Blog

BSidesOttawa Schedule Confirmed!

B-Sides Ottawa is fast approaching and today we can share the schedule of superb talks that cover a broad spectrum of Information Security subjects. We had an amazing set of talk submissions from speakers, both local and from around North America. Narowing the over 25 talks to fit the two day event was no easy task!

If you are interested in attending B-Sides Ottawa, the event is filling up fast, so please register (it's free!) by visiting the official site.

We are still looking for sponsors to support the event, if you know someone who may be interested, please have them contact bsidesottawa@gmail.com.

Day 1 – Friday, November 12th

9:00am – 9:20am Day 1 Opening Remarks
9:30am – 10:20amMy Life on the Information Security D-List – Andrew Hay, Senior Analyst, The 451 Group, @andrewsmhay
10:30am – 11:20amUsing ISO 27005 for Risk Assessment – Benoît H. Dicaire, InfoSec Strategist, INFRAX, @BDicaire
11:30am – 12:20pmVendor Sponsored Lunch
12:30pm – 1:20pmMyths, Mistakes and Outright Lies (when it comes to your computer security) – Kellman Meghu, Security Engineering Manager Check Point Canada @kellman
1:30pm – 2:20pmSo I've adopted an EMR; What's the worst that can happen? – Peter Hillier, CISO MD Physician Services Inc. (A CMA Company), @DeathwishDuck
2:30pm – 2:50pmBreak 
3:00pm – 3:50pmThe Evolving Authentication Landscape – Eric Skinner, CTO, Entrust @EricSkinner
4:00pm – 4:50pmInfoSec Speed Debates – Jack Daniel and panelists TBD
5:00pm onwardsVendor Sponsored Dinner, drinks, and shenanigans

Day 2 – Saturday, November 13th

8:00am – 8:50amVendor Sponsored Breakfast
9:00am – 9:20am Day 2 Opening Remarks 
9:30am – 10:20amA new approach to preventing injection attacks on the Web Application Stack – Ahmed Masud CEO/ CTO Trustifier Inc.
10:30am – 11:20amFuzzing Cows – Karim Nathoo & Mike Sues
11:30am – 12:20pmVendor Sponsored Lunch
12:30pm – 1:20pmInto the Rabbithole Evolved Web Application Security Testing – Rafal Los @rafallos
1:30pm – 2:20pmThe Unintended Consequences of Beating Users with Carrot Sticks: Radical Thoughts on Security Reform – Ben Tomhave @falconsview
2:30pm – 2:50pmBreak 
3:00pm – 3:50pmCERTs or CIRTs in Canada – Adrien de Beaupré, EWA-Canada, isc.sans.edu
4:00pm – 4:50pmThe Nmap Scripting Engine: Making Nmap work for you! – Ron Bowes @iagox86
4:50pm – 5:00PMClosing Remarks – Andrew Hay & Justin Foster
5:00pm onwardsDinner and drinks downtown

More information here.

Dark Reading Post: Monitoring With Network Flow Technology

drCheck out my latest blog post on Dark Reading’s Security Monitoring Tech Center entitled “Monitoring With Network Flow Technology“:

A network flow is a data entity that contains information related to a unidirectional sequence of packets on an IP network. Comprised of source and destination port and IP address information as well as IP protocol, ingress interface, and type of service (ToS) entries, the data (organized as flow records) serves to provide high-level insight into what is happening on the network. Every major routing and switching infrastructure vendor supports the generation of network flows in some iteration…

The full article can be viewed here: http://www.darkreading.com/security_monitoring/blog/archives/2010/10/monitoring_with.html

LogChat Podcast 1: Anton Chuvakin and Andrew Hay Talk Logs

“LogChat” Podcast is born! Everybody knows that all this world needs is a podcast devoted to logs, logging and log management (as well as SIEM, incident response and other closely related subjects).

And now you have it – through the sheer combined genius of Anton Chuvakin and myself, Andrew Hay.

Administrative items first:

  1. We need a new name! We are not entirely happy with “LogChat” and, sadly, “LogTalk” is taken. Please suggest a name – if we pick yours, you get a free signed copy of Anton’s PCI Compliance” book.
  2. We will post the transcript, not just the MP3 file – in a few days. If you have ideas for a good/inexpensive transcribing service, we are all ears. We will try Amazon Mechanical Turk first, but it might not be good enough for a technical podcast.

Please also suggest topics to cover as well – even though we are not likely to run out of ideas for a few years. Our first topic today is new log source integration – if it sounds boring…well…listen first/judge second 🙂

We plan for this to be a monthly podcast. So, the next one will happen sometime early October.

Any other feedback is HUGELY useful. Is it too long? Too loud? Not enough jokes? Too few mentions of the “cloud”? Feedback please! Who knows…maybe there are more PCI books left in my secret stash and you too will earn that glorious prize for the most useful piece of feedback 🙂

And now, in all its, glory – the podcast: the link to MP3 is here [MP3].

Enjoy the log chat!

Scroll to top