Program Overview

Thursday, February 18^th
Track 1 (Room 110)
Track 2 (Room 120)
Friday, February 19^th
Track 1 (Room 110)
Track 2 (Room 120)

Thursday, February 18^th

	Track 1 (Room 110)	Track 2 (Room 120)
08:00 – 08:30	Check In (Coffee, OJ, Muffins, Pastry, Fruit)
08:45 – 09:00	Welcome
09:00 – 10:00		Riding the Storm with The Weather Company Ivan Milman
10:00 – 10:15	Break: Q&A, Meet People, Move to Next Talk (Coffee will be available)
10:15 – 11:00	Behind the Curtain: Insider Insights into PC Industry Security Bill Jaeger	Embargoing the Open: Challenges for temporary secrecy in open-source Fábio Olivé, Christopher "CRob" Robinson
11:00 – 11:15	Break: Q&A, Meet People, Move to Next Talk (Coffee will be available)
11:15 – 12:00	Hardware Security Considerations and Challenges Stephen Trimberger	Working with vulnerability researchers - the Cisco PSIRT experience Dario Ciccarone
12:00 – 13:00	Lunch (sandwich deli buffet with either salad or chips, and soda or water)
13:00 – 13:45	Incident Response - an Industrial Control System Manufacturer's Perspective Tobias Limmer	Working with vulnerability researchers - the Cisco PSIRT experience Dario Ciccarone
13:45 – 14:00	Break: Q&A, Meet People, Move to Next Talk (Coffee will be available)
14:00 – 14:45	Weaknesses v. Vulnerabilities: Shifting the Focus to Improve Product Security Jim Duncan	The C.I.A. Always Asks for Authorization Nikola Vouk
14:45 – 15:00	Break: Q&A, Meet People, Move to Next Talk (Coffee will be available)
15:00 – 16:00	IBM Secure SDLC: Engineering Software and Cloud Services with Security in Mind Jim Whitmore
16:00 – 16:15	Break: Q&A, Meet People, Move to Next Talk (Coffee will be available)
16:15 – 18:00	Birds of a Feather Session (Open to all PSIRT Teams) Moderated by Lisa Bradley
18:00 – 20:00	FIRST Social Event - Serena RTP

Friday, February 19^th

	Track 1 (Room 110)	Track 2 (Room 120)
08:30 – 09:00	Check In (Coffee, OJ, Muffins, Pastry, Fruit)
09:00 – 10:00		US Update on the FIRST CSIRT Services Framework - How we can adapt it for PSIRTs Peter G. Allor (Honeywell, US)
10:00 – 10:15	Break: Q&A, Meet People, Move to Next Talk (Coffee will be available)
10:15 – 11:00	Application Security at the Speed of DevOps Tony Rice	US Pushing your CSIRT to its limits with tabletop drills Kenneth R. van Wyk (KRvW Associates, LLC, US)
11:00 – 11:15	Break: Q&A, Meet People, Move to Next Talk (Coffee will be available)
11:15 – 12:00	Application Security Awareness: Building an Effective and Entertaining Security Training Program Chris Romeo	Open Source Security – What Security Testing Tools Miss Mike Pittenger
12:00 – 13:00	Lunch (sandwich deli buffet with either salad or chips, and soda or water)
13:00 – 13:45	Harmonizing Coordinated Vulnerability Disclosure Policy Efforts Art Manion	Tales from the Cisco PSIRT Crypt: Case Studies of the Evolution of PSIRTs & Today’s Threats Dario Ciccarone
13:45 – 14:00	Break: Q&A, Meet People, Move to Next Talk (Coffee will be available)
14:00 – 14:45	Issues, lessons learned through the eyes of JPCERT/CC on the vulnerability handling framework in Japan Masaki Kubo (JPCERT), Takayuki Uchiyama (JPCERT)	Rapid Product Security Incident Response Using a Workflow Based Solution Rod Henderson, Diane Mickelson
14:45 – 15:00	CLOSED

