8th Annual IT Security Automation Conference and Expo Presentations
Below is a list of presentations from the 8th Annual IT Security Automation Conference and Expo.
If you were a presenter and would like your presentation included please send an email to scap@nist.gov including your presentation.
Day 1 (10/03/2012)
- General Session Presentations
- Continuous Monitoring
- Software Assurance
- Solutions Track
Day 2 (10/04/2012)
- General Session Presentations
- Continuous Monitoring
- Incident Handling & Information Sharing
- Trusted Computing & Security Automation
- Solutions Track
Day 3 (10/05/2012)
- General Session Presentations
- Continuous Monitoring
- Incident Handling & Information Sharing
- Trusted Computing & Security Automation
- Analytics & Mitigations: With Security Mitigation Enablers
Day 1 (10/03/2012)
Presenter(s) | Presentation |
---|---|
Donna Dodson, Chief, Computer Security Division/Deputy Cyber Security Advisor (NIST) | Welcome Address |
Debora A. Plunkett, Information Assurance Director (NSA) | Keynote Address: Mobility and Security Automation: Are We Ready to Meet Emerging Cyber Challenges? |
Presenter(s) | Presentation |
---|---|
Richard Spires (DHS) | FedRAMP onto Cloud First: A CIO's Direction |
Karen Evans (US Cyber Challenge), Frank Reeder (NBISE) | Beyond A-130: Next Generation Federal Roles in Cyber |
Tony Sager (SANS Institute) | More for Less: What Should be in the CISO Playbook |
Timothy McBride (DOJ), Kevin Dulany (DOJ), Nancy Lim (DOJ), Dave Otto (DOJ) | CMWG: The New Landscape of Opportunity - Tri-Chairs |
Dr. George Moore (), Kim Watson (), Richard Lippmann (), Lisa Young () | Cyber Effectiveness Measures & Thoroughly Modern Maturity (Model & Roadmap) |
Matt Linton (NASA) | Success Stories: Cloud Security at NASA |
Presenter(s) | Presentation |
---|---|
Joe Jarzombek (DHS), Ian Bryant (UK SSDRI), Bob Martin (MITRE) | Software Assurance Automation for Supply Chain Risk Management |
Bob Martin (MITRE), Steve Christey (MITRE) | Empowering Automated Tools for Mitigating Egregious Software Weaknesses |
Paul Black (NIST), Vadim Okun (NIST), Tim Boland (NIST) | Results of the Static Analysis Tools Exposition (SATE) |
Penny Chase (MITRE) | MAEC 2.0 Explored |
Ivan Kirillov (MITRE) | Malware Hunting with OVAL and MAEC |
Steve Klos (TagVault.org) | Software Identification: Your IT Security Depends on It! |
Presenter(s) | Presentation |
---|---|
RSA representative (RSA) | Intelligence-Driven Security: Advanced Threat & Continuous Monitoring |
Josh Shaul (Application Security Inc) | Hacking Databases: Exploiting The Top Database Vulnerabilities And Misconfigurations |
Andrew Wild (Qualys), Wolfgang Kandek (Qualys) | Automating the 20 Critical Controls with a Full Life Cycle Security and Compliance Program |
Mark Haase (Lunarline, Inc) | SCAP |
Ned Miller (Symantec), John Bordwine (Symantec), Mark Ryland (Amazon), Matt Scholl (NIST), Tony Sager (SANS) | CCM, CAG, Cloud: The Perfect Storm? |
Day 2 (10/04/2012)
Presenter(s) | Presentation |
---|---|
Mike Locatis, Assistant Secretary for Cybersecurity and Communications (CS&C) (National Protection and Programs Directorate, US Dept. of Homeland Security) | Keynote Address: Software Assurance: Updates from the Department of Homeland Security |
John Banghart, Program Analyst (Program Coordination Office, Office of the Under Secretary of Commerce for Standards and Technology, NIST), Phyllis Lee (NSA) | Government Priorities on Security Automation |
Ed Skoudis (SANS Institute) | The Bad Guys are Winning: Now What? |
Presenter(s) | Presentation |
---|---|
John Streufert, Director NCSD (DHS) | Civilian CONOPS |
Kevin Dulany (DoD) | DoD CONOPS |
Dr. George Moore (DHS) | Civilian FY 2013 Implementation - CMaaS |
Dr. Ron Rudman (State Dept.) | Civilian FY 2013 Implementation - Dashboard |
Mark Crouter (MITRE) | Civilian FY 2013 Implementation - Priority Tools Phase I |
Andrew Rikarts (VA) | Success Stores: A Case for Change at VA |
Presenter(s) | Presentation |
