All Articles

Machine learning is a powerful new tool that can be used for security applications (for example, to detect malware) but machine learning itself introduces many new attack surfaces. For example, attackers can control the output of machine learning mod

Graph analysis is a powerful tool for modeling malicious group behavior and detecting anomalies in domains ranging from traffic analysis to fraud detection. This talk will cover techniques and open-source tools for graph analytics, including an end-t

AI bots historically emerged as chatbots. Early versions were rule-based, adding NLP and machine learning turned them into AI-based bots to be used in sales and support. Thousands of times faster than humans without fatigue, these AI bots have arrive

This session will present a case study about the innovative approach that Sberbank has taken to implement biometrics in the bank with over 100M customers. Speakers will share best practices in designing an omnichannel user experience for customers, a

People use more passwords today than ever before. But with the advent of Apple’s latest iPhone releases and its TouchID and FaceID technologies, we’ll begin to see a wider acceptance of some biometrics methods like fingerprint and facial scanning. Th

Sound crazy? It isn’t. A fully autonomous ship will deliver fertilizer in Norway in 2018. Forrester security research leader Laura Koetzle will outline how and when autonomous transport will transform five business domains, and will recommend specifi

OAuth 2.0 is at the heart of OpenID Connect, Mobile Connect, UMA and many other popular standards. Understanding the threat landscapes in OAuth 2.0 is essential in building a secured identity infrastructure. This talk will guide you through multiple

The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy

In the age of the data breach there are no more secrets. Name, address, date of birth and Social Security number have been the de facto identity attributes for years. But as this information has become more exposed it’s time for organizations to reth

Blockchain continues to gain traction in the market place as a compelling solution for making identity and access management (IAM) more cost effective by harnessing the power of distributed members in order to “crowdsource” identity services. This se

What happens when you need to create an open API ecosystem with robust security requirements, in a short period of time, implemented by conservative entities and mandated across the entire EU? Enter the complex world of Open Banking. In this talk, Pa

If you want your information risk program to be taken seriously by the business, you have to do more than just throwing around a few business terms. You need to embrace enterprise risk techniques. See how the engagement changes when you start talking

Understanding what you own is step one in securing your assets. A simple concept that still escapes the grasp of most, and it’s getting harder in a cloud-enabled world. Despite this struggle there’s a plethora of APIs and publicly available data to g

It’s important to establish the balance sheet for security leadership to measure, monitor and report. Insurance is an important component to protecting the balance sheet. Don’t believe all of the fake news about cyber-insurance. This session will tak

Decision-makers need reliable data in order to understand risk and determine value of investments. With the amount of data available in a multinational company, one would assume that answers would be easy to find. But how does one identify which data

Companies working to design security in desperately need expertise to guide engineering teams, giving rise to product security leaders as a new discipline. As coach, cop, caretaker, contributor and counselor, it challenges in both technical and soft

COBIT, ISO/IEC 27001, NIST 800.53, PCI, oh my. The path to compliance is not a yellow brick road. IT professionals face a variety of security standards that they must meet simultaneously. This talk will present the NIST Open Security Controls Assessm

As growth and impact of open source in security-critical environments is on the rise, trends in open-source communities are making them more attentive to security issues and best practices. This session will cover best practices for using open-source

DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. D

DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. D