Application Security Awareness: Building an Effective and Entertaining Security Training Program
Chris Romeo
February 19, 2016 11:15-12:00
romeo-slides_20160219.pdf
MD5: b492a71b4871b2a31c7a57d7784e4299
Format: application/pdf
Last Update: June 7th, 2024
Size: 10.43 Mb
Behind the Curtain: Insider Insights into PC Industry Security
Bill Jaeger
February 18, 2016 10:15-11:00
jaeger-slides_20160218.pdf
MD5: 9176cfacc1b061abc4b42b869a09065d
Format: application/pdf
Last Update: June 7th, 2024
Size: 5.67 Mb
Embargoing the Open: Challenges for temporary secrecy in open-source
Fábio Olivé, Christopher "CRob" Robinson
February 18, 2016 10:15-11:00
olive-crob-slides_20160218.pdf
MD5: 85da51604af012224e9dbb4ce5642fa8
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.36 Mb
Issues, lessons learned through the eyes of JPCERT/CC on the vulnerability handling framework in Japan
Masaki Kubo (JPCERT), Takayuki Uchiyama (JPCERT)
February 19, 2016 14:00-14:45
kubo-uchiyama-slides_20160219.pdf
MD5: 9bc45f88a0fe3aa6fe893f957cff4317
Format: application/pdf
Last Update: June 7th, 2024
Size: 835.84 Kb
US
Pushing your CSIRT to its limits with tabletop drills
Kenneth R. van Wyk (KRvW Associates, LLC, US)

Kenneth R. van Wyk is an internationally recognized information security expert and author of the recent O'Reilly and Associates books, Incident Response and Secure Coding, as well as a monthly columnist for on-line security portal, eSecurityPlanet (http://www.eSecurityPlanet.com) and a Visiting Scientist at Carnegie Mellon University's Software Engineering Institute. Ken is a CERT® Certified Computer Security Incident Handler and provides consulting and training services through his company, KRvW Associates, LLC, (http://www.KRvW.com).

Ken has nearly 20 years as an IT Security practitioner in the Academic, Military, and Commercial sectors. He has held senior and executive technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), in addition to the U.S. Department of Defense and Carnegie Mellon and Lehigh Universities.

Ken also served a two-year elected position as a member of the Steering Committee, and a one-year elected position as the Chairman of the Steering Committee, for the Forum of Incident Response and Security Teams (FIRST) organization. At the Software Engineering Institute of Carnegie Mellon University, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds an engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented papers and speeches for CSI, ISF, USENIX, FIRST, and others.

February 19, 2016 10:15-11:00
wyk-slides_20160219.pdf
MD5: 52d39b87d21454becb9d55f0c02f5358
Format: application/pdf
Last Update: June 7th, 2024
Size: 5.48 Mb
Rapid Product Security Incident Response Using a Workflow Based Solution
Rod Henderson, Diane Mickelson
February 19, 2016 14:00-14:45
mickelson-henderson-slides_20160219.pdf
MD5: c98646d413bf05db9c5c16979a287494
Format: application/pdf
Last Update: June 7th, 2024
Size: 2.11 Mb
US
Update on the FIRST CSIRT Services Framework - How we can adapt it for PSIRTs
Peter G. AllorPeter G. Allor (Honeywell, US)

Peter Allor is a Director for Red Hat Product Security where he has responsibility for the portfolio on Secure Development through Incident Response. He is currently the Chair for the FIRST PSIRT SIG where a number of documents supporting the product security incident response were developed by practitioners for practitioners including a Framework of Services, Maturity and a base Incident Response plan.

Pete has assisted in the formation of the IT-ISAC and ICASI (Industry Consortium for Advancing Security on the Internet) groups for broader response and coordination. He is also a former Member of the FIRST Board of Directors serving as the CFO for five years, guiding CVSS and other SIGs as well as the board liaison for FIRST Conferences. Pete was a founding member of the IT Sector Coordinating Council and has participated on the CyberSecurity Commission for the 44th Presidency as well as supporting his CEO on the National Infrastructure Advisory Council where he led several working groups.

Pete started with Internet Security Systems working their vulnerability disclosures and then was with IBM Security when ISS was acquired. He later moved to Honeywell working their cloud solutions and product as the Product Security Chief prior to moving to Red Hat.

February 19, 2016 09:00-10:00

Program Overview

Thursday, February 18th

Friday, February 19th

Application Security Awareness: Building an Effective and Entertaining Security Training Program

Behind the Curtain: Insider Insights into PC Industry Security

Embargoing the Open: Challenges for temporary secrecy in open-source

Issues, lessons learned through the eyes of JPCERT/CC on the vulnerability handling framework in Japan

Pushing your CSIRT to its limits with tabletop drills

Rapid Product Security Incident Response Using a Workflow Based Solution

Update on the FIRST CSIRT Services Framework - How we can adapt it for PSIRTs

Thursday, February 18^th

Friday, February 19^th