Application security, Cybersecurity Asset Management, Cloud security, Vulnerability management, Careers, DevOps, Insider threat, Zero trust, Incident response, Threat intelligence, Compliance, Data security, Privacy, Leadership, Security awareness, Email security, Identity and access, Remote access, Social engineering

BH2020 #3

View Show Index

Segments

1. A Decade After Stuxnet’s Printer Vulnerability – Peleg Hadar, Tomer Bar – BH20 #3

We will describe the Print Spooler vulnerabilities that are found in Windows OS, and will explain how it’s related to Stuxnet. We will also release several tools. The name of Peleg and Tomer's talk is entitled "A Decade After Stuxnet's Printer Vuln: Printing is Still the Stairway to Heaven", and is scheduled for August 6th at 11am PT during Black Hat 2020!

Guests

Peleg Hadar
Peleg Hadar
Senior Security Researcher at SafeBreach Labs

Peleg Hadaris a Security Researcher, in the InfoSec field for more than 7 years, interested in Vulnerability Research.

Tomer Bar
Tomer Bar
Safebreach Labs lead at SafeBreach

15+ years in Cyber Security Research Team Lead @ SafeBreach Labs Main focus in APT and vulnerability research Past publications: Prince of Persia – Terminating 10 Years Campaign For Fun And Profit Infy Malware Active In Decade Of Targeted Attacks KasperAgent and Micropsia – Targeted Attacks In The Middle East Ride The Lightning With Foudre Double Edge Sword Attack – Exploiting Quasar Rat Command and Control BadPatch (APT-C-23)

Host

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly

2. Planning Security Strategy Without The Black Hat Expo? – Ian McShane – BH20 #3

This year we’ve seen organizations accelerate their so-called digital transformation almost overnight. Now we’re getting to the point where security leaders and business owners need to stop and take stock of what happened, what’s a temporary band aid, and figure out how to build their strategy without the luxury of getting yelled at by vendor booths in Mandalay Bay.

This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike for a totally free trial!

CrowdStrike at Black Hat USA 2020 https://www.crowdstrike.blog/join-crowdstrike-at-black-hat-2020/

Sponsored By

CrowdStrike

Guest

Ian McShane
Ian McShane
VP, Product Marketing at CrowdStrike

With almost twenty years in information security including practitioner, product manager, and a shift as the lead Gartner analyst for endpoint security and EDR, CrowdStrike’s VP of Product Marketing Ian McShane has seen a lot of crazy things in his time.

Host

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly

3. Defining the Dynamic Application Security Testing Market – Ferruh Mavituna – BH20 #3

Dynamic application security testing (DAST) for web applications has come a long way, establishing a niche market with a variety of offerings. In this segment Ferruh will discuss the big differences in DAST solutions available and help you understand which one is a pure DAST that you could rely on the most in this day and age.

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to get a trial of the best dynamic application scanning solution on the market!

Sponsored By

Netsparker

Guest

Ferruh Mavituna
Ferruh Mavituna
Founder and Strategic Advisor at Invicti Security

Ferruh Mavituna is the founder and strategic advisor of Invicti Security, a world leader in web application security solutions. His professional obsessions lie in web application security research, automated vulnerability detection, and exploitation features. He has authored several web security research papers and tools, and delivers animated appearances at cybersecurity conferences and on podcasts. Exuberant at the possibilities open to organizations by the deployment of automation, Ferruh is keen to demonstrate what can be achieved in combination with Invicti’s award-winning products, Invicti and Acunetix.

Host

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly

4. Effectively Protecting Your Users Against Ransomware & Zero-Day Exploits – Danny Jenkins – BH20 #3

ThreatLocker CEO, Danny Jenkins explains why his new approach of blocking everything that is not trusted and only allowing those applications that are approved, is a cleaner and more comprehensive approach to ensuring malware does not end up on your networks.

During this segment, Danny explains how he’s changing the entire approach and paradigm to cybersecurity.

This segment is sponsored by ThreatLocker.

To effectively protect your users from ransomware and zero-day exploits, visit https://www.securityweekly.com/threatlocker

Sponsored By

ThreatLocker

Guest

Danny Jenkins
Danny Jenkins
CEO at ThreatLocker

Danny is a technical guru with a deep understanding of corporate IT and cybersecurity. He has an entrepreneurial background and two decades of experience building and securing corporate networks. Before taking the reins at ThreatLocker, Danny held CEO and CTO positions at multiple IT companies and founded a few cybersecurity businesses of his own.

Host

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly

5. What’s Next In Work From Home Security? – Stephen Boyer – BH20 #3

Security professionals need to be thinking of the next evolution of the approach from working from home, specifically focusing on the security of the home network for both employees and third party contractors. Stephen Boyer discusses how to rate the risk of these new attack vectors using data BitSight already has...

To request a security snapshot report, visit: https://securityweekly.com/bitsight

Sponsored By

BitSight

Guest

Stephen Boyer
Stephen Boyer
Co-Founder and CTO at BitSight Technologies

Stephen co-founded BitSight in 2011 and serves as the Chief Technology Officer. Prior to founding BitSight, Stephen was President and Co-Founder of Saperix, a company that was acquired by FireMon in 2011. While at the MIT Lincoln Laboratory, Stephen was a member of the Cyber Systems and Technology Group where he led R&D programs solving large-scale national cybersecurity problems. Before MIT, he worked at Caldera Systems, an early Linux startup. Stephen holds a Bachelor degree in Computer Science from Brigham Young University and Master of Science in Engineering and Management from the Massachusetts Institute of Technology.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Matt Alderman
Matt Alderman
VP, Product at Living Security

6. The Paramedic’s Guide to Surviving Cybersecurity – Rich Mogull – BH20 #3

The security world is fraught with cases of mental health issues, burnout, substance abuse, and even suicide. We live in a world of threats and responses that trigger the deepest parts of our psyche; with the barriers between "online" and the physical world constantly crumbling. While some deal in theory, many of us deal with real incidents, challenges, and dangers every day and are constantly looking for techniques to respond better while staying saner.

Rich will share the lessons he learned in decades of emergency response and show how to apply them to your security career and daily practice to improve your effectiveness and mental resiliency.

Guest

Rich Mogull
Rich Mogull
SVP Cloud Security at FireMon

With twenty years of experience in information security, physical security, and risk management, Rich is one of the foremost experts on cloud security, having driven development of the Cloud Security Alliance’s V4 Guidance and the associated CCSK training curriculum.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Matt Alderman
Matt Alderman
VP, Product at Living Security

7. Developer Security Champions – Sandy Carielli – BH20 #3

Firms that want to secure applications are challenged by understaffed security teams and lack of security awareness on the part of developers. Developer security champions are developers who act as a security point of contact in their team, but programs to create and support them require investment and planning.

Guest

Sandy Carielli
Sandy Carielli
Principal Analyst at Forrester Research

Sandy is a principal analyst at Forrester advising security and risk professionals on application security, with a particular emphasis on the collaboration among security and risk, application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery lifecycle, protection of applications in production environments, and remediation of hardware and software flaws.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Matt Alderman
Matt Alderman
VP, Product at Living Security

8. Third-Party Risk Management (TPRM) – Alla Valente – BH20 #3

A firm’s network of third-party relationships can be a source of strength and an Achille’s heel, depending on the maturity of their risk management process. Companies have limited or no control over how third-parties secure their technology infrastructure, their applications, and their data, yet they're on the hook for breaches, cybersecurity incidents, and regulatory fines incurred.

Guest

Alla Valente
Alla Valente
Analyst, Security & Risk at Forrester Research

Alla is a senior analyst at Forrester serving security and risk professionals. She covers governance, risk, and compliance (GRC), third-party risk management (TPRM), and supply chain risk management (SCRM). In this role, Alla helps Forrester clients establish strategy, adopt best practices, and select technology to manage risk, address key regulatory compliance issues, and improve business resilience. Her research also includes ethics and trust in digital transformation, RegTech, and protecting the organization’s brand.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Matt Alderman
Matt Alderman
VP, Product at Living Security

9. The Intersection of Security & Privacy Operations – Gabe Gumbs – BH20 #3

Are security operations teams prepared to respond to privacy threats? Although you can achieve security without privacy, namely keeping information safeguarded from those that should not have access, you can not keep data private without security. How can we address this challenge?

This segment is sponsored by Spirion.

Visit https://securityweekly.com/spirionbh to learn more about them!

Sponsored By

Spirion

Guest

Gabe Gumbs
Gabe Gumbs
Chief Innovation Officer at Spirion

As Spirion’s Chief Innovation Officer, Gabriel imagines and create technology that pushes data security technology forward in an increasingly complex digital world. Responsible for seeing where data security is going next and ensuring that organizations of all sizes are able to get there. With a 18+ year tenure in CyberSecurity, he has spent most of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations, today Gabe is responsible for spearheading innovation across the organization through thought and product leadership.

Host

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
prestitial ad