Breach Panel

BSidesLV 2013

Presented by: Jack Daniel, George V. Hulme, David Mortman, Davi Ottenheimer, Ray Umerley, Steve Werby
Date: Thursday August 01, 2013
Time: 12:30 - 13:20
Location: Florentine G
Track: Common Ground

“A burglar steals an unencrypted powered-down laptop containing PII and is immediately hit and killed by a bus. Data breach?” as more laws are passed there remain many difficult questions to answer. this panel will try. come see opposed minds in the industry debate the ethics and economics of incident response and related regulations. we will debate things like: have the past 10 years of breach legislation helped or hurt our efforts in information security? when is a breach really a breach? is it wrong to say “any loss of control is a breach and must be reported?” do you agree there “no safe harbor for encryption?” is it “unduly costly on society” if our breach definition is too broad?

Davi Ottenheimer

Davi Ottenheimer, President of flyingpenguin and EMC Senior Director of Trust, has more than eighteen years’ experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of the book “Securing the Virtual Environment: How to Defend the Enterprise Against Attack,” published in May 2012 by Wiley. He is a frequent top-rated public speaker and has been quoted or written articles on security, risk management and compliance for publications including Compliance Week, Search Security, Bank Info Security, Network World, Red Herring, Chain Store Age, Inc, Reuters and SC Magazine. Davi received his postgraduate academic Master of Science degree in International History from the London School of Economics.

Ray Umerley

Ray Umerley (@RayUmerley) is the Chief Data Protection Officer for a Fortune 500 company, where he is responsible for all data security and privacy initiatives. He has over a decade of security and privacy experience, all of the industry “required” certifications, and a MS in computer information systems focusing on information security. He sporadically blogs at SecJitsu.com and is a firm believer of the mantra, “We cannot solve our problems with the same thinking we used when we created them.”

Jack Daniel

Jack Daniel, Technical Product Manager at Tenable, has over 20 years experience in network and system administration and security, and has worked in a variety of practitioner and management positions. Jack is a sporadic blogger at his Uncommon Sense Security and Travels with Jack blogs, a Security BSides co-founder, InfoSec Curmudgeon, Very Reluctant CISSP, Amateur Blacksmith, and BS Artiste Extraordinaire. Often found on barstools during his frequent travels, Jack’s views on drink and travel have developed, evolved, and merged with the help of many a bartender- his ideas coming into focus as the rest of the world blurred around him.

Steve Werby

Steve Werby is an independent information security consultant and security architect for a Fortune 200 company. He previously led enterprise information security programs for 3 large organizations and has presented at conferences such as DerbyCon, SOURCE Seattle, Hack3rCon, SecTor, ShmooCon, and OWASP LASCON. He is proud of the fact that he hasn’t signed his name the same way twice since 2009.

David Mortman

David Mortman has been doing Information Security for well over 15 years and is currently the Chief Security Architect for Enstratius and a Contributing Analyst at Securosis. Most recently, he was the Director of Security and Operations at C3. Previously, David was the CISO at Siebel Systems and the Manager of Global Security at Network Associates. David speaks regularly at Blackhat, Defcon, RSA and other conferences. Additionally, he blogs at emergentchaos.com, newschoolsecurity.com and securosis.com. David sits on a variety of advisory boards, including Qualys, Risk I/O and Virtuosi. David holds a B.S. in Chemistry from the University of Chicago.

George V. Hulme

George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CNN.com, Government Computer News, Nation’s Business, Network World, San Francisco Examiner, The Industry Standard, VARBusiness, and dozens of other technology publications.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats