Wednesday August 5th

10:30am

Hacking the Internet of Things: A Primer

Mark Stanislav, Senior Security Consultant, Strategic Services

The pace and growth of the Internet of Things (IoT) is staggering. Connected devices come to market nearly daily: web cameras, children's toys, and even vehicles. With increased connectivity, however, comes increased risk. A security bug could allow an attacker access to private data – or even physical access to a home or business. Come join Mark Stanislav as he demonstrates how security researchers tackle IoT devices, and shares techniques for hardware hacking and IoT research.

11:00am

Web App Scanning with AppSpider

Dan Kuykendall, Senior Director, Applications Security Products

Web application attacks are the most frequent incident pattern in confirmed breaches. With Rapid7 AppSpider organizations can analyze applications for security vulnerabilities and maximize their ability to effectively reduce IT security risk. This session will show how AppSpider fits into the Dynamic Application Security Testing (DAST) market and demonstrate key product features and functionality.

11:30am

Security Deathmatch: Penetration Tester vs. Incident Responder

Leon Johnson, Senior Consultant, PSO
Christian Kirsch, Principal Product Marketing Manager
Mike Scutt, Senior Consultant, Analytic Response

Two worlds collide in this brutal boxing match! To simulate attackers, penetration testers must duck to evade the jabs and left hooks of incident responders. This security death match will pit the stealthy attack tactics of a penetration tester against the detection efforts of an incident responder. Who will win by knock out? This blow-by-blow account will be educational and entertaining for pentesters, incident responders, and general defenders alike.

12:00pm

Incident Investigation with UserInsight

Patrick Haley, Senior Sales Engineer, Security Solutions

UserInsight helps you detect and investigate security incidents faster, put context around user activity across your organization, and eliminate alert fatigue. This talk will walk you through a full incident investigation with UserInsight, starting with how to identify/examine the individuals involved as well as all impacted systems and users.

12:30pm

Hacking the Internet of Things: A Primer

Mark Stanislav, Senior Security Consultant, Strategic Services

The pace and growth of the Internet of Things (IoT) is staggering. Connected devices come to market nearly daily: web cameras, children's toys, and even vehicles. With increased connectivity, however, comes increased risk. A security bug could allow an attacker access to private data – or even physical access to a home or business. Come join Mark Stanislav as he demonstrates how security researchers tackle IoT devices, and shares techniques for hardware hacking and IoT research.

1:00pm

Web App Scanning with AppSpider

Dan Kuykendall, Senior Director, Applications Security Products

Web application attacks are the most frequent incident pattern in confirmed breaches. With Rapid7 AppSpider organizations can analyze applications for security vulnerabilities and maximize their ability to effectively reduce IT security risk. This session will show how AppSpider fits into the Dynamic Application Security Testing (DAST) market and demonstrate key product features and functionality.

1:30pm

Security Deathmatch: Penetration Tester vs. Incident Responder

Leon Johnson, Senior Consultant, PSO
Christian Kirsch, Principal Product Marketing Manager
Mike Scutt, Senior Consultant, Analytic Response

Two worlds collide in this brutal boxing match! To simulate attackers, penetration testers must duck to evade the jabs and left hooks of incident responders. This security death match will pit the stealthy attack tactics of a penetration tester against the detection efforts of an incident responder. Who will win by knock out? This blow-by-blow account will be educational and entertaining for pentesters, incident responders, and general defenders alike.

2:00pm

Incident Investigation with UserInsight

Patrick Haley, Senior Sales Engineer, Security Solutions

UserInsight helps you detect and investigate security incidents faster, put context around user activity across your organization, and eliminate alert fatigue. This talk will walk you through a full incident investigation with UserInsight, starting with how to identify/examine the individuals involved as well as all impacted systems and users.

3:00pm

Creating Customized Content in Nexpose

Ross Barrett, Senior Manager, Security Engineering

To reduce the risk of a breach you must know where you’re vulnerable. Join Ross Barrett as he demonstrates techniques for using Nexpose to gain better visibility into risk, identify weak your organization’s points, prioritize what matters most, and improve your overall security posture with effective remediation strategies.

