Our 2011 Key Note is Security ideas that won't work . . and why we keep doing them by Marcus J. Ranum. Computer security seems to be trapped in a hamster wheel in which we repeatedly try things that won't work, hoping against hope that somehow the situation will improve. In this talk, we will consider some of the popular initiatives in security, why they don't (and won't) work no matter how hard we try, and the reasons why we, as an industry, refuse to look for answers that might work.
Each year, during National Cyber Security Awareness Month, the Rochester Security Summit features education opportunities for executives, CFO, CIO/CSO, business managers, security professionals, IT managers, technical specialists, help desk staff, and developers.
In 2010, the Summit gathered more than 200 attendees for 26 outstanding technical presentations -- along with a sold-out Ethical Hacking 101 training -- and panels representing of the three sponsoring organizations, ISSA, ISACA, and OWASP.
The sixth annual Rochester Security Summit is being held October 4-5, 2011 in Rochester, NY at the beautiful and totally renovated Hyatt Regency Rochester, with Marcus J. Ranum as the keynote speaker, introducing this year’s theme -- “Security Sanity.”
The Rochester Security Summit will feature three professional educational tracks: the Business Security Track, the Application Security Track, and the Infrastructure Security Track.
The Business Security Track is designed to help business and IT leaders understand current and emerging security issues, how they impact our organizations and how other security thought leaders are protecting their organizations. This track will feature management topics that are vital for business professionals and organizational leaders to understand including security strategies, risk management, threat trends, legal issues, business continuity, security compliance and standards.
The Application Security Track targets software architects, quality assurance engineers, developers, application penetration testers and ethical hackers by focusing on how to improve the security of custom software or how to validate software products obtained from external sources. Information security managers can also gain a better understanding of application security risks at the implementation level. Topics include application design and implementation flaws, software security best practice, testing and exploitation techniques for custom applications, malware analysis, tools and techniques that can assist in developing more secure code or for ways of protecting custom applications, code reviews and software security testing and verification.
The Infrastructure Security Track is designed for technical system and network security professionals as well as technical information technology professionals including system and network administrators. Topics include network penetration testing, technical security standards and best practice, intrusion detection, network and system forensics, incident handling, technical hacking and attack techniques, protecting the network, systems, devices and services that form the infrastructure for our organizations.
The Ethical Hacking Training is in a format that combines a presentation format with hands-on practice labs. After registering for the Rochester Security Summit, additional pre-registration is required for these training sessions, and class size is limited to 20 individuals in each session. You may register for only one of the three sessions; there are 2 different training courses, with different expectations and requirements, so please read the descriptions carefully. No prior ethical hacking experience is required for either class. There are no additional fees for the Ethical Hacking Training session, however you must register for the Security Summit, then you will be given instructions for registering for the optional Ethical Hacking Training.