Last week a few SeNet employees attended the RVASEC security conference. This was the second year of RVASEC and while I missed the inaugural year I was excited to attend this time. What made it even more exciting is that I was selected to speak at the event. The topic of my presentation was “How to Defend Against FISMA” and it focused on mistakes that are typically made and attempted to give some insight into improving the process. I was pleased with the performance of the presentation, though the turnout was less than stellar. Perhaps I have learned my lesson and no more compliance related talks at security cons. Though to be fair I was going against another excellent talk at the same time in the other track and the CTF just started when I was scheduled to present. I still had a great time doing it and had some people stop by and let me know that they enjoyed it.
I really enjoyed the feel and atmosphere that RVASEC had, definitely different from some of the larger security conferences. I think it was also a great value, only costing $75 for two days of talks. Not to mention free parking, lunch and breakfast included, and the after party. Also a pretty cool badge.
The talks for the most part were good, there were a few that missed the mark either due to the content or the presentation style. Below is our review of some of the talks we attended.
Alex Hutton – Keynote Day 1
We arrived about mid-way through his talk but I found it pretty interesting. He focused on metrics and methods to analyze large amounts of data. He gave examples of what his organization was currently doing and listed some of the tools and techniques they were utilizing.
Chris Wysopal – Keynote Day 2
I only stayed for about half of this keynote as I had to prepare for my own talk. Surprisingly this talk was not about code or development as Chris is the CTO of Veracode, but rather the thesis was the need for an agency to monitor security events. His analogy was the airline industry and comparing it to the security industry and how in the early stages the numbers of accidents were rising dramatically until the NTSB was formed and he suggested something similar for our sector.
Adam Ely - BYOD: Risks, Maturity, and SolutionsAdam is the founder and COO of Bluebox a company that focuses on mobile security. His talk focused on why organizations are concerned about BYOD and gave a lot of interesting stats and high level solutions on what can be done to add controls. He never mentioned what his company’s solution to this “problem” was, which I understand you are not supposed to but I for one was interested in it.
Dan Han - SIEM implementation: What to expect This talk focused on how VCU implemented their SIEM solution. Dan did a great job making the presentation flow and outlined many lessons learned that will be useful for anybody contemplating a similar implementation.
Dan Holden - DDoS & Modern Threat MotivationsThere seemed to be a few talks that focused on “cyber war” and this was part of the focus. He gave a lot of examples on what various groups from hacktavist to foreign countries were doing in this space. The talk held my attention and the slides were informative. Daniel Ramsbrock - Web Application Vulnerabilities and Solutions While this talk was technically good I found the presentation style and examples not that exciting. It seemed like it was basically an OWASP Top 10 101 type talk. Now that is not a bad thing and it has a place. In fact I just saw Jim Manico speak on a similar subject at OWASP NOVA a few weeks ago and felt his presentation style and examples were much more engaging. Now that is not to say that Dan did a bad job or didn’t know the material, maybe I have just seen this type of talk too many times.
Sean Mason – A Day in the Life of an Incident Responder at a Fortune 5 This was the last talk that I attended on the second day of conference. I found the talk to be very interesting since it was align with the day to day security operations and incident response work that I perform at our client site. Sean Mason is director of incident response at GE and he went over the process of responding to computer security incidents. At GE the incident response is managed by following the “Kill Chain Framework”. This framework approaches the defense mechanisms of an organization against the cyber threat by gathering the intelligence about the threat from various sources and then setting up defenses against the advanced threats. This, in addition to the traditional defense mechanisms where by organization patches the systems and installs various commercial security products to defend against the threats. The problem with traditional defense mechanisms is that they usually do not prevent against long term and highly sophisticated attacks once the network is penetrated and compromised. He also emphasize that since the kill chain framework is dependent upon the intelligence about the threats, it is important to also share the intelligence with others.