Public Speaking
I've had the distinct good fortune to speak at a number of security events throughout the US and Canada. I've also provided security training in Singapore and Mexico City, but those presentations are not public, and thus I cannot share the presentation materials.
- RSA Conference USA 2011
- Panel - GRC-201 "Reasonably Foreseeable, Legally Defensible" (Preview Podcast)
- Moderator: Benjamin Tomhave - Panelists: Rafal Los, Dave Navetta, Dan Houser, Serge Jorgensen
- Description: "The legal defensibility doctrine provides a sound risk management strategy that converges business, legal, and information security interests. However, part of that doctrine hinges on what is reasonably foreseeable. This panel will bring together business, security, and legal experts to discuss how to best tackle challenges to legal defensibility based on reasonable foreseeability."
- LAW-403 "Ethical Considerations Involving the Use of Force in Cyberspace" (Preview Podcast)
- Presenters; Benjamin Tomhave and David Willson
- Description: "Unclassified discussions of offensive activities in cyberspace have begun to occur, though the ethics remain murky. Greater open dialogue must occur about the policy implications and practical realities around the "use of force" and acts of war in cyberspace. This session will look at the ethical issues that arise in these areas and stimulate debate about how such techniques should be used."
- Secure360 2011, Rocky Mountain Information Security Conference (RMISC) 2011, Security B-Sides Austin (2011), Security B-Sides Ottawa (2010), OWASP AppSec DC 2010
- "The Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform"
- Description: "What we're doing today is not working and isn't sustainable. The fundamental culture of the average business does not encourage making good security decisions. Software shops continue to focus on functionality and timelines, neglecting information security. In spite of regulations like PCI and HIPAA+HITECH, which are levying fines against organizations for their security failures, the tipping point has clearly not been reached to cause meaningful change. Much of this problem can be attributed to the excessive use of negative incentives (sticks) instead of providing positive incentives (carrots) that inspire better decision-making and motivate true change. Fortunately, it's not too late to change tactics and start achieving demonstrable success."
- ISSA International Conference 2010 - "Legally Defensible, Proactively Protected" with David Navetta
- RSA Conference USA 2010
- Panel - LAW-401 "Digital Forensics vs. Security & Encryption"
- Moderator: Serge Jorgensen - Panelists: Joseph Burton, Hoyt Kesterson, Robert Thibadeau, Benjamin Tomhave
- Cyber Information Security Conference (CIScon) 2009
- "It's About Time" - A talk on the importance of time synchronization and the pitfalls of NTP.
- "Total Enterprise Assurance" - A full-day training session based on the upcoming release of version 2 of the TEAM Model, blends Survivability with Assurance Management. It provides a roadmap for flexibly structuring the assurance management program while achieving the goals of defensibility and recoverability.
- "Practical Key Management" - A half-day session on managing cryptographic key materials, including a look at different vendors and use models available today.
- CSI Annual 2008, Data Security Summit - "Information Classification (Ugh!)"
- RootFest 2000, Minneapolis, MN (a defunct conference) - "Holistic Security: A Discussion of Risk Analysis & Strategic Initiatives"
My Other Pages
[ Bio & Resume ]
[ Papers & Publications ]
[ Public Speaking ]
[ TEAM Model ]
[ Old Pages ]
Subscribe
My Google Reader Feed
Lijit Search
[ Papers & Publications ]
[ Public Speaking ]
[ TEAM Model ]
[ Old Pages ]
Subscribe My Google Reader Feed
Lijit Search
Support Me
Support EFF
