Recorded audio from the 2009 Information Security Summit in Cleveland, Ohio October 29-30, 2009. This is keynote #2 from day 1.

Knowledge + Malice = Chaos: When Awareness Doesn’t Work by John O’Leary, O'Leary Management Education

John O'Leary, CISSP, is President of O’Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. John designed, implemented and managed security and recovery for networks ranging from a single site to multinational. John was the recipient of the 2004 COSAC award and the 2006 EuroSec Prix de Fidelite. John has never been convicted of anything really serious or run for public office.

Recorded audio from the 2009 Information Security Summit in Cleveland, Ohio October 29-30, 2009.

Corporate Honeypots: Hackers Can't Believe What They See by L. Brent Huston

Talk Abstract
This talk covers how to use “fake stuff” to make organizations more secure. Strategies and tactics are discussed (no specific products) that enable organizations to leverage honeypot techniques to increase their security without ongoing management, maintenance and the overhead of false positive triggers.

Recorded audio from the 2009 Information Security Summit in Cleveland, Ohio October 29-30, 2009.

Enterprise Open Source Intelligence Gathering by Tom Eston

Talk Abstract
What does the Internet say about your company? Do you know what is being posted by your employees, customers, or your competition? We all know information or intelligence gathering is one of the most important phases of a penetration test. However, gathering information and intelligence about your own company is even more valuable and can help an organization proactively determine the information that may damage your brand, reputation and help mitigate leakage of confidential information.

This presentation will cover what the risks are to an organization regarding publicly available open source intelligence. How can your enterprise put an open source intelligence gathering program in place without additional resources or money. What free tools are available for gathering intelligence including how to find your company information on social networks and how metadata can expose potential vulnerabilities about your company and applications. Next, we will explore how to get information you may not want posted about your company removed and how sensitive metadata information you may not be aware of can be removed or limited.    Finally, we will discuss how to build a Internet posting policy for your company and why this is more important than ever.

Recorded audio from the 2009 Information Security Summit in Cleveland, Ohio October 29-30, 2009.

Network Security Monitoring and Incident Response by Richard Bejtlich

Talk Abstract
In today's economy, detecting and responding to intrusions using commercial tools can be expensive and sometimes frustrating. Is there an alternative that could cost less but be more effective? The answer is yes. In this presentation, Richard Bejtlich will discuss Network Security Monitoring (NSM) as one way to detect and respond to digital intrusions. He will describe open source tools to implement NSM in the enterprise and show how the data collected using NSM can save IR teams time and money.

Recorded audio from the 2009 Information Security Summit in Cleveland, Ohio October 29-30, 2009.

Anti-Virus is Dead by Dave Kennedy

Talk Abstract
Anti-Virus is often considered one of the forefronts of detecting and stopping a potential breach. What the vendors don’t tell you is the effectiveness of anti-virus is extremely ineffective today. Anti-virus may still be necessary for the large propagating viruses like Conficker, but in most cases aren’t useful anymore. During this presentation, David will be demonstrating evasion techniques, rewriting known malware, and bypassing the top players in the market. Lastly David will discuss the future of detecting malware/viruses and existing technology out today that are simply amazing. This presentation is intended for all audiences, and can be understood by non-technical and technical individuals.

Recorded audio from the 2009 Information Security Summit in Cleveland, Ohio October 29-30, 2009.

Radio Reconnaissance and Pen Testing – All Your RF Are Belong to Us by Matt Neely

Talk Abstract
Tired of boring old pentests where the only wireless traffic you see is 802.11 and maybe a little Bluetooth? With this amazing new invention, the radio, your eavesdropping options can be multiplied! Come to this talk to learn techniques for discovering, monitoring and exploiting a wide array of radio traffic. Real world examples illustrate how these techniques have been used to gather information on a target's physical security, personnel, and standard operating procedures.

Recorded audio from the 2009 Information Security Summit in Cleveland, Ohio October 29-30, 2009. 

Vulnerability Management in a Post Apocalytic World by Bill Mathews

Talk Abstract
We will be discussing some newer techniques for vulnerability management in a world that is ripe with new types of phishing and other digital theft. We will be incorporating Open Source tools into your infrastructure to assist with this endeavor.