher education, and the highest levels of the U.S. government. Tyler has presented at major security conferences internationally including RSA, Black Hat, H.O.P.E , & SOURCE Boston and released numerous security advisories. He also frequently contributes to major media outlets on security relevant topics.  Download <7:00>

Joshua Corman, Director, Security Intelligence, Akamai Technologies David Etue, VP, Corporate Development Strategy, SafeNet, Inc.   The security community has failed for years to determine return on investment (ROI) or return on security investment (ROSI). It’s failed as you can’t evaluate security efficacy without assessing the adversary’s perspective. Updated from the highly rated RSA US 2012 session, we’ll discuss the “Adversary ROI” model and provide mappings for different threat actors, ranging from organised to chaotic.  Joshua Corman Director, Security Intelligence at Akamai, is a well known industry expert.  He is the former Research Director at The 451 Group, where he lead the research team in the area of IT enterprise security. Previously, he was Principal Security Strategist at IBM Internet Security Systems. Mr. Corman has more than a decade in security and networking software, and in his previous role at IBM was responsible for driving the strategy for emerging technologies, including secure virtualization and secure cloud computing. Prior to his role at IBM, Corman was a product development leader at vCIS Technology, when IBM Internet Security Systems acquired the company in 2002 for its preemptive behavioral inspection technology.   David Etue brings together experience and perspective from a number of security roles including security program leadership, management consulting, product management and technical implementation. He is the VP of corporate development strategy at SafeNet, where he is responsible for strategic decisions regarding partnerships, and mergers & acquisitions. He was previously the cyber security practice lead at management consultancy PRTM, VP of Products & Markets at Fidelis Security Systems, led General Electric's global computer security program, and held various positions in technology strategy, operations and product management. He is a Certified Information Privacy Professional, a Certified CISO, a graduate of GE’s Information Management Leadership Program, and a Six Sigma Green Belt.  Download <13:21> 

Misha Glenny, Author and Journalist  The genius of the Internet lies in its interconnectedness. But this is also its Achilles’ heel: everyone wants to take control of it at the expense of everyone else. Our dependency on network systems are growing, but our resilience is not keeping up. Law enforcers, spies, and the military now believe it is central to their security strategies. So do criminals, terrorists and hacktivists. Where does this leave the citizen?  Misha Glenny is an investigative journalist, author and broadcaster. He is one of the world's leading experts on cybercrime and on global mafia networks, and has written about his investigations in the recently published Dark Market.  Other books include McMafia, which was widely acclaimed for its dissection of criminal networks worldwide, and led to a 2009 TED Talk on the subject. He contributes regularly to the Guardian, Observer, The New York Times and New York Review of Books.  He is informally consulted on a regular basis by the British Foreign Office, the US State Department and the British Army. He is also a regular keynote speaker at conferences on organized crime, globalization, south-eastern Europe and US-Europe relations, and in 2012 was a Visiting Professor at Columbia University’s Harriman Institute.  Download <11:52>

Vanja Svajcer, Principal Researcher, Sophos, Inc.   Android malware discovered by researchers each month has grown exponentially in the past year. Google Play has become the main target for Android malware writers. This presentation will reveal the results of recent research to identify the best attributes that can be used for Android malware detection, and will provide users with a better understanding of actual Android malware threats.  Vanja Svajcer is a Principal Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and research of malware for mobile devices. Vanja is always ready for a good discussion on almost any security topic.  Download <06:29>

Uri Rivner, Head of Cyber Strategy, Biocatch Eddie Schwartz, CISO, RSA, The Security Division of EMC  A multinational space agency. A particle accelerator underneath Europe. A Premier League football club. All recently compromised - and they knew nothing about it. Who are the actors? Nation states? Hacktivists? Cybercrime lords? What is their target selection strategy? Two of RSA's top cyber warriors provide blood chilling intelligence and lessons learned - straight from the cyber battlefield.                 Uri Rivner has been fighting Cybercrime for 12 years. Currently leading the cyber strategy for behavioral biometrics company BioCatch, Uri’s prior role was Head of New Technologies, Identity Protection at RSA, where he worked closely with the world’s largest organizations to establish a new defense doctrine against advanced cyber threats. Innovations Uri spearheaded now stop billions of dollars in fraud each year and protect hundreds of millions of online banking and eCommerce users.  Download <12:50>

Joshua Corman, Director, Security Intelligence, Akamai Technologies  "Are we getting better?" So simple; yet our best can't answer. How would we know? For too long we've focused on activity over effect, symptoms over root causes, easy problems over important ones. We can wearily accept defeat or fight smarter. After a decade of digging deeper & exploring the edges of the map, this session will cover what is of greatest consequence to maturing our industry.  Joshua Corman is Director of Security Intelligence for Akamai Technologies. Corman has more than a decade of security experience, most recently serving as Research Director for The 451 Group. His research cuts across sectors to the core challenges of the industry, and drives adaptive strategies amidst changing landscapes. He is a candid and highly coveted speaker and has spoken at leading industry events such as RSA, Interop, ISACA, SANS, DEFCON, and ShmooCon – and was recognized by NetworkWorld as a top Influencer of IT for 2009. As a staunch advocate for CISOs, he serves as a Ponemon Institute Fellow, as an IANS Faculty, and co-founded www.ruggedsoftware.org. He received a bachelor’s degree in philosophy, Phi Beta Kappa, summa cum laude, from the University of New Hampshire.  Download <13:08>