Speakers at Black Hat are at the top of their field, and we're proud to consistently attract the best of the best. If you haven’t seen the updated lineup, we placed a link at the bottom of this post to today’s updates.
We think this is especially apparent in today's selection of Briefings, which deal with security topics relevant to the very highest levels of government. Luckily, it's a lot easier to participate at Black Hat than to gain access to the government meeting rooms in which these topics more typically echo.
Sometimes the most dangerous threat is the one that comes from inside your organization, which is why the Federal Bureau of Investigation takes the possibility of hostile insiders very seriously. Join Patrick Reidy, the FBI's Chief Information Security Officer, for Combating the Insider Threat at the FBI: Real World Lessons Learned, in which he'll explain the wide variety of methods the FBI uses to root out internal threats. You might be surprised to learn just how T.S. Eliot, Puxatony Phil, eugenics, DLP, crowdsourcing, black swans, and narcissism all tie into their comprehensive methodology.
The Common Vulnerability Scoring System (CVSS) is widely used as the de-facto risk metric for appraising vulnerabilities, to the point that even the U.S. government recommends it. But does it truly provide an accurate risk assessment? In How CVSS is DOSsing Your Patching Policy (And Wasting Your Money) Luca Allodi will make a compelling case that it does not. Allodi will present the results of his tests of CVSS against real attack data, and show how CVSS results can mislead those looking to choose which vulnerabilities to patch... sometimes to an extreme degree.
How does the government respond to computer security incidents of the highest level? Jason Healey, director of the Cyber Statecraft Initiative of the Atlantic Council, will shed some light on the subject in Above My Pay Grade: Cyber Response at the National Level. The Briefing will examine the flow of cyber incident response, using a finance-sector scenario, starting from individual banks and moving up through the many ranks of government. Healey will highlight the system's pros and cons; though flexible, it may not be responsive enough to effectively react to a fast-moving security incident.
So, come learn a thing or two about the game is played at the top -- just be sure to mind the mirror-shaded, earpiece-sporting suits on your way in. Check back next week for more intriguing session updates, or hit us up on your social network of choice: