IoT Security

IoT Security

As IoT transforms entire enterprises, it creates incredible benefits but also dramatically increases the number of attack vectors. This theater examines the technologies and practices to help you protect your IOT infrastructure and devices. From connected vehicles to critical infrastructure there will be expertise and advice on securely protecting and managing your devices and detect stealthy sophisticated advanced threats to IOT systems.

IoT Security Speakers

Andrew Tsonchev
Andrew Tsonchev

Director of Technology, Darktrace Industrial Darktrace

View

Andrew Tsonchev
Mark Hermeling
Mark Hermeling

Senior Director of Product Marketing GrammaTech

View

Mark Hermeling

Mark Hermeling, MSc Mark has close to 20 years of experience in software development tooling, operating systems, virtualization and networking technology in safe and secure, embedded and real-time systems. He has worked on projects building automotive, networking, aerospace and defense and industrial devices in North America, Europe and Asia. Mark joined Grammatech in 2017 as Senior Director of Product Marketing, directing GrammaTech’s commercial software product and business development efforts. Prior to joining GrammaTech Mark worked for Wind River Systems (an Intel Corporation subsidiary), Zeligsoft and IBM Rational. He received a Master of Science degree in Computing Science from Eindhoven University of Technology for research into timing constraints overlaid on object oriented languages.

Roger Johnston
Roger Johnston

CEO/Security Philosopher Right Brain Sekurity

View

Roger Johnston

Roger G. Johnston, Ph.D., CPP is head of Right Brain Sekurity, a company devoted to security consulting, vulnerability assessments, and R&D.  Roger received his Bachelor’s Degree from Carleton College in 1977, and his M.S. and Ph.D. degrees in physics from the University of Colorado in 1983. 

Dr. Johnston was founder and head of the Vulnerability Assessments Teams at Los Alamos National Laboratory (1985-2007) and Argonne National Laboratory (2007-2015).  He has provided consulting, training, vulnerability assessments, and R&D on security for over 70 companies, NGOs, and government agencies, including IAEA, DoD, DOE/NNSA, NSF, Department of State, and intelligence agencies.

Roger has won numerous awards for his work.  He holds 10 U.S. patents, has authored more than 200 technical papers and book chapters, and has given 90+ invited talks, including 6 Keynote Addresses at national and international conferences.  Dr. Johnston has frequently been interviewed for his views on security by bloggers and journalists. He serves as editor of The Journal of Physical Security.

William Malik
William Malik

VP, Infrastructure Strategies  Trend Micro

View

William Malik

Bill helps clients achieve an effective information security posture spanning endpoints, networks, servers, cloud, and the Internet of Things.  This involves technology, policy, and procedures, and impacts acquisition/development through deployment, operations, maintenance, and replacement or retirement.

During his four-decade IT career, Bill has worked as an application programmer with the John Hancock Insurance company; an OS developer, tester, and planner with IBM; a research director and manager at Gartner for the Information Security Strategies service and the Application Integration and Middleware service, and served as CTO of Waveset, an identity management vendor acquired by Sun. He ran his own consulting business providing information security, disaster recovery, identity management, and enterprise solution architecture services for clients including Motorola, AIG, and Silver Lake Partners. Bill has over 160 publications and has spoken at numerous events worldwide.

Bill attended MIT, majoring in Mathematics. He is a member of CT InfraGard and ISACA.

More speakers to be announced soon

IoT Security Seminars

  • Wed 26th Sep 10:50 - 11:20
  • Thwarting a Cyberphysical Attack in the IoT Era William Malik  |   Trend Micro   |   IoT Security

    IoT Security Theatre

    Wed 26th Sep 10:50 to 11:20

    Thwarting a Cyberphysical Attack in the IoT Era

    While businesses and consumers see opportunity and efficiency in the billions of devices now connected to the Internet of Things and Industrial Internet of Things, cyber criminals also see an opportunity in the vulnerabilities created with each connection. This session will outline three things you need to understand in order to prevent a cyberphysical attack in our digitally connected world. Walk away with best practices you can use to implement the right mix of policy, architecture, training and technology to keep your organization secure.

    Speaker

    Photo Speaker Name Profile
    William Malik William Malik View Profile
  • Wed 26th Sep 11:30 - 12:00
  • Third Party Software Vulnerability Assessment Mark Hermeling   |   GrammaTech   |   IoT Security

    IoT Security Theatre

    Wed 26th Sep 11:30 to 12:00

    Third Party Software Vulnerability Assessment

    There are few tools to measure outstanding cyber security risk in third party software, which is a blind spot, especially for verticals such as IoT, automotive, or payment-based systems such as smartcards.
    In this presentation we will look at various types of automated assessments to measure outstanding risks for native binaries. We will look at three approaches: 1) automated detection of violation of policies such as PCI DDS, FISMA and ISO 27001; 2) software composition analysis to find N-day exploits; and lastly 3) manual analysis to find vulnerable paths through the application that leak data before authentication.

    Speaker

    Photo Speaker Name Profile
    Mark Hermeling Mark Hermeling View Profile
  • Wed 26th Sep 13:40 - 14:10
  • Vulnerability Assessments: Are You REALLY Doing Them? Roger Johnston  |   Right Brain Sekurity  |   IoT Security

    IoT Security Theatre

    Wed 26th Sep 13:40 to 14:10

    Vulnerability Assessments: Are You REALLY Doing Them?

    Many organizations don’t do vulnerability assessments (VAs), though they may do things that they THINK are VAs. While potentially useful, activities such as penetration testing, “Red Teaming”, security surveys, security audits, compliance checking, feature analyses, threat assessments, Risk Management, DBT, fault/event tree analysis, software assessment tools, etc. are not vulnerability assessments.

    They often fall short of the security benefits that a good VA can provide. This talk discusses why VAs are so important and how to do them. Unconventional security metrics and insider threat mitigation in the context of effective VAs will also be covered. The speaker is a professional vulnerability assessor with 30 years of experience.

    Speaker

    Photo Speaker Name Profile
    Roger Johnston Roger Johnston View Profile
  • Thu 27th Sep 09:30 - 10:00
  • The Industrial Immune System: Using Machine Learning & AI for OT Cyber Defense Andrew Tsonchev  |   Darktrace   |   IoT Security

    IoT Security Theatre

    Thu 27th Sep 09:30 to 10:00

    The Industrial Immune System: Using Machine Learning & AI for OT Cyber Defense

    There is an urgent need for a new approach to combat the next generation of cyber-threats, across both OT and IT environments. While total prevention of compromise is untenable, utilizing automated self-learning technologies to detect and respond to emerging threats within a network is an achievable cyber security goal, irrespective of whether the suspicious behavior originated on the corporate network or ICS.

    Speaker

    Photo Speaker Name Profile
    Andrew Tsonchev Andrew Tsonchev View Profile
Top