0

Days

00

Hours

00

Minutes

00

Seconds

Austin, Texas

Trainings: December 3 - 4, 2018 | Conference: December 5 - 6, 2018

Register Now

SOURCE AUSTIN IS ALMOST HERE! And it's now Virtual!

SOURCE is a different kind of security conference. We are one part CISO conference, one part Hacker conference, and one part Career and Personal Development event. In addition to great tech talks and business case studies, we are one of the few conferences to address people-related issues in security head-on.

We have assembled an outstanding selection of speakers across a variety of disciplines, and are looking forward to bringing everyone together. Come for the talks, stay for the conversations.

Event Highlights:
- World class InfoSec Talks
- Multi-track, multi-speaker event
- Business, technical and people-related talks
- Excellent networking opportunities
- Public speaking workshop - learn to be a better presenter!
- Security Hot Seats
- Interactive sessions
- Audience participation lightning talks

We have some great things in store for you! And here's the interesting part - the entire conference is VIRTUAL! The conference will run on Central time zone, but you can connect and participate from anywhere.

We look forward to seeing you online THIS WEEK! Wednesday + Thursday, Dec. 5th + 6th.

Conference Schedule

Click To Select Day

Virtual SOURCE Austin Conference Day 1

5 Dec 2018

Virtual SOURCE Austin Conference Day 2

6 Dec 2018

GROUP SESSION: Opening Remarks

8:30am - 9:00am Central Time SOURCE Team

Keynote: Why Your Company Needs an Independent Security Advisory Board

9:00am - 9:45am Central Time Andrew Hay, Founder and CTO, LEO Cyber Security

More Info

“Why Your Company Needs an Independent Security Advisory Board”

How do you prove to your customers that you’re safeguarding their data in a secure manner without needlessly exposing the organization to potential attacks? Since security is often billed as a “people problem” it only makes sense to rely on actual people to solve the problem – and not yet another security appliance or piece of software with silver bullets for the latest and greatest threat.

One method to address this communication gap is to form a trusted cyber security advisory board to discuss the current security industry trends, the best practices across the industry, and provide a vehicle for customers to communicate their security concerns to the organization’s leadership. This session will draw on the speaker’s experience in forming, operating, and sourcing advisors for a security advisory board. Topics to be discussed include:

  • The benefits of forming a cyber security board, its makeup, and its chartered goals
  • The expectations of the advisors, the organization leadership, and its customers
  • Anticipated challenges (and opportunities)
  • How to incorporate board feedback into the overall cyber security strategy
  • Quantifying and communicating the successes of the advisory board
Andrew Hay, CTO at LEO Cyber Security

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Andrew has served in various roles and responsibilities at several companies including DataGravity, OpenDNS (a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

GROUP SESSION: Career Development Track: Speed Networking

9:45am - 10:30am Central Time SOURCE Team

More Info

Speed networking has become a core staple of all SOURCE events. It’s a great, low-pressure way to get to know some people at the beginning of the conference. For many people, this is their favorite part of the conference.

We’re going to experiment with doing this virtually. For this session, you will need to be connected to the Zoom webinar, and also logged into virtualsourceaustin.slack.com.

Join us, play along, and learn a few things about your peers.

10:30am - 10:45am Central Time Short Break (Hang out in Slack!)

The Connected Hospital: IoT Medical Device Security

10:45am - 11:25am Central Time Andrew Hay, Founder and CTO, LEO Cyber Security

More Info

The loss of sensitive data and the potential for malware continue to be two primary concerns related to Internet access in health-related industries. The introduction of Internet of Things (IoT) connected medical platforms, however, raise an entirely new concern in the form of always-on, IP-connected, and remotely accessible devices. From automated medication dispensing systems to MRI machines and IV pumps to implantable cardiac defibrillators, the “Connected Hospital” is here to stay.

Healthcare organizations are dangerously unprepared for the security ramifications of Internet-connected medical equipment quickly entering their diagnostic imaging, specialized care, lab, surgical, and pharmacy units. Equipment manufacturers strive for a seamless transition from packing box to operational state in as few steps as possible – often with cloud-based web portals to control and administer the devices. Manufacturers will argue that devices sold undergo considerable security testing and are safe for use by the organizations they are sold to – but are they doing enough? Is your healthcare organization ready for the alarming increase in its attackable surface area that every part of the organization must now account for?

