Upcoming Talks in 2012

I’m pleased to announce three upcoming speaking engagements in 2012!

First, I’ve been busy working with Karl Brophey on the Behavioral Security Modeling whitepaper I promised back in September 2011 at OWASP AppSec USA here in Minneapolis. Karl has a wealth of experience in software development and architecture, and we will be publishing the paper and giving a presentation at Secure360 in St Paul on May 8. If you are going, make sure to register for the Secure360 Run/Walk for ECHO!

Second, I’ll also be speaking the day before (on May 7) at SIRACon, the first-ever conference of the Society of Information Risk Analysts, on “Organizing Risk Management Programs, or, What I Learned from the Secret Service and the Aviation Industry,” where I will make the case for splitting up risk management into two separate functions: information protection (like the Secret Service), and information safety (like the airline industry). While I’m excited to be speaking, I’m even more exited to see the other talks, given by Risk Management thought leaders from around the country.

Finally, I just learned today that my proposal for the ISC2 Security Congress in Philadelphia was accepted, and I’ll be speaking on September 10 on “Defending Against Attacks by Modeling Threat Behaviors,” which will demonