Confidence - (25-26.05 2010 Krakow)
Language: polski | engish

Eddie Schwartz

Eddie Schwartz is Chief Security Officer of NetWitness and has 25 years experience in the information security and privacy fields. Previously, he was CTO of ManTech Security Technologies Corporation, EVP and General Manager for Global Integrity, SVP of Operations at Guardent, CISO for Nationwide Insurance; and as a Senior Computer Scientist at CSC he was Technical Director of the DSS Information Security Laboratory. Mr. Schwartz has advised a number of security companies, and served on the Executive Committee for the Banking Information Technology Secretariat (BITS). Mr. Schwartz has a B.I.S. in Information Security Management and an M.S. in Information Technology Management from the George Mason University School of Management.

Topic of Presentation: Security Sucks

Language: English

Abstract: Ask the CISOs and security managers within government agencies and banks that have known about advanced threats such as Operation Aurora for a long time, but have been forced to fund flawed behaviors, antiquated technologies, and narrow scope security projects focused on regulatory compliance versus better security operations. Ask the financial services and retail enterprises that have spent so much on PCI compliance only to find that they were blindsided by the latest botnet attacks in spite of their compliance check mark. Compliance drives I/T security spending and perceptions of successful and complete security programs in many important organizations. Yet, the result often is a sub-optimized security posture rewarding the wrong behaviors and placing emphasis on low impact objectives. Security sucks, but it doesn’t have to. Assuming that a) you are not happy with the current situation, and b) you believe that security compromises are inevitable but want to protect your organization, this session is for you. This interactive session will discuss:

  • Why security sucks: the compliance and platform-related death spiral of current security programs.
  • The importance of Operation Aurora and the Google Gaia hack to advanced threat awareness.
  • Why you should be capturing and analyzing network traffic all the time, or working in a grocery store
  • The minimum components of a sophisticated operational defensive security program in 2010.
  • How to make security suck a whole lot less and make your security team more successful.