3:30pm

Shoot The Messenger! Anti-Patterns in Vulnerability Handling

Tod Beardsley, Research Manager

Tod Beardsley, research manager for Rapid7, is routinely a bearer of bad news for technology companies around the world. He'll take this time to share some insights on the common missteps organizations make when handling their first unsolicited vulnerability report, and how you can make the most of your first free security assessment. It's rarely pleasant when some stranger on the Internet just told you your software baby is ugly. He'll also cover the key elements of a successful and reasonable disclosure notification to help vendors cope with these feelings and get on with the business of protecting their customers.

4:00pm

Metasploit Tips and Tricks

Eray Yilmaz, Senior Product Manager

Knowing the adversary's moves helps you better prepare your defenses. Come learn how Metasploit, the most popular penetration testing solution on the planet, gives you that insight. Eray will demonstrate how Metasploit helps you uncover weaknesses in your defenses, so you can focus on the highest risks and improve security outcomes.

4:30pm

Rapid7 Research

Wim Remes, Manager, Strategic Services

Wim Remes will discuss findings from the Rapid7 Research team as they relate to Internet-wide scanning and exposure trends worldwide. He’ll answer the question, “Why scan the Internet?” and also explain how the team prioritizes vulnerability research according to impact.

5:00pm

Creating Customized Content in Nexpose

Ross Barrett, Senior Manager, Security Engineering

To reduce the risk of a breach you must know where you’re vulnerable. Join Ross Barrett as he demonstrates techniques for using Nexpose to gain better visibility into risk, identify weak your organization’s points, prioritize what matters most, and improve your overall security posture with effective remediation strategies.

5:30pm

Incident Investigation with UserInsight

Matt Hathaway, Senior Manager, Product Management

UserInsight helps you detect and investigate security incidents faster, put context around user activity across your organization, and eliminate alert fatigue. This talk will walk you through a full incident investigation with UserInsight, starting with how to identify/examine the individuals involved as well as all impacted systems and users.

6:00pm

Rapid7 Research

Wim Remes, Manager, Strategic Services

Wim Remes will discuss findings from the Rapid7 Research team as they relate to Internet-wide scanning and exposure trends worldwide. He’ll answer the question, “Why scan the Internet?” and also explain how the team prioritizes vulnerability research according to impact.

6:30pm

Incident Investigation with UserInsight

Matt Hathaway, Senior Manager, Product Management

UserInsight helps you detect and investigate security incidents faster, put context around user activity across your organization, and eliminate alert fatigue. This talk will walk you through a full incident investigation with UserInsight, starting with how to identify/examine the individuals involved as well as all impacted systems and users.

Thursday August 6th

10:30am

Hacking the Internet of Things: A Primer

Mark Stanislav, Senior Security Consultant, Strategic Services

The pace and growth of the Internet of Things (IoT) is staggering. Connected devices come to market nearly daily: web cameras, children's toys, and even vehicles. With increased connectivity, however, comes increased risk. A security bug could allow an attacker access to private data – or even physical access to a home or business. Come join Mark Stanislav as he demonstrates how security researchers tackle IoT devices, and shares techniques for hardware hacking and IoT research.

11:00am

Web App Scanning with AppSpider

Dan Kuykendall, Senior Director, Applications Security Products

Web application attacks are the most frequent incident pattern in confirmed breaches. With Rapid7 AppSpider organizations can analyze applications for security vulnerabilities and maximize their ability to effectively reduce IT security risk. This session will show how AppSpider fits into the Dynamic Application Security Testing (DAST) market and demonstrate key product features and functionality.

11:30am

Security Deathmatch: Penetration Tester vs. Incident Responder

Leon Johnson, Senior Consultant, PSO
Christian Kirsch, Principal Product Marketing Manager
Mike Scutt, Senior Consultant, Analytic Response

Two worlds collide in this brutal boxing match! To simulate attackers, penetration testers must duck to evade the jabs and left hooks of incident responders. This security death match will pit the stealthy attack tactics of a penetration tester against the detection efforts of an incident responder. Who will win by knock out? This blow-by-blow account will be educational and entertaining for pentesters, incident responders, and general defenders alike.

