Speaking at 2010 DC3 Cyber Crime Conference

I'm happy to share that a presentation of mine has once again been selected for the DC3 Cyber Crime Conference, held in St. Louis at the end of January, 2010. I'm very excited to be speaking again. You can read about my past presentations here and here. If you're planning to attend, I'd love it for you to drop by on Thursday from 1:30-3:30PM.

Intelligence-driven Response for Computer Network Defense
Network defense against sophisticated adversaries requires a new approach than what the information security industry typically prepares its analysts for. From the overarching incident response process down to the specific questions each analyst must be able to answer, classic incident response techniques and procedures are insufficient in the face of persistent and focused intrusion attempts. A detailed understanding of one’s enemy, specifically, is an overlooked concept in industry-standard information security pedagogy and mindset which can offer strategic, actionable insight into effective response. This presentation extends some information warfare concepts to discuss how intelligence-driven analysis and response can improve the defensive posture of organizations facing advanced persistent threat actors. Examples will be given at the micro and macro level; attendees should be technically well-versed as they are able to see the “big picture” of computer network defense.

Speaking at SANS CDI

I will be participating in four separate events at SANS CDI this year. While the panels aren't yet listed on SANS's website, they should be soon, and Richard Bejtlich has a good overview on his blog. Specifically, I will be involved with:
  • Commercial Security Intelligence Service Providers as a moderator
  • Noncommercial Security Intelligence Service Providers as a moderator
  • Unix and Windows Tools and Techniques as a panelist
  • CIRTs and MSSPs as a panelist
If you have budget left for the year, you should definitely check it out. It's going to be a great few days of material, paired with the usual selection of great SANS training.