Name: Peter Schawacker @psalchemy www.alchemysecurity.com/
Title: Peter Schawacker- Agile Security, SOC and how Mortman/Hutton ruined my summer vacation
Abstract: This talk is about organizing unmanageable people to accomplish impossible tasks. In it I talk about why traditional project management approaches almost always fail, especially when it comes to security. There's been some discussion of Agile software development, but not so much about its application to other domains. I've been using Agile to build and security operations centers and manage teams of analysts. Think of this as a how-to for effective cat herding, security requirements analysis and managing by not managing.

Name: Tim Skorick
Title: Browser Extension Malware
Abstract: In an age in which the PC exists almost exclusively for web use whether at work or at home, malware authors no longer have to puzzle how to trojan a computer: the browser offers fewer impediments, has an API that publishes every object they could possible want to hook, and contains the user's entire work and play experience. Add to that varying failures in client-side or enterprise-level controls and you have the perfect breeding ground for a growing species of malware.

Name: Steve Pordon
Title: Defeating High Security Locks: An Overview
Abstract: Intermediate-level overview of how high security locks work, and how to defeat them. Assumes basic lockpicking knowledge and concepts (shear line, tension, etc.), but will include a 2-minute refresher for those who need it. Emphasis will mainly be on high security pin-tumbler locks--ASSA Twin, Medeco Biaxial, Schlage Primus, and similar sidebar locks--with some discussion of disc locks (Abus, Abloy).

Name: Jerry Gamblin (www.twitter.com/jgamblin)
Title: Implementing Security Awareness: Your Users Are Not Idiots
Abstract: I sometimes feel that security professionals treat their end users with a level on slightly above contempt. Why is that and what can we do to be better about educating our end users and keeping our networks secure?

Name: Daniel J. Molina, @DJMolina / [email protected]
Title: Top 10 Ways IT is Enabling Cybercrime
Abstract: Today's IT departments, unbeknownst to themselves, are empowering cybercrime by their own actions. Daniel Molina presents The TYop 10 Things that your IT department is doing, that enables cybercrime in your own company.

Name: Erin Jacobs @SecBarbie
Title: Compliance Crystal Ball – Future trends in risk-based security framework
Abstract:
More often than not organizations structure their internal security framework based almost exclusively upon regulatory and business compliance drivers. Through the discussions and drivers that are occurring in the security community as well as the cross-pollination into the business community, security compliance framework is changing direction. This talk will guide the audience though a history of regulatory compliance focusing on SAS70’s, ISO 2700x, PCI-DSS, HIPAA, SOX, and GLBA. Through this historic analysis, we will extract the known trends and forecast where the future is taking the security compliance landscape.

Name: Davi Ottenheimer, @daviottenheimer
Title: Cloudy with a chance of security
Abstract: Virtualized computing continues to evolve and bring both pros and cons (pun not intended) to information security. Everything from access controls to logs and forensics is being forced to adapt as IT resources are migrated from physical to virtual. This presentation gives a comparative analysis of the physical and virtual environments to identify key differentiators and risks. It then proposes several new approaches to meet the challenge of security and compliance for virtual systems, especially in clouds.

Name: [email protected]
Title: "When Does Electronic Espionage Become an 'Act of War' and What Options Do Nations Have to Defend Their Networks?"
Abstract: This presentation will be a combination of my two articles published in the ISSA Journal last August 2009 and this June 2010. I will discuss current cyber threats, how nations have reacted to them, or not, the types of threats, where the line might be drawn between electronic espionage/cyber crime and “acts of war,” the significant challenges nations face, and potential solutions. I will also discuss some more practical security solutions for business to reach beyond their networks to create a greater security posture.

* Name: Jamey Heary
* Title: Sneak peak at PCI 2.0 changes
* Abstract: Learn about how PCI works behind the scenes, PCI Proposed Changes for October, PCI Virtualization SIG Update, PCI and Cloud Services, New Guidance on Audio Recordings