8th Annual IT Security Automation Conference and Expo Presentations
Below is a list of presentations from the 8th Annual IT Security Automation Conference and Expo.
If you were a presenter and would like your presentation included please send an email to scap@nist.gov including your presentation.
Day 1 (10/03/2012)
- General Session Presentations
- Continuous Monitoring
- Software Assurance
- Solutions Track
Day 2 (10/04/2012)
- General Session Presentations
- Continuous Monitoring
- Incident Handling & Information Sharing
- Trusted Computing & Security Automation
- Solutions Track
Day 3 (10/05/2012)
- General Session Presentations
- Continuous Monitoring
- Incident Handling & Information Sharing
- Trusted Computing & Security Automation
- Analytics & Mitigations: With Security Mitigation Enablers
Day 1 (10/03/2012)
| Presenter(s) | Presentation |
|---|---|
| Donna Dodson, Chief, Computer Security Division/Deputy Cyber Security Advisor (NIST) | Welcome Address |
| Debora A. Plunkett, Information Assurance Director (NSA) | Keynote Address: Mobility and Security Automation: Are We Ready to Meet Emerging Cyber Challenges? |
| Presenter(s) | Presentation |
|---|---|
| Richard Spires (DHS) | FedRAMP onto Cloud First: A CIO's Direction |
| Karen Evans (US Cyber Challenge), Frank Reeder (NBISE) | Beyond A-130: Next Generation Federal Roles in Cyber |
| Tony Sager (SANS Institute) | More for Less: What Should be in the CISO Playbook |
| Timothy McBride (DOJ), Kevin Dulany (DOJ), Nancy Lim (DOJ), Dave Otto (DOJ) | CMWG: The New Landscape of Opportunity - Tri-Chairs |
| Dr. George Moore (), Kim Watson (), Richard Lippmann (), Lisa Young () | Cyber Effectiveness Measures & Thoroughly Modern Maturity (Model & Roadmap) |
| Matt Linton (NASA) | Success Stories: Cloud Security at NASA |
| Presenter(s) | Presentation |
|---|---|
| Joe Jarzombek (DHS), Ian Bryant (UK SSDRI), Bob Martin (MITRE) | Software Assurance Automation for Supply Chain Risk Management |
| Bob Martin (MITRE), Steve Christey (MITRE) | Empowering Automated Tools for Mitigating Egregious Software Weaknesses |
| Paul Black (NIST), Vadim Okun (NIST), Tim Boland (NIST) | Results of the Static Analysis Tools Exposition (SATE) |
| Penny Chase (MITRE) | MAEC 2.0 Explored |
| Ivan Kirillov (MITRE) | Malware Hunting with OVAL and MAEC |
| Steve Klos (TagVault.org) | Software Identification: Your IT Security Depends on It! |
| Presenter(s) | Presentation |
|---|---|
| RSA representative (RSA) | Intelligence-Driven Security: Advanced Threat & Continuous Monitoring |
| Josh Shaul (Application Security Inc) | Hacking Databases: Exploiting The Top Database Vulnerabilities And Misconfigurations |
| Andrew Wild (Qualys), Wolfgang Kandek (Qualys) | Automating the 20 Critical Controls with a Full Life Cycle Security and Compliance Program |
| Mark Haase (Lunarline, Inc) | SCAP |
| Ned Miller (Symantec), John Bordwine (Symantec), Mark Ryland (Amazon), Matt Scholl (NIST), Tony Sager (SANS) | CCM, CAG, Cloud: The Perfect Storm? |
Day 2 (10/04/2012)
| Presenter(s) | Presentation |
|---|---|
| Mike Locatis, Assistant Secretary for Cybersecurity and Communications (CS&C) (National Protection and Programs Directorate, US Dept. of Homeland Security) | Keynote Address: Software Assurance: Updates from the Department of Homeland Security |
| John Banghart, Program Analyst (Program Coordination Office, Office of the Under Secretary of Commerce for Standards and Technology, NIST), Phyllis Lee (NSA) | Government Priorities on Security Automation |
| Ed Skoudis (SANS Institute) | The Bad Guys are Winning: Now What? |
| Presenter(s) | Presentation |
|---|---|
| John Streufert, Director NCSD (DHS) | Civilian CONOPS |
| Kevin Dulany (DoD) | DoD CONOPS |
| Dr. George Moore (DHS) | Civilian FY 2013 Implementation - CMaaS |
| Dr. Ron Rudman (State Dept.) | Civilian FY 2013 Implementation - Dashboard |
| Mark Crouter (MITRE) | Civilian FY 2013 Implementation - Priority Tools Phase I |
| Andrew Rikarts (VA) | Success Stores: A Case for Change at VA |
| Presenter(s) | Presentation |
