• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

View
 

BSidesClevelandCFP

Call For Presenters (CFP)


BSidesCleveland 2012 will be held in a conference style consisting of two tracks.  Topics can be anything related to the security industry including but not limited to:

 

Application Security

Secure Programming

Cryptography

Cloud Security

Ethical Hacking

Digital Forensics

Embedded Security

Unethical Hacking

Incident Response

Enterprise Security

Privacy and Anonymity

Intrusion Detection

Mobile Security

Security and Risk

Malware and Reversing

Network Security

Security Tools and Techniques

Emerging Threats

Physical Security

Security Education and Awareness

Cyber Warfare

 

Submissions should include:
  • An abstract of your talk
  • Have you presented before? Where/when?
  • Has this material been presented elsewhere? If so, where and when?
  • Why do you want to present at BSidesCleveland?
  • Name, Email, Twitter, Website, Etc... 

 

Please note the following deadlines:

  • CFP Submission Deadline: June 15th at 11:59pm ET
  • CFP Speaker Notification: TBD 

Submissions should be sent to: [email protected]

BSidesCleveland Main Page
http://www.securitybsides.com/w/page/27427415/BSidesCleveland

Submissions

 

We will update this list periodically as we receive submissions.  Feel free to let us know who you would like to see present via twitter @BSidesCleveland.

 

  • Name: Joe Dirt  @joedirt / [email protected]
  • Title: What is the name of the talk
  • Abstract: Description of talk goes here.

 


CFP Submissions

 

Name: Bill Mathews  
Title: Winter is Coming: Cloud Security in Dark Ages  
Topic Abstract:Following several to-be-published blog posts surrounding the topic of security in a "dark" cloud environment, this talk will drive home and detail the points of those posts (posts are scheduled to be published through May and June of 2012). The talk will surround the "Top 10 Security Questions about Dark Cloud Security" where I will both answer and hopefully provoke questions about attendees' cloud strategies. I will wrap up by distributing my "Dark Cloud Security Check List" which will be published shortly after the Top 10. More details can be available after the posts are published. 

Name: J Wolfgang Goerlich  
Title: Naked Boulder Rolling - Applying Risk Management to Web Application Security  
Topic Abstract: Every day we roll the boulder up hill. Every morning we find the boulder back down in the valley. Like Sisyphus, defenders face the daily challenge of getting all the systems secure and the morning realization that new vulnerabilities have crept in. It is so bad we say it is not if we will get breached but when we will get breached. Worse, defenders say most breaches are career-ending events. Ouch. There has to be a better way. In this talk, we will cover using business impact and risk management as a driving force for prioritizing security efforts. This reduces the likelihood of a breach and prevents any breaches from being career-ending event. We’ll round out the hour with a case study showing these principles applied to securing a million dollar website. Guaranteed, you will leave this talk a smarter boulder roller.

Name: Bill Sempf
Title: Windows 8 from the pentesters perspective  
Topic Abstract: This fall Microsoft will release the newest rendition of its flagship operating system - Windows 8. While much of Windows 8 is very similar to Windows 7, it includes a new attack surface: the Metro UI. Bill will break down the programming model for Metro, and consider some of the identity and network surfaces that are prime for attack.

Name: Bill Sempf  
Title: What locksport can teach us about security  
Topic Abstract: After four years of teaching the public about locksport, including running one of the few regular monthly locksport classes in the country, Bill has drawn some conclusions about what locksport call tell us about the state of the security industry and the perceptions of the public. He’d like to share them with you.

Name: Bill Sempf   
Title: Pentesting ASP.NET  
Topic Abstract: The recent break-ins at Sony and Epsilon were partially tracked to web application failures. Not network security problems. Not server
misconfiguration. Coding failures. Defects. Does security make it into your unit tests? Do you do security checks as part of your integration testing? Bill will use some industry-standard penetration testing tools to show some techniques for breaking into your own applications, and making sure no one else does.

Name: Albert School   
Title: Testing Enterprise DLP Systems // Advanced data exfiltration techniques 
Topic Abstract: DLP systems are becoming more and more prevalent in medium to large enterprises.  While these systems can be very effective at preventing data leakage, the operational complexity often limits the full capability of the technology.  This talk examines some of the core technologies (not products), operational limitations, and proposes a systematic methodology to test end to end effectiveness of an implementation.   Additionally techniques will be discussed that have been used in actual penetration tests to bypass highly restrictive DLP implementation and their components.

Name: Mick Douglas    
Title:  Automating Incident Response
Topic Abstract: Mick will demonstrate how SIM/SEM technologies can be used to automate IR events -- or even take corrective action *before* a compromise even takes place.

