|PRESENTER:||Ian Amit, Director of Security Services for IOActive|
|PRESENTATION:||Painting a company red and blue|
|LOCATION:||Komplex 457, Zurich, Switzerland|
|DATE & TIME:||Tuesday June 3, 2014 at 10:30am|
In this presentation, Ian will focus on red team engagements and why they are gaining in popularity. By way of background, red teams attack something, while the opposing blue team defends. Traditionally organisations have focused on defense and many have established highly qualified blue teams. In reality, organisations need the yin and yang of both offensive and defensive measures to truly secure their critical assets against today’s evolving threats. Red team exercises provide an invaluable methodology and process for understanding your weak points from an attacker’s point of view.
Ian’s presentation is geared for anyone charged with protecting real-world assets. Designed to be highly engaging and interactive, Ian will explore relevant scenarios and delve into the dark side of understanding where your most critical assets are open to the greatest risk.
|PRESENTER:||Wim Remes, Managing Consultant for IOActive|
|PRESENTATION:||Threat Modeling? It’s not out of fashion!|
|LOCATION:||Komplex 457, Zurich, Switzerland|
|DATE & TIME:||Tuesday June 3, 2014 at 14:00pm|
It’s been more than a decade since Microsoft brought threat modeling to the attention of development and information security audiences. DREAD and STRIDE, combined with interesting side projects like the Elevation of Privileges card game, remain largely unused despite being offered to the community for free.
In this presentation, Wim will not regurgitate what we already know about threat modeling (there’s books for that), rather he will provide insight into how security professionals can use and apply threat modeling. His practical examples will include decomposing a complex software project, improving scoping efficiency during penetration testing, and educating and supporting developers. Wim’s presentation will reveal the often ignored value of threat modeling and enable the audience to apply it to both offensive and defensive security processes.
About Ian Amit
Ian Amit is Director of Services for IOActive. Ian oversees the northeast US services practice including the financial and healthcare sectors, as well as leading the red team division. Ian brings a mixture of software development, OS, network, and web security to work on a daily basis. He is also a regular guest speaker on Fox Business as well as at leading security conferences around the world (Black Hat, DefCon, OWASP, and InfoSecurity), and has published numerous articles and research material in print, online, and through broadcast media. Ian is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense Initiative, and a core member of the DirtySecurity Crew. Ian holds a Bachelor’s Degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.
About Wim Remes
As a Managing Consultant at IOActive, Wim Remes leverages his 15 years of security leadership experience to advise clients on reducing their risk posture by solving complex security problems and building resiliency into their organisations. Wim delivers expert guidance on reducing the high cost of IT security failures, both financially and in terms of brand reputation. Wim has deep expertise in network security, identity management, policy design, risk assessment, and penetration testing. Before joining the IOActive team, Wim was a Manager of Information Security for Ernst and Young and a Security Consultant for Bull, where he gained valuable experience building security programs for enterprise-class clients.
Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks. The event features many international IT security experts sharing their deep technical knowledge in an open environment and takes place 2nd/3rd of June, 2014 in Zurich. The conference is unique in Switzerland and is organized by DEFCON Switzerland, a non-profit association registered as a Defcon Group (DC4131, http://www.defcon.org/html/defcon-groups/dc-groups-index.html) with the aim to give experts and professionals a platform to transfer insights into the information security domain and to sensitize users to information security topics. The official conference web site is located at: http://www.area41.io
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.