ShmooCon Review & Acing a Vulnerability Assessment – February 25, 2009

Topic: Shmoocon Review
Speaker: Brian Bourne
Shmoocon is self-described as “an annual East coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software & hardware solutions, and open discussions of critical infosec issues.” We will be reviewing the best talks and new releases that happen at the conference in this talk. Much like the Blackhat review, expect a summary of all sorts of random technology!
Presentation:


Topic: Under The Gun: Acing a Vulnerability Assessment
Speaker: Eldon Sprickerhoff
Whereas most security talks regarding vulnerability assessment focus on specific tools or techniques, this talk looks at it from the other side – where your group/organization is the subject of a (possibly unwanted but ultimately required) vulnerability assessment. This talk will describe the CYA approach to surviving (and possibly acing) a vulnerability assessment from an external party.

Eldon Sprickerhoff has been involved in dozens of vulnerability assessments (from both sides) and so has plenty of war stories. He enjoys sashimi and dry-aged beef and can’t see the point in vegetarianism. He works at a security company called eSentire with a group of talented people who help make him look much smarter than he actually is. His 7-year-old daughter has attended DEFCON more often than you have. He frequently has bruises on both wrists. He can’t wait to finish writing this abstract so that he can set up his new Macbook Pro.

Posted in Events.