Conference:  Defcon 31

Authors: Kemba Walden Acting National Cyber Director, Office of the National Cyber Director, The White House,

2023-08-01

A fireside chat with Director Walden. Director Walden is the current acting National Cyber Director for the Biden-Harris Administration.

Conference:  Defcon 31

Authors: Jen Easterly Director, Cybersecurity and Infrastructure Security Agency, Scott Shapiro Author, , Yale Law School Professor

2023-08-01

Fancy Bear, Dynamic Panda and Charming Kitten – we live in a time where we are constantly under attack without even knowing it. CISA Director Jen Easterly and Yale Law School Professor Scott Shapiro, author of “Fancy Bear Goes Phishing: The Dark History of the Information Age In Five Extraordinary Hacks” discuss how best to understand the challenge of information security; what we can learn from looking back; and how the decisions we make today to prioritize security by design will shape our future.

Conference:  Defcon 31

Authors: Tiffany Rad Instructor at U.C. Berkeley, Austin Shamlin Co-Founder of Traverse Project

2023-08-01

Civil Cyber Defense volunteers and students challenge high-risk adversaries and threats such as human traffickers, authoritarian regimes, and surveillance being conducted on journalists. By utilizing academic resources, OSINT skills, and free/open-source tools, civil cyber defenders are supporting vulnerable non-profits, protecting volunteers, journalists, and activists while defending human rights. There is a need in the cybersecurity industry for more civil cyber defenders. Recommendations will be made as to how your organization can support and/or volunteer your time and tools to provide protection to vulnerable organizations who have high risks, face advanced and persistent adversaries, but have modest resources.

Conference:  Defcon 31

Authors: Alejandro Mayorkas Secretary of the Department of Homeland Security

2023-08-01

The Secretary of US Homeland Security, Alejandro Mayorkas, joins DEF CON for a fireside chat. Secretary Mayorkas will lay some foundational groundwork on some of DHS' priorities in cybersecurity and how they address pressing IS and global issues, then sit down to talk with The Dark Tangent, in a casual conversation with thousands of their closest hacker friends.

Conference:  Defcon 31

Authors: David Pekoske Administrator, Transportation Security Administration (TSA), Jen Easterly Director, Cybersecurity and Infrastructure Security Agency, Kevin Collier NBC

2023-08-01

Just like there's more than one way to peel a banana, there’s more than one way to protect a computer network from being pwned. Cyber threats against America’s pipelines, railroads and aviation system are increasing, and the Transportation Security Administration – with support from the White House, the Cybersecurity and Infrastructure Security Agency and Congress – is hacking traditional cybersecurity policy to improve resiliency for the growing connected transportation sector. How? TSA isn’t telling regulated parties exactly the ways they should secure their own systems. Instead, the agency is asking them to produce and provide plans for ensuring they protect their critical assets. America’s adversaries are sophisticated, and TSA needs help from the hacking community to think creatively about future attacks, to identify new vulnerabilities, and to provide innovative new ways of measuring success. This talk will tell you what TSA is seeing, gives you a chance to offer us advice, and to learn specific ways in which you can contribute to new projects. Because always in motion the future is.

Conference:  Defcon 31

Authors: Joe Sullivan CEO of Ukraine Friends

2023-08-01

The federal criminal case of United States v. Joseph Sullivan, NDCA 3-20-CR-337 WHO, has been covered and debated quite publicly since I was fired by the new Uber CEO in November 2017, a year after the incident. Most discussion has focused on questions of my guilt or innocence, the culpability of other executives at the company, and the implications of the case for other security executives. Less has been written about the guilt or innocence of those who accessed Uber’s AWS environment in October 2016 and triggered an incident response by emailing me and asking for payment. After we met them, my team and I did not consider those 19- and 20-year-old kids to be criminal actors and treated them as security researchers. Yet both also faced federal criminal charges. During my talk I will review the extraordinary investigation done by my team at Uber and put it into the context of other historical cases we and I had worked on. Whether or not you consider them to be security researchers, there are many lessons to be learned related to the dynamics between researchers and companies and the dynamics between companies and the government.

Conference:  Black Hat Asia 2023

Authors: Gaurav Keerthi, Jeff Moss

2023-05-12

In this fireside chat, Black Hat Founder Jeff Moss sits down with Gaurav Keerthi, Former Deputy Chief Executive, CSA to discuss the ongoing tension between regulating emerging technologies and the drive for innovation in cybersecurity. They also examine the role of government vs the private sector in fostering innovation while also protecting against security threats and addressing privacy concerns. Join this session to learn if government technology regulations save humanity or kill innovation.

Conference:  Black Hat Asia 2023

Authors: Xiaosheng Tan

2023-05-11

Data has been regarded as the fifth factor of production, and data security is ranked a high priority by governments across the world. In China, data security-related legislation such as the "Data Security Law" and "Personal Information Protection Law" have been promulgated and have were put into effect in 2022. The number of data security projects also increased rapidly. The government, finance, telecommunications, energy, education, healthcare, and other industries have different regulatory requirements for data security and their strategies for data security are quite different.The biggest challenge facing data security is that data security technologies, products, solutions, and service capabilities are far behind regulatory and customer requirements. Some companies have made meaningful explorations in data security products and solutions, such as privacy enhanced computing, transparent encrypt/decrypt, zero trust in data security, etc.

Conference:  Black Hat Asia 2023

Authors: Maxine Holt, Marina Krotofil, Tara Seals, Fyodor Yarochkin, Stefano Zanero

2023-05-11

Artificial Intelligence (AI) has the potential to revolutionize cybersecurity by enhancing detection and response capabilities, automating routine tasks, and identifying threats that are invisible to humans. However, AI also poses significant risks, including the potential for attackers to use AI to develop more sophisticated attacks and evade detection. Panelist will explore how AI can be used to improve cybersecurity, the ethical considerations of using AI in security, and how to manage the risks associated with AI-powered security systems. Additionally, the panel will discuss the future of AI and cybersecurity and the role the InfoSec community and policymakers can have in shaping the development and use of AI in security.

Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Greg Kroah Hartman, Philippe Ensarguet, Gabriele Columbro, Sachiko Muto

2023-04-21

The EU Cyber Resilience Act aims to address a vital need for improved security across the software supply chain, but there’s broad consensus that, in its current draft, it risks imposing undue burden on individuals and non profit organizations with the risk of stifling European open source innovation with ripple effects to it’s global ecosystem. We welcome representatives from all the different constituents of the Community, from individual maintainers to companies consuming and contributing to open source, from representatives of the public sector to open source foundations, to join us for an open discussion to learn more on the real life impacts of the CRA and where do we go from here