This talk explores research-based IoT concerns for connected medical devices. The speaker will reveal how these devices operate within your organization, the possible threats posed by their use, and how to detect, limit, or prevent insecure medical device operations on your network.

About Andrew Hay:

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Andrew has served in various roles and responsibilities at several companies including DataGravity, OpenDNS (a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Put your Oxygen Mask on Before Assisting Others: Self Care and Security

11:35am - 12:15pm Central Time Dr. Stacy Thayer

More Info

Put your Oxygen Mask on Before Assisting Others: Self Care and Security

For many, working in the security industry means you are responsibly for protecting your company or clients from an attack.  You ensure that proper care is implemented in order with withstand a breach or security incident.  While we may excel at giving proper care to security protocols,  how often do we take the time (or have the time) to consider our own state of being?  What happens when we are so busy taking care of everything else that we forget about ourselves?  This talk will discuss the importance of self care in the workplace and how it can have a positive impact in all areas of life.  Discuss strategies for avoiding burnout, alcohol and drug addiction or overconsumption, and the risk they can pose to your career.  Learn about concerns and roadblocks to self-care, as well as how to find the find and resources.

Tips for stress management, mental wellness, effective communication skills, work/life balance, and self-awareness will also be presented.  

Dr. Stacy Thayer Bio:

Dr. Stacy Thayer has over 20 years’ experience working with professionals in the technical and security industry, and a PhD in Clinical and Organizational/Business Psychology. Her clinical research has explored online communication as it relates to depression and anxiety, and factors that contribute to job satisfaction in the technology sector, and on burnout in the security industry. Her work in organizational and business psychology focuses on bridging the communication gap between technical and nontechnical working professionals. She is passionate about creating a positive and thriving working environment that will help support individual strengths and successes. Thayer was the Founder and Executive Director of SOURCE Conferences in Boston, Seattle, Barcelona, and Dublin before it was acquired in 2014 by Big Brain Security.  Thayer is currently going to school for an MBA and teaching Cyberpsychology and Behavior at California Lutheran University.

12:15pm - 1:15pm Central Time Lunch

GROUP SESSION: WORKING LUNCH (Public Speaking)

12:25pm - 1:05pm Central (40 minutes) Rob Cheyne, Executive Director, SOURCE Conference

More Info

Public speaking is one of the most important professional skills you can develop. Rob Cheyne has spoken to and trained tens of thousands of people over the past 15 years, and he’d like to share what he has learned with you.

Each day during the lunch break, Rob will host an interactive session on public speaking. Grab something to eat, and come learn some tips and tricks to improve your presentation skills!

Medical Device Threat Modeling with Templates

1:15pm - 1:55pm Central Time Valery Berestetstky, Jonathan Schaaf, GE Healthcare

More Info

Modern medical Devices contain many software components and are growing exponentially in complexity. The medical devices environment has typically struggled to threat model while the practice has become standard procedure for software systems. To help solve the problem for our engineering teams, we created a threat model template that combines the software and medical device specific threat modeling specifics together. We will demonstrate our creation and show how it’s lessons learned potentially apply to other IoT domains.

Valery Berestetsky, Principal Product Security Leader at GE Healthcare Digital

Valery Berestetsky is a Senior Security and Technical Program Manager with over 20 years of demonstrated industrial experience that covers a wide range of technologies and customer exposure. Berestetsky is experienced in application security, security risk assessments and compliance evaluations, as well as the complete project life cycle, particularly in the requirements gathering, design, development and deployment phases and building security into all these phases.

Jonathan Schaaf, Staff Product Security Analyst at GE Healthcare Digital

Jonathan Schaaf is a Product Development Security Specialist at GE Healthcare. He works with diagnostic imaging teams to help them hunt down and destroy security vulnerabilities. Schaaf is a Linux guy but fancies himself a jack of all trades. He’s particularly passionate about software that is critical to human life, and previously wrote software in the aviation industry. Schaaf has his private pilot’s license and enjoys using it to explore Wisconsin.

Enumerating Enterprise Attack Surface

2:05pm - 2:45pm Central Time Dan Cornell, CTO, Denim Group

More Info

Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets – including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.

Dan Cornell, Principal, Denim Group

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.

Cornell is an active member of the development community and a sought-after speaker on topics of web application security, speaking at international conferences including RSA Security Conference, OWASP AppSec USA and EU and Black Hat Arsenal.

2:45pm - 3:35pm Central Time Coffee/Networking Break (Hang out in Slack!)

