Austin kicked off the FTC’s “Start with Security” event on Thursday, November 5, 2015, which brought together an interesting mix of people including the Austin Infosec luminaries, the FTC, lawyers, developers and startup entrepreneurs. It’s part of a new initiative by the FTC called to bring infosec information to startups and developers to ”to provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response.” It was quite an honor for Austin, being selected by the FTC as the second city to be graced with the event. San Francisco was the first, on September 9 and Seattle will be the third city on February 9.
The events are free to the public, and provide very useful infosec information in a palatable and fun panel-based format. AlienVault is now speaking with folks at the FTC to determine our future involvement in this valuable community educational effort. The panel format was very effective - I found I learned more from the panel sessions than normal conference talks. The panelists were world-class infosec pros, and their combined views on the topics where amazing. The panels at the Austin event were:
- Building a Security Culture, with Christophe Borg (VP Engineering Operations at RetailMeNot), Alan Daines (Dell CISO) and Josh Sokol (Information Security Program owner at National Instruments)
- Scaling Security: Adapting Security Testing for Dev-Ops and Hyper-growth, with Matt Johansen (Director of Security at Honest Dollar), Matt Tesauro (Senior Software Security Engineer at Pearson) and James Wickett (Engineer of Awesome at Signal Sciences)
- Third-party AppSec: Dealing with Bugs, Bug Reports and Third-party code with HD Moore (Chief Research Officer for Rapid 7), Katie Moussouris (Chief Policy Officer for HackerOne) and Wendy Nather (Research Director at the Retail Cyber Intelligence Sharing Center, or R-CISC)
- Beyond Bugs: Embracing Security Features, with Clare Nelson (CEO of ClearMark Consulting), Robert Hansen (VP of WhiteHat Labs at WhiteHat Security) and Caleb Queern (Manager at KPMG Cyber)
Here’s a compendium of Tweets from the event:
Talking security at the FTC's conference "Start with Security." Always room to improve on that. #startwithsecurity pic.twitter.com/2irbrFfN52
— JG Lopez (@jlopezloz) November 5, 2015
.@joshsokol says "Startups, cultivate a security champion in your organization to build a culture of security" #StartwithSecurity
— FTC (@FTC) November 5, 2015
#FTC #StartwithSecurity @k8emo @RCISCwendy female panelists were bright beacons of sage advice for startups. #C1ph3r_Qu33ns, #inspiring
— Clare Nelson (@Safe_SaaS) November 6, 2015
Don't roll your own crypto library #StartwithSecurity @k8em0 @RCISCwendy @hdmoore pic.twitter.com/0SpCIbp5m4
— Tempy W. (@tempyw) November 5, 2015
"And even if you do roll your own crypto, DON'T SMOKE IT." - @k8em0 https://t.co/IA0bsd1xEh
— Wendy Nather (@RCISCwendy) November 5, 2015
https://t.co/qH0K1ZBaRJ Can't find the right contact at a company to report a vulnerability? @Hacker0x01 now offers Hacker 411 assistance!
— Katie Moussouris (@k8em0) November 5, 2015
Google ranks your site higher when you use SSL-TLS @RSnake #ftc con Austin
— Kate Brew (@securitybrew) November 5, 2015
You can't reset your fingerprint or retina #2FA - at least you can reset passwords @Safe_SaaS
— Kate Brew (@securitybrew) November 5, 2015
Watching the last #StartwithSecurity panel w/ @RSnake @Safe_SaaS @HttpSecHeaders @FTC https://t.co/EnsSTw2wa2 pic.twitter.com/86bgXaBtIM
— Katie Moussouris (@k8em0) November 5, 2015
Companies: be nice when sec researchers reach out with vulns. Send Them Tshirts & keep lawyers away. @hdmoore @k8em0 @RCISCwendy
— Kate Brew (@securitybrew) November 5, 2015