|---|---|
| Dennis Moreau (RSA) | Incident Response Orchestration in Advanced Threat Response: Opportunities and Challenges |
| Rich Struse (DHS), Tom Millar (DHS) | An Introduction to TAXII: Trusted Automated eXchange of Indicator Information |
| Aharon Chernin (FN-ISAC) | The FS-ISAC and Financial Sector Cyber Intelligence Standards Adoption |
| Wes Young (REN-ISAC) | Beyond Automation and Standards: The Next 10 Years of Information Sharing |
| Pat Cain (APWG) | Information Sharing: What Works, Doesn't Work, and Still Needs to Work |
| Sean Barnum (MITRE) | Standardizing Cyber Threat Intelligence with the Structured Threat Information eXpression (STIX) |
| Presenter(s) | Presentation |
|---|---|
| Neil Kittleson (NSA) | Trusted Computing Overview: Use Cases |
| Mike Boyle (NSA) | Trusted Computing Overview: Standards |
| Chris Salter (NSA) | Security Automation Standards |
| Lisa Lorenzin (Juniper Networks) | Security Automation: Connecting your Silos |
| Jessica Fitzgerald-McKay (NSA) | Network Access Control and Continuous Monitoring Standards |
| Eric Winterton (Booz Allen Hamilton) | SCAP and TNC |
| Presenter(s) | Presentation |
|---|---|
| Usman Choudhary (NetIQ) | Security Intelligence Made Easy |
| Tom Kellerman (Trend Micro) | Advanced Situational Awareness (ASA) |
| Rob Roy (HP Enterprise Security Products) | Beyond Continuous Monitoring, Multi-Layered Threat Detection and Response |
| David Marcus (Advanced Research & Threat IntelligenceMcAfee) | The Impact of Hardware-Enhanced Security |
Day 3 (10/05/2012)
| Presenter(s) | Presentation |
|---|---|
| Tony Sager (SANS Institute) | Keynote Address: The Basics and Beyond: Managing Security Effectively in the Rapidly Evolving IT Security Environments |
| Presenter(s) | Presentation |
|---|---|
| Kevin Cox (DOJ), Dave Otto (DOJ) | Success Stories: A Case for Change at DOJ |
| Verdis Spearman (US-CERT) | FedRAMP Incident Handling |
| Steven Hernandez (HHS), Alma Cole (DHS), Jeffrey Eisensmith (ICE), Leo Scanlon (NARA), Gil Vega (DOE) | CISO Roundtable |
| Jaime Lynn Noble (US Census Bureau), Tim Ruland (US Census Bureau) | Success Stories: The Census Bureau |
| Peter Sell (NSA) | CAESARS FE Update |
| Peter Sell (NSA) | CAESARS Continuous Monitoring Prototype |
| Presenter(s) | Presentation |
|---|---|
| Tom Millar (DHS, US-CERT) | New Revisions to the NIST Computer Security Incident Handling Guidelines: Transforming Incident Coordination and Information Sharing Practices |
| Kathleen Moriarty (EMA) | Incident and Indicator Exchange via Standards |
| Mark Bristow (DHS) | ICS-CERT Incident Handling |
| Roselle Safran (DHS) | Digital Media Analysis at DHS |
| Tom Millar (DHS), Harold Booth (NIST), Mark Bristow (ICS-CERT), Steve Christey (The MITRE Corporation), Kent Landfield (McAfee), Art Manion (CERT/CC), Rich Struse (DHS), Greg Witte (G-2) | Global Vulnerability Reporting & Identification |
| Presenter(s) | Presentation |
|---|---|
| Bob Clemons (NSA) | New BIOS Protections for Government Enterprise Clients |
| Chris Daly (General Dynamics C4 Systems) | End-to-end Trust and Security Assertions for Mobile Platforms |
| Kevin Bingham (NSA) | Integrated Mitigations Framework |
| Jeff Blank (NSA) | Developing SCAP Content the Open Source Way: the SCAP Security Guide Project |
| Charles Schmidt (MITRE) | SCAP Messages for Trusted Network Connect |
| Jeffrey Picciotto (MITRE) | Practical Cyber Resiliency |
| Presenter(s) | Presentation |
|---|---|
| James Tarala (SANS Institute) | Information Assurance Metrics: Practical Steps to Measurement |
| Alan Paller (SANS Institute) | How Automation Can Create Security Heroes and Eliminate the Conflicts Between Security and Operations Staff |
| Brian Keller (Booz Allen Hamilton) | Analytic Methods for Network Security |
| Dan J. Klinedinst (Carnegie Mellon University) | Practical Enumeration and Measurement of Cyber Threat Information |
| Grant Babb (Intel) | Mitigating Insider Threats through Analytic-Enabled Security Automation |
| David Marcus (McAfee) | Finding the Signal in the Noise: Security Automation |