Security NYC 2017 provided a hype-free, lessons-learned examination of the sophisticated practices and cutting-edge techniques some of the world's best security professionals use to protect their networks, clouds, and data. Defining the speakers who presented at Security NYC 2017 as some of the "world's best" is not hype—it's the truth. The individuals chosen to speak were peer reviewed by a 40-person program committee …
Security NYC 2017 provided a hype-free, lessons-learned examination of the sophisticated practices and cutting-edge techniques some of the world's best security professionals use to protect their networks, clouds, and data. Defining the speakers who presented at Security NYC 2017 as some of the "world's best" is not hype—it's the truth. The individuals chosen to speak were peer reviewed by a 40-person program committee consisting of in-the-trenches security practitioners working at companies like American Airlines, Microsoft, MedSec, White Ops, Endgame, Snyk, Fastly, Starbucks, Signal Sciences, VeraCode, and more. Containing 50+ hours of material, this video compilation provides a complete recording of each of the keynote speeches, tutorials, and technical sessions delivered by this esteemed group. A few of the conference's highlights are listed below.
Keynotes
Great software is secure software. - Chris Wysopal (Veracode)
The Dao of defense: Choosing battles based on the seven chakras of security - Katie Moussouris (Luta Security)
Enterprise security: A new hope - Haroon Meer (Thinkst)
Why cloud-native enterprise security matters (sponsored by Pivotal) - Matt Stine (Pivotal)
Empowering through security - Fredrick Lee (Square)
Building a culture of security at the New York Times - Runa Sandvik (New York Times)
An infinite set of security tools - Window Snyder (Fastly )
2017 O’Reilly Defender Awards - Rachel Roumeliotis (O’Reilly Media), Allison Miller (Google)
Sponsored
Autonomous cyberdefense: AI and the immune system approach (sponsored by Darktrace) - Justin Fier (Darktrace)
The new security playbook: New regulations, new threats, and a data-centric approach (sponsored by Vera Security) - Prakash Linga (Vera Security)
Effective security in zero-trust environments (sponsored by Duo Security) - Taylor McCaslin (Duo Security)
Supercharge your SIEM with Cloudera - TJ Laher (Cloudera)
Security usability
Security by the numbers: Improving the security of online content through transparency reporting - Michee Smith (Google)
Security + design * data science: A bot story - Bobby Filar (Endgame), Rich Seymour (Endgame)
DevSec: Continuous compliance and security with InSpec - Christoph Hartmann (Chef Software), Dominik Richter (Chef Software)
It’s us, not them: Exploring the weakest links in security - Jessy Irwin (Jessysaurusrex)
Shifting to security awareness 2.0 - Jason Hoenich (Habitu8)
BeyondCorp: Beyond “fortress” security - Neal Mueller (Google), Max Saltonstall (Google Cloud, Office of the CTO)
Bridging business and security
Cyber-risk decision making: How boardrooms view digital threats - Yong-Gon Chon (Focal Point Data Risk), Wade Baker (Cyentia Institute)
Enterprise SaaS startups: The business case for security - Kyle Randolph (Optimizely)
Weathering the storm: The art of crisis communications - Jen Ellis (Rapid7)
Strike back against legacy software vulnerabilities - Jay Kelath (Dow Jones)
Embracing security as a culture: Users aren’t the problem; they’re remotely deployed sensors. - Chester Wisniewski (Sophos)
Sensible Conversations about security - Jim Gumbley (ThoughtWorks)
Top 15 things we wish every company had already done before acquisition - Ruchi Shah (Google), Michael Sinno (Google)
She blinded me with science: Understanding misleading, manipulative, and deceptive cybersecurity - Josiah Dykstra (Department of Defense)
A system dynamics approach to CNO modeling - Sara Mitchell (Carnegie Mellon University)
Security and UX: Making the digital world safer, one experience at a time - Gwen Betts (Komand)
Security analytics
Malicious CDNs: Tracking botnets using open source SSL data - Thomas Mathew (Cisco Umbrella (OpenDNS)), Dhia Mahjoub (Cisco Umbrella (OpenDNS))
Inside the bad actor’s studio - Julian Wong (DataVisor)
Predicting exploitability with Amazon Machine Learning - Michael Roytman (Kenna Security)
Contextualizing your Splunk logs - Quiessence Phillips (Barclays)
Toward a threat-hunting automation maturity model - Alex Pinto (Niddel)
Tools and processes
Travel computing security: Old and new problems - Ryan Lackey (ResetSecurity)
Symbolic execution for humans - Mark Mossberg (Trail of Bits)
Going serverless: Security outside the box - Jack Naglieri (Airbnb), Austin Byers (Airbnb)
Using security champions and automation to create an effective SPLC - Taylor Lobb (Adobe), Julia Knecht (Adobe)
How to launch and run a successful bug bounty program: A security team perspective - Alexandra Ulsh (Mapbox)
Zero-trust networking: Never trust, always verify - Harry Sverdlove (Edgewise Networks)
Consensual software: Prioritizing user trust and safety - Danielle Leong (GitHub)
The Razor’s Edge - Cutting your TLS baggage - Jan Schaumann (The Internet)
Teachable moments
“Build me a world-class security program in three months” - Christie Terrill (Bishop Fox)
Security and privacy: Together in good times and bad - Tom Cignarella (Adobe), Jennifer Ruehr (Adobe)
Securing existing AWS infrastructure - Devina Dhawan (Etsy)
Internal bug hunts: Squashing security bugs on a budget - Pieter Ockers (Adobe)
Router security - Michael Horowitz (Self-Employed)
Tutorials
Applying container and Docker security - Ben Hall (Katacoda | Ocelot Uproar) - Part 1
Applying container and Docker security - Ben Hall (Katacoda | Ocelot Uproar) - Part 2
Web security analysis toolbox - Ido Safruti (PerimeterX), Amir Shaked (PerimeterX) - Part 1
Web security analysis toolbox - Ido Safruti (PerimeterX), Amir Shaked (PerimeterX) - Part 2
Web security analysis toolbox - Ido Safruti (PerimeterX), Amir Shaked (PerimeterX) - Part 3
Finding the vulnerability first and fast - Kevin Poniatowski (Security Innovation) - Part 1
Finding the vulnerability first and fast - Kevin Poniatowski (Security Innovation) - Part 2
Secure coding practices and automated assessment tools - Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison) - Part 1
Secure coding practices and automated assessment tools - Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison) - Part 2
Secure coding practices and automated assessment tools - Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison) - Part 3
Secure coding practices and automated assessment tools - Bart Miller (University of Wisconsin-Madison), Elisa Heymann (University of Wisconsin-Madison) - Part 4
Reversing the kill chain: An actionable framework for defending against common threats - Amanda Berlin (NetWorks Group) - Part 1
Reversing the kill chain: An actionable framework for defending against common threats - Amanda Berlin (NetWorks Group) - Part 2
Reversing the kill chain: An actionable framework for defending against common threats - Amanda Berlin (NetWorks Group) - Part 3