12:00pm

Incident Investigation with UserInsight

Patrick Haley, Senior Sales Engineer, Security Solutions

UserInsight helps you detect and investigate security incidents faster, put context around user activity across your organization, and eliminate alert fatigue. This talk will walk you through a full incident investigation with UserInsight, starting with how to identify/examine the individuals involved as well as all impacted systems and users.

12:30pm

Hacking the Internet of Things: A Primer

Mark Stanislav, Senior Security Consultant, Strategic Services

The pace and growth of the Internet of Things (IoT) is staggering. Connected devices come to market nearly daily: web cameras, children's toys, and even vehicles. With increased connectivity, however, comes increased risk. A security bug could allow an attacker access to private data – or even physical access to a home or business. Come join Mark Stanislav as he demonstrates how security researchers tackle IoT devices, and shares techniques for hardware hacking and IoT research.

1:00pm

Web App Scanning with AppSpider

Dan Kuykendall, Senior Director, Applications Security Products

Web application attacks are the most frequent incident pattern in confirmed breaches. With Rapid7 AppSpider organizations can analyze applications for security vulnerabilities and maximize their ability to effectively reduce IT security risk. This session will show how AppSpider fits into the Dynamic Application Security Testing (DAST) market and demonstrate key product features and functionality.

1:30pm

Security Deathmatch: Penetration Tester vs. Incident Responder

Leon Johnson, Senior Consultant, PSO
Christian Kirsch, Principal Product Marketing Manager
Mike Scutt, Senior Consultant, Analytic Response

Two worlds collide in this brutal boxing match! To simulate attackers, penetration testers must duck to evade the jabs and left hooks of incident responders. This security death match will pit the stealthy attack tactics of a penetration tester against the detection efforts of an incident responder. Who will win by knock out? This blow-by-blow account will be educational and entertaining for pentesters, incident responders, and general defenders alike.

2:00pm

Incident Investigation with UserInsight

Patrick Haley, Senior Sales Engineer, Security Solutions

UserInsight helps you detect and investigate security incidents faster, put context around user activity across your organization, and eliminate alert fatigue. This talk will walk you through a full incident investigation with UserInsight, starting with how to identify/examine the individuals involved as well as all impacted systems and users.

2:30pm

Creating Customized Content in Nexpose

Ross Barrett, Senior Manager, Security Engineering

To reduce the risk of a breach you must know where you’re vulnerable. Join Ross Barrett as he demonstrates techniques for using Nexpose to gain better visibility into risk, identify weak your organization’s points, prioritize what matters most, and improve your overall security posture with effective remediation strategies.

3:00pm

Shoot The Messenger! Anti-Patterns in Vulnerability Handling

Tod Beardsley, Research Manager

Tod Beardsley, research manager for Rapid7, is routinely a bearer of bad news for technology companies around the world. He'll take this time to share some insights on the common missteps organizations make when handling their first unsolicited vulnerability report, and how you can make the most of your first free security assessment. It's rarely pleasant when some stranger on the Internet just told you your software baby is ugly. He'll also cover the key elements of a successful and reasonable disclosure notification to help vendors cope with these feelings and get on with the business of protecting their customers.

3:30pm

Rapid7 Research

Wim Remes, Manager, Strategic Services

Wim Remes will discuss findings from the Rapid7 Research team as they relate to Internet-wide scanning and exposure trends worldwide. He’ll answer the question, “Why scan the Internet?” and also explain how the team prioritizes vulnerability research according to impact.

4:00pm

Metasploit Tips and Tricks

Eray Yilmaz, Senior Product Manager

Knowing the adversary's moves helps you better prepare your defenses. Come learn how Metasploit, the most popular penetration testing solution on the planet, gives you that insight. Eray will demonstrate how Metasploit helps you uncover weaknesses in your defenses, so you can focus on the highest risks and improve security outcomes.