GROUP SESSION: Security Hot Seats

3:35pm - 4:30pm Central Time SOURCE Team

More Info

Another conference staple. Security Hot Seats is something we recently added, and it has been incredibly well received. Because SOURCE brings together such an eclectic group of smart people, we decided it would be great to engage them on a variety of InfoSec topics.

Rob Cheyne is an experienced facilitator, and he will lead the audience in an interactive conversation around the security topics that are most important to you. Like the speed networking, this is quickly becoming some people’s favorite part of the conference.

Keynote: Strategies for Playing Through the Pain: The Impact of Dark Knowledge on Security Professionals and the Road to Resilience

4:30pm - 5:30pm Central Time Richard Thieme (www.thiemeworks.com)

More Info

Strategies for Playing Through the Pain: The Impact of Dark Knowledge on Security Professionals and the Road to Resilience

The distinction between information security and intelligence work has pretty much eroded. The boundary that used to define those identities is now a wavering fractal coastline with a thousand inlets and bays.

And both domains include impacts that can only be called traumatic.

The real cost of security work and professional intelligence goes beyond dollars. It is measured in family life, relationships, and mental and physical well-being. The divorce rate is high, for good reason – how can relationships be based on openness and trust when one’s primary commitments make truth-telling and disclosure difficult or impossible? How can one stay steady when the primary task is to defend the entire internet?

Richard Thieme has for years listened to people in pain because of the compelling necessities of their work, the consequences of their actions, the misfiring of imperfect plans, and the burdens of soul-wrenching experiences. “Moral harms,” too, is a category migrating from the military into security work. Our very identities can be blindsided by unanticipated consequences and events.

This talk is about the real facts of the matter as Thieme has gathered them over 25 years of close collegial relationships with security and intelligence professionals and the strategies that provide for effective responses that manage the pressures of our work. Resilience is not an option, it is a measure of our strength and health.

Richard Thieme (www.thiemeworks.com) is an author/professional speaker who addresses challenges posed by new technologies, how to redesign ourselves to meet these challenges, and creativity in response to radical change. Her has spoken professionally about these issues for 25 years and has written five books, hundreds of articles, and numerous short stories. He spoke at Def Con 26 for the 23rd year and includes NSA, the Secret Service, the FBI, and the US Department of the Treasury among his clients, as well as Microsoft, Medtronic, GE, and numerous security venues.

GROUP SESSION: Virtual Reception

5:30pm - 6:30pm Central Time SOURCE Team

More Info

At the end of day 1 of the conference, we always have an on-site reception.

For this event, we’re going to be virtual, so we’ll need to improvise. So grab your favorite cocktail and join us for an hour of interactive group activities.

We’re going to have some fun with this.

GROUP SESSION: Opening Remarks

8:30am - 9:00am Central Time SOURCE Team

How To "Be All You Can Be" in Your Career

9:00am - 9:40am Central Time Roy Wattanasin

More Info

How To “Be All You Can Be” in Your Career

Come to this talk to hear hints and tricks of how to continually accelerate your career in information security or IT to “be all you can be!” Roy will provide a history of how he got started in security and how he was able to excel in his positions during his 20+ year career. This talk will be exciting and geared toward everyone: no matter at what point you are – new, seasoned professional or someone looking for a change. Roy brings along 10+ years of being a healthcare adjunct information security faculty member and as a mentor to graduate students. He additionally has been part of many organizations along the way specifically in the Boston area. This is a talk that you will not want to miss and there will be lessons-learned and resources that can be used right away. Additionally, bring your questions as there will be adequate time to this informal session!

Bio:

Roy Wattanasin @wr0 is an information security leader in healthcare and a faculty member of over 10+ years. He has experience in many industries and spends most of his time developing information security programs, teaching students and helping to build the local communities. Roy is an avid speaker who has spoken at many conferences and webinars around the world. Roy is also a member of multiple advisory groups including OWASP Boston etc. He was an adjunct instructor at Brandeis University as part of the Health and Medical Informatics and Information Security Master’s degree programs. He is also co-founder of the Health & Medical Informatics program and credited for bringing back Security BSides Boston many years ago.

GROUP SESSION: Snap Talk: Strengthen Your SecOps Team by Leveraging Neurodiversity

9:45am - 10:05am Central Time Megan Roddie, Sr. Security Analyst at Recon InfoSec, LLC

More Info

High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these skill sets are constantly overlooked for job positions. That group of people is the High Functioning Autistic (HFA) community.

Individuals in the high functioning autistic community are often overlooked for job positions due to their social disabilities which makes them perform poorly in an interview and in their interactions with other people. However, if you look past their awkward behavior and social struggles, you will find these individuals are perfectly suited for roles in the information security industry.

This talk aims to show the listeners that, as many tech companies have found, the HFA community is ripe with individuals who could be the best of the best in the security industry if given the chance. The audience will realize that a small investment in time, understanding, and acceptance can result in the addition of an invaluable member to a Security Operations team.

Megan Roddie, Sr. Security Analyst at Recon InfoSec, LLC

Megan Roddie is a graduate student pursuing her Master’s in Digital Forensics at Sam Houston State University while also working as a Cyber Security Analyst at the Texas Department of Public Safety. As a 21-year old with Asperger’s Syndrome (High Functioning Autism), Megan offers a unique perspective in any topic she discusses. Megan can articulate her struggles and how small modifications in daily life have made her successful.

GROUP SESSION: Blind Spot Talk: 10 Blindspots in 10 minutes 

10:10am - 10:20am Central Time Caroline Wong

More Info

10 Blindspots in 10 minutes 

During this lightning talk, Caroline will discuss the 10 blind spots that she has encountered in her 13 year information security career as a practitioner, product manager, consultant, and advisor. 

10:20am - 10:35am Central Time Short Break (Hang out in Slack!)

GROUP SESSION: Snap Talk: The Nature of Learning

10:35am - 10:55am Central Time Rob Cheyne, Executive Director, SOURCE Conference

More Info

In this talk, Rob shares a simple process he has developed for first learning any topic quickly, and then diving deep into the path of mastery.

A rabid learner, Rob has applied this process to many things over the past 30+ years, including martial arts, computers & electronics, playing the harmonica, speed solving the rubik’s cube, and even learning how to grow and develop bonsai trees. He will explain and demonstrate some of the many ways that each of these things are connected, and provide examples for how this approach can be applied to nearly anything else.

This talk is a rumination and meditation on the nature of learning. Attendees will learn how to apply the general learning process to anything they might want to master.

Most important, Rob will relate this back to security, and will explain why the ways that we teach people about security MUST reflect this understanding, no matter what their role in the organization

Bio:
Rob Cheyne is a highly regarded technologist, security expert, trainer, public speaker and entrepreneur. He has almost 30 years of experience in the information technology field, has been working in information security since 1998, and has done a fairly deep dive into personal development and adult learning over the past 15 years.

He founded Big Brain Security in 2014 in order to create and deliver high-impact, high value training courses, seminars and workshops. He is also the owner and Executive Director of the SOURCE conference, which provides unique, intimate environments for connecting business, technical, and security practitioners.

He was the co-founder and CEO of Safelight, a leading provider of information security e-learning and education programs. He has taught in-person information security training classes to well over 25,000 developers, architects, managers, and executives for industry-leading organizations around the world.

Rob was also an early employee of @stake, a pioneering company in information security consulting. He was the author of LC4, a version of the award-winning L0phtCrack password auditing tool, and he also worked on the code scanning technology that was eventually spun off as Veracode. He was at @stake from the very first customer all the way through to the $50M acquisition by Symantec in October 2004.

Rob regularly speaks at conferences, and frequently presents to the local chapters of various security organizations. He is an avid learner and believes strongly in sharing what he has learned so that others may take it to the next level.

GROUP ACTIVITY: Learning Mindset

10:55am - 11:20am Central Time Rob Cheyne, Executive Director, SOURCE Conference

More Info

Rob is a “learning geek”, and has spent the better part of his adult life learning how to learn. In this interactive session, he will share some tips and tricks about the mindset of learning that he has found invaluable throughout his career.

Successful DevSecOps

11:20am - Noon Central Time Christien Rioux

More Info

Successful DevSecOps

Organizations are turning out software faster than ever and recognizing their growing risk exposure to potential cyberattacks. Security teams are working with developers to change their approach and learn to integrate security directly into their process. However, as is often the case with implementing a new system-wide approach, establishing standards and best practices can be a daunting challenge.

This 35 minute session will cover what DevSecOps needs to look like in order to be successful.

