SF Tech Events - GarysGuide | The #1 Resource for SF Tech

LOCATION

EVENT DETAILS

NCC Group is co-hosting its next security event with Pinterest in San Francisco. Join us at Pinterest HQ for an evening of talks & refreshments about the latest in security trends & topics.
You'll hear from different thought leaders in the security community as they give insight into TLS 1.3 challenges & deployment, how the Federal Trade Commission is working on protecting privacy, & how you just might be the best tool in an information security program.
Event Details:
<UL>
<LI>5:30 PM Doors open for registration</LI>
<LI>6:00 PM Presentations begin</LI>
<LI>Pinterest does not have parking lots, however there is metered street parking & parking lots. We recommend taking public transportation, as the SOMA offices are near Caltrain & Powell BART station</LI>
<LI>Food & drinks will be provided</LI>
<LI>ID WILL BE REQUIRED for alcoholic beverages</LI>
</UL>
 
<HR>
SPEAKER - Nick Sullivan, Head of Cryptography at Cloudflare
TALK TITLE - TLS 1.3
ABSTRACT - The protocol that protects most of the Internet secure connections is getting the biggest ever revamp, & is losing a round-trip. We will explore differences between TLS 1.3 & previous versions, focusing on the security improvements of the new protocol as well as some of the challenges we face around securely implementing new features such as 0-RTT resumption. At Cloudflare we will be the first to deploy TLS 1.3 on a wide scale, & we'll be able to discuss the insights we gained while implementing & deploying this protocol as well as challenges to the broader ecosystem of encryption on the web.
BIO - Nick Sullivan is a leading cryptography & security technologist. As Head of Cryptography at Cloudflare, a top Internet performance & security company, he is responsible for overseeing all cryptographic products & strategy. He was instrumental in building Cloudflare's security engineering team & led major projects including as Keyless SSL & TLS 1.3. Prior to joining Cloudflare, he was a digital rights management pioneer, helping build & secure Apple's multi-billion dollar iTunes store. He holds an MSc in Cryptography, is the author of more than a dozen computer security patents, & regularly speaks at major security conferences.
 
SPEAKER -Whitney B. Merrill, Attorney, Federal Trade Commission
TALK TITLE - An Overview of FTC Law 
ABSTRACT -The Federal Trade Commission a law enforcement agency tasked with protecting consumers from unfair & deceptive practices. This talk will provide an overview of FTC law, as the leading enforcer of privacy & data security, discuss interesting cases, & discuss initiatives at the FTC like Start with Security, OTECH, & the IoT Home Inspector Challenge.
BIO -Whitney Merrill is an attorney at the Federal Trade Commission. She works on a variety of consumer protection matters including data security, privacy, & deceptive marketing & advertising. Whitney received her master's degree in Computer Science from the University of Illinois at Urbana-Champaign & her J.D. from the University of Illinois College of Law, where she explored issues associated with the intersection of technology, information security, privacy, & the law. Recently, she received the 2017 Women in Security Award at RSA & was recognized named one of the 2017 Top Women in Cybersecurity by CyberScoop. During her time at UIUC, she was Managing Editor of the Illinois Law Review, an Illinois Cyber Security Scholar, & member of the Illinois Security Lab. Her research was published last year in the Network & Distributed System Security Symposium (NDSS). Whitney also runs the Crypto & Privacy Village, which appears at DEF CON & other conferences each year. 
 
SPEAKER -Damon Small, Technical Director at NCC Group TALK TITLE -Layer 8 & Why People Are the Most Important Security Tool 
ABSTRACT -People are the cause of many security problems, but people are also the most effective resource for combating them. Technology is critical, but without trained professionals, it is ineffective. In the context two case studies, the presenter will describe specific instances where human creativity & skill overcame technical deficiencies. The presenter believes this topic to be particularly relevant for blue teamers who often must defend their organization's' information assets under less-than-ideal circumstances.
Technical details will include the specific tools used, screenshots of captured data, & analysis of the malware & the malicious user's activity. The goal of the presentation is show the importance of technical ability & critical thinking, & to demonstrate that skilled people are the most important tool in an information security program.
Several technological challenges conspired against the team during these incidents. Using both commercial & freely obtainable tools the team was able to overcome these obstacles in a resourceful & cost-efficient manner. The analysts' actions demonstrate that problems can be solved creatively using limited resources. While companies must regularly evaluate commercial products, properly trained personnel can be more valuable to an organization than any hardware or software device.
BIO -Damon Small began his career studying music at Louisiana State University. Pursuing the changing job market, he took advantage of computer skills learned in the LSU recording studio to become a systems administrator in the mid 1990s. Over the past 16 years as a security professional he has supported infosec initiatives in the healthcare, defense, aerospace, & oil & gas industries. In addition to his Bachelor of Arts in Music, Damon completed the Master of Science in Information Assurance degree from Norwich University in 2005. His role as Technical Director includes working closely with NCC Group consultants & clients in delivering complex security assessments that meet varied business requirements.