A round table discussion over the security, privacy and management issues of Bring Your Own Device, including attack vectors for a BYOD enterprise strategy” As more and more companies seek to lessen their cost of doing business, they latch onto ideas that often have repercussions far and wide beyond the initial business idea – security being no exception. Currently, much of this activity involves using personal assets (i.e. smart-phones or laptops) that employees own to perform company business (known as BYOD Bring Your Own Device). On the face of it, it sounds like a cost savings for most businesses, however, problematic for information security, but is it? The BYOD issue is much more complex than simply saving money, and supporting such a program is far from easy. This panel will explore the various thorny issues from what it takes to keep your employees happy, attack and defense of BYOD, and even some legal issues. Presentation Outline (reviewers only – detailed): BYOD Today Why are we doing this? (business allure) Attack & Defense (software, hardware, IDS, etc) Logical Security Issues Legal issues (social media, forensics, etc) Espionage Problems (IP Loss via easy access to mail and networks etc)
Krypt3ia has been in the information security business since 1998. He has worked in various environments within fortune 500 companies and in defense base and government organizations as a consultant, and penetration tester for IBM Global Services, Security & Privacy Services. He is a blogger at Krypt3ia and co host of “Cloak & Swagger” Security podcast as well as an OSINT analyist.
Heather is a corporate infosec wonk, daily seeking meaning in life, the universe, and everything- although she has accepted the Internet is mostly about cats. Not actually a Google AI, she has more than 15 years of experience in IT, with most of that being in Infosec. She currently practices as an engineer observing threat management, vulnerability management, and incident response for small to medium sized businesses.
Rafal Los, Chief Security Evangelist for Hewlett-Packard Software, combines nearly 15 years of subject-matter expertise in information security with a critical business risk management perspective. From technical research to building and implementing enterprise application security programs, Rafal has a track record with organizations of diverse sizes and verticals. He is a featured speaker at events around the globe, and has presented at events produced by OWASP, ISSA, Black Hat, and SANS among many others. He stays active in the community by writing, speaking and contributing research, representing HP in OWASP, the Cloud Security Alliance and other industry groups. His blog, Following the White Rabbit, with his unique perspective on security and risk management has amassed a following from his industry peers, business professionals, and even the media and can be found at http://hp.com/go/white-rabbit. Prior to joining HP, Los defined what became the software security program and served as a regional security lead at a Global Fortune 100 contributing to the global organization’s security and risk-management strategy internally and externally. Rafal prides himself on being able to add a ‘tint of corporate realism’ to information security. Rafal received his B. S. in Computer Information Systems from Concordia University, River Forest, Ill.
A Solutions-oriented Information security consultant with a proven record of directing a range of security initiatives. I have been at the forefront of information security spanning more than a decade and have been on both sides of the fence, protecting assets as head of security within the financials as well as offensive security consulting. The value I believe I bring to the table is that breadth of experience. I do defense during the day while still maintaining my offensive consulting at night. I feel I’m in that rare class of individual who love absolutely every minute of his career choice. Finally I’m a co-host on the only daily InfoSec podcast ISDPodcast.
By day Robert is a mild mannered Security & Operations Manager for a privately held company. He relies upon over 14 years of experience to assist and trains his team in network, system, and telephony administration and is the primary point of contact for corporate security. By night he is a crime fighting, security ninja, who walks little old ladies across the networks, assists little children find their homepages, and pulls the evil chipmunks from the intertubes; a respected security researcher who enjoys the art of voiding warranties, and corrupting his children in the art of digital pranks.