Christien Rioux Bio

Christien Rioux was co-founder and chief scientist of Veracode,  before it was acquired by CA Technologies in 2017.  He was responsible for the technical vision and design of Veracode’s advanced security technology.

Before founding Veracode, Mr. Rioux was one of the founders of @stake, a security consultancy, as well as a member of L0pht Heavy Industries, a renowned security think tank.

He co-authored the best-selling Windows password auditing tool L0phtCrack and the AntiSniff network intrusion detection system. His other activities with L0pht included significant security research, publication work and public speaking engagements. Mr. Rioux is also responsible for numerous security advisories in many applications, operating systems and environments.

He graduated from the Massachusetts Institute of Technology in 1998, with a Bachelor’s Degree in Computer Science.

Noon - 1:00pm Central Time Lunch

GROUP SESSION: WORKING LUNCH (Public Speaking)

12:15pm - 12:55pm Central (40 minutes) Rob Cheyne, Executive Director, SOURCE Conference

More Info

Public speaking is one of the most important professional skills you can develop. Rob Cheyne has spoken to and trained tens of thousands of people over the past 15 years, and he’d like to share what he has learned with you.

Each day during the lunch break, Rob will host an interactive session on public speaking. Grab something to eat, and come learn some tips and tricks to improve your presentation skills!

Things I Wish I'd Known Before Starting a Bug Bounty

1:00pm - 1:40pm Central Time Chris Cornutt, Application Security Engineer, Duo

More Info

Bug bounties are all the rage these days. Companies both large and small are signing on and setting up a bounty for their products, awarding payouts to researchers for their contributions. Sounds perfect, right? There’s a lot more to setting up a successful bounty program than just announcing it to the world and waiting for submissions. Let me guide you through some of the basics of setting up a program, the things you’ll need in place before starting and some tips to help along the way.

Making a successful bug bounty program can be difficult if you’re not prepared. Come learn the skills you’ll need to be ready!

Chris Cornutt, Application Security Engineer at Duo Security

Chris has worked in web development and security in a wide range of industries over his career including public utilities, customer management, API management and server hosting. He is currently an Application Security Engineer for Duo Security and an active member of the PHP community.

He has spoken at conferences in the U.S. and Europe promoting secure development practices and writing secure code. He is the lead author on Websec.io, the Securing PHP ebook series and other PHP publications. He’s also a co-organizer for the Dallas PHP User Group.

Target-Based Security Model: Mapping Attacks to Controls

1:50pm - 2:30pm Central Time Garett Montgomery, Ixia Keysight

More Info

Target-Based Security Model – Mapping Attacks to Controls
Have you ever been asked ‘what is the best way to protect against $ATTACK’? (usually shortly after $ATTACK makes headlines). Have you ever been challenged to provide the reasoning behind your suggestion? If you were in a room full of experts, would your reasoning hold up under scrutiny?
If you were in a room full of your security-savvy peers, chances are, you’d quickly come to a consensus on the ‘best’ control (!= device) to protect against $ATTACK. But do you know WHY it’s the ‘best’?
Come join us as we formally introduce the Target-Based Security Model – essentially the Security version of the OSI model. We’ll talk about the genesis of the model, break down the specifics, and of course provide a number of use cases showing how it can be used to make the world a better place if we all agree to use it.
Garett Montgomery Bio

For the last 6+ years Garett Montgomery has been a Security Researcher at BreakingPoint (since acquired by Ixia; since acquired by KeySight).
Prior to that he had been an IPS signature developer and Security Analyst.

2:30pm - 3:00pm Central Time Coffee/Networking Break (Hang out in slack!)

From Zero to Hero: Zero Trust Networking Distilled

3:00pm - 3:40pm Central Time Harry Sverdlove, Chief Technology Officer at Edgewise Networks

More Info

Traditional network security is based almost entirely on addresses, ports, and protocols. These constructs are poorly equipped to describe a world of dynamic cloud computing, containers, remote users, and BYOD. As such, most companies have been left to create hardened perimeters, with lax controls on the inside that assume once an entity is inside it is trustworthy. As continued high profile breaches demonstrate, this is a failing model. The attacker will breach the perimeter, and when they do, moving laterally to achieve objectives becomes simply a matter of time.

You can no longer assume devices, applications, and users are trustworthy simply because they are inside your perimeter. Zero Trust Networking is a model that changes the way we look at security. A zero trust model assumes that all entities are untrustworthy. By adopting this model, you are able to take a more realistic view of the risk within your network and take action to improve your security.

In this session, we will discuss the specific steps you can take to map out your data flows in your network, identify sensitive or proprietary communications, design policies that secure those flows while assuming all other communication is untrustworthy, and continuously monitor for change. You will also learn how other organizations, like Google and Netflix, are applying this model in their own networks to design secure systems in a world that is inherently insecure.

Harry Sverdlove, Edgewise’s Chief Technology Officer, was previously CTO of Carbon Black, where he was the key driving force behind their industry-leading endpoint security platform. Earlier in his career, Harry was principal research scientist for McAfee, Inc., where he supervised the architecture of crawlers, spam detectors and link analyzers. Prior to that, Harry was director of engineering at Compuware Corporation (formerly NuMega), and principal architect for Rational Software, where he designed the core automation engine for Rational Robot.

3:40pm - 4:00pm Central Time Networking Break (Hang out in Slack!)

GROUP SESSION: Audience Participation Lightning Talks

4:00pm - 4:45pm Central Time SOURCE Team

More Info

A core underlying theme of SOURCE is career and personal development. A key way for people to step into leadership positions is to be able to speak in public.

In light of this, we have added audience-participation lightning talks as a permanent part of the SOURCE agenda.

Participation is simple. Audience members can choose to volunteer to give a 3-5 minute talk on just about anything they like. It can literally be on anything, doesn’t have to be security related. The point is to practice being in front of an audience. We provide the audience, you provide the content.

This is a fantastic way to develop your public speaking muscle in a supportive, fun environment.

Keynote: A Blip in Time: The birth, life and death of the security perimeter

4:45pm - 5:30pm Central Time Mike Murray, Chief Security Officer, Lookout

More Info

The past 15 years of security has focused almost entirely on the existence of solid network perimeters and controls that are applied there.  Whether the traditional firewall, web content filtering proxies or email security solutions, most solutions have relied on the existence of the “hard crunchy exterior”.   While it is in vogue to talk about the death of the perimeter, Lookout’s Chief Security Officer Mike Murray will talk about the importance of the perimeter to the evolution of security controls and where its place is in the modern world.   Perimieter controls evolved as our technology landscape has evolved, and this talk will focus on the benefits of perimeter-based controls and how those benefits need to replicated in a world where the existence of a network-based perimeter has largely disappeared in a world of encrypted messaging, social media, and ubiquitous mobility.   In order to discuss securing the future, we will examine the history of network-based perimeter controls, why they evolved and how the evolution of technology has forced us to learn to replicate perimieter security in a post-perimeter world.


Mike Murray is the Chief Security Officer at Lookout. For nearly two decades, Mike has focused on high-end security research, first as a researcher and penetration tester and then building and leading teams of highly skilled security professionals. He previously lead Product Development Security at GE Healthcare, where he built a global team to secure the Healthcare Internet of Things. Prior to that, he co-founded The Hacker Academy and MAD Security, and has held leadership positions at companies including nCircle Network Security, Liberty Mutual Insurance and Neohapsis.

GROUP SESSION: Closing & Raffle

5:30pm - 6:00pm Central Time SOURCE Team

More Info

This is where we close the event and leave you with some closing thoughts.

Be sure to stick around for the raffle at the end. You have to be here to win!

$99

$299

General Admission - Virtual

Admission to all conference sessions and evening events Access to slack workspace

Buy Now

Dan Cornell | Pre-Conference Interview | SOURCE Austin

Mike Murray | Pre-Conference Interview | SOURCE Austin

Stacy Thayer | Pre-Conference Interview | SOURCE Austin

Richard Thieme | Speaker Interview | SOURCE Austin 2018

Harry Sverdlove | Speaker Interview | SOURCE Austin

Megan Roddie | Pre-Conference Interview | SOURCE Austin 5 views

Valery Berestetsky, Jonathan Schaaf | Speaker Interview | SOURCE Austin

Michael Borohovski | Speaker Interview | SOURCE Austin

Chris Cornutt | Speaker Interview | SOURCE Austin

Garett Montgomery | Speaker Interview | SOURCE Austin

Silver Sponsors



https://www.denimgroup.com/



https://www.securityinnovation.com



https://cobalt.io

Affiliate Sponsors

Register:

$99

$299

General Admission - Virtual

Admission to all conference sessions and evening events Access to slack workspace

Buy Now

Become a Source Insider

Get promotions and special offers directly to your inbox.