---|---|
Dennis Moreau (RSA) | Incident Response Orchestration in Advanced Threat Response: Opportunities and Challenges |
Rich Struse (DHS), Tom Millar (DHS) | An Introduction to TAXII: Trusted Automated eXchange of Indicator Information |
Aharon Chernin (FN-ISAC) | The FS-ISAC and Financial Sector Cyber Intelligence Standards Adoption |
Wes Young (REN-ISAC) | Beyond Automation and Standards: The Next 10 Years of Information Sharing |
Pat Cain (APWG) | Information Sharing: What Works, Doesn't Work, and Still Needs to Work |
Sean Barnum (MITRE) | Standardizing Cyber Threat Intelligence with the Structured Threat Information eXpression (STIX) |
Presenter(s) | Presentation |
---|---|
Neil Kittleson (NSA) | Trusted Computing Overview: Use Cases |
Mike Boyle (NSA) | Trusted Computing Overview: Standards |
Chris Salter (NSA) | Security Automation Standards |
Lisa Lorenzin (Juniper Networks) | Security Automation: Connecting your Silos |
Jessica Fitzgerald-McKay (NSA) | Network Access Control and Continuous Monitoring Standards |
Eric Winterton (Booz Allen Hamilton) | SCAP and TNC |
Presenter(s) | Presentation |
---|---|
Usman Choudhary (NetIQ) | Security Intelligence Made Easy |
Tom Kellerman (Trend Micro) | Advanced Situational Awareness (ASA) |
Rob Roy (HP Enterprise Security Products) | Beyond Continuous Monitoring, Multi-Layered Threat Detection and Response |
David Marcus (Advanced Research & Threat IntelligenceMcAfee) | The Impact of Hardware-Enhanced Security |
Day 3 (10/05/2012)
Presenter(s) | Presentation |
---|---|
Tony Sager (SANS Institute) | Keynote Address: The Basics and Beyond: Managing Security Effectively in the Rapidly Evolving IT Security Environments |
Presenter(s) | Presentation |
---|---|
Kevin Cox (DOJ), Dave Otto (DOJ) | Success Stories: A Case for Change at DOJ |
Verdis Spearman (US-CERT) | FedRAMP Incident Handling |
Steven Hernandez (HHS), Alma Cole (DHS), Jeffrey Eisensmith (ICE), Leo Scanlon (NARA), Gil Vega (DOE) | CISO Roundtable |
Jaime Lynn Noble (US Census Bureau), Tim Ruland (US Census Bureau) | Success Stories: The Census Bureau |
Peter Sell (NSA) | CAESARS FE Update |
Peter Sell (NSA) | CAESARS Continuous Monitoring Prototype |
Presenter(s) | Presentation |
---|---|
Tom Millar (DHS, US-CERT) | New Revisions to the NIST Computer Security Incident Handling Guidelines: Transforming Incident Coordination and Information Sharing Practices |
Kathleen Moriarty (EMA) | Incident and Indicator Exchange via Standards |
Mark Bristow (DHS) | ICS-CERT Incident Handling |
Roselle Safran (DHS) | Digital Media Analysis at DHS |
Tom Millar (DHS), Harold Booth (NIST), Mark Bristow (ICS-CERT), Steve Christey (The MITRE Corporation), Kent Landfield (McAfee), Art Manion (CERT/CC), Rich Struse (DHS), Greg Witte (G-2) | Global Vulnerability Reporting & Identification |
Presenter(s) | Presentation |
---|---|
Bob Clemons (NSA) | New BIOS Protections for Government Enterprise Clients |
Chris Daly (General Dynamics C4 Systems) | End-to-end Trust and Security Assertions for Mobile Platforms |
Kevin Bingham (NSA) | Integrated Mitigations Framework |
Jeff Blank (NSA) | Developing SCAP Content the Open Source Way: the SCAP Security Guide Project |
Charles Schmidt (MITRE) | SCAP Messages for Trusted Network Connect |
Jeffrey Picciotto (MITRE) | Practical Cyber Resiliency |
Presenter(s) | Presentation |
---|---|
James Tarala (SANS Institute) | Information Assurance Metrics: Practical Steps to Measurement |
Alan Paller (SANS Institute) | How Automation Can Create Security Heroes and Eliminate the Conflicts Between Security and Operations Staff |
Brian Keller (Booz Allen Hamilton) | Analytic Methods for Network Security |
Dan J. Klinedinst (Carnegie Mellon University) | Practical Enumeration and Measurement of Cyber Threat Information |
Grant Babb (Intel) | Mitigating Insider Threats through Analytic-Enabled Security Automation |
David Marcus (McAfee) | Finding the Signal in the Noise: Security Automation |