Name: Branden Miller & Bill Gardner
Title: Focusing on the Fool: Building an Awareness & Training Program  
Topic Abstract: Security personnel in the know rarely lose sleep over the technical controls used to secure their networks (after all, hackers will eventually be successful). We lose sleep over the ability of our staff to defend those networks with common sense. Social engineering and lack of basic knowledge can hurt you more than a script kiddie.

Name: James Siegel (aka WolfFlight)
Title: Outside the Echo Chamber 
Topic Abstract: There has been recent discussion in the InfoSec community with regard to how insular the discussions tend to be. To some it appears that we simply talk in circles, the same old speakers, the same old audiences. Perhaps, with some introspection and self-evaluation we can find ways to indeed break out of the echo chamber that we sometimes find ourselves in. It can appear difficult for those outside the community to find their way in. Often there appear to be barriers preventing the inclusion of new people and ideas. Whether it be developers trying to find out how to make their code more secure or simply aspiring new InfoSec professionals, some in the industry appear to be walled off from the public. It is my intent to show that this is not the actual case at all. Furthermore, that those in the industry can without too much effort, may actually be able to reach a bigger audience. That there are those out there who would greatly benefit from a greater security awareness. Will it be completely easy? Definitely not, there are some barriers that must be crossed or removed. It all begins with the first step, why not take it now?

Name: Jeff @ghostnomad Kirsch 
Title: <? $People ?> Process Technology 
Topic Abstract: Information Security as an industry gets technology and process, but we often forget about the people part of the equation. Almost in parallel as an industry we are finding more and more that most organizations are not in the business of security, but in the business of selling a product or service. This means iron clad security is no longer the norm, and if the people in charge of selling things forget about the people who are securing things because we are inconvenient all our process and technology efforts have gone for not. We need to develop a way to not only educate end users but also educate them on how security risk equates to business risk. We can not rely on security awareness that meets compliance requirements, we need a method to track and respond to peoples needs that maximizes our security strategy.

Name: Rockie Brockway
Title: Business Ramifications of the Internet's Unclean Conflicts
Topic Abstract: The last official declaration of war was signed in 1942, yet we have heavily invested ourselves in many major conflicts since, from Korea and Vietnam to Grenada and Somalia to Afghanistan and Iraq. Most of these "unclean conflicts" have suffered significantly in many ways, from popularity and political capital issues to loss of clout and global leadership. Following the breakup of the USSR , our technological innovations and superiority have bred a culture that scoffs and the thought of anyone seriously engaging our military in open, clean conflict.  This mentality, to a very high degree, has filtered itself into the DNA of our industrial and corporate business infrastructure, defining how we expect the rest of the world to act and conduct business. The internet is finally showing us what it can really do, and what that is, we as a nation, and therefore our dominant and innovative business leaders, are completely unprepared for. For the rest of the world, there is absolutely zero need for any semblance of any official clean conflicts, when the internet makes it so easy to conceal outright theft of data, be it millions of credit card numbers and passwords for profit or the theft of industrial intellectual property from a government contractor that thereby cuts a foreign adversary's developmental gap for sophisticated weaponry by years. Should that be considered an act of war? Should targeted malware? So, as a country who generally views things in black and white, yet has significant expertise in the unclean conflict, why are we losing this new unclean conflict, and how can we adapt accordingly?

Name: Jamison Budacki   
Title: Netflow for Incident Response  
Topic Abstract: Situational awareness during an attack is crucial to minimizing the malicious effects. The use of Netflow data is a simple and often under utilized technique for gaining visibility. This talk will focus on using flow data as a tool to facilitate incident response as well as network forensics. We will explore what Netflow is, how to setup the collection of flows, how Netflow can be integrated into existing incident response workflows, and give various examples.
 

Name: Steve Jaworski @s0apb0x
Title: “If I can script it, you can script it, too!”
Topic Abstract:  Writing scripts is one of the most important skills an information security professional should have in their arsenal. Dissecting large amounts of data can be a time consuming process. Save time by automating repetitive tasks.  There is not always a readily available or accessible tool to accomplish the job.  Reviewing some popular tools and languages, I will guide the audience through my pitfalls and wins.

Name: Adrian "Irongeek" Crenshaw

Title: Dingleberry Pi Building a Blackthrow: More inexpensive hardware to leave behind on someone else's network

Topic Abstract: It's useful to control a host on a remote network, but you don’t necessarily have to pwn a box that is already there. You can also leave behind a host you can remote into, or since egress filtering rules are often less restrictive than ingress, have it shovel a shell back to you. This sort of host is often called a Kamikaze box, Svartkast, BlackThrow or Dropbox. You can even make it part of cipherspace (I2P or Tor) to make it less apparent who is controlling the box. This talk with describe how to construct such a box using inexpensive hardware


Name: Dave "ReL1K" Kennedy
Title: TBD
Topic Abstract: TBD

Name: Martin "PureHate" Bos
Title: TBD
Topic Abstract: TBD

Comments (0)

You don't have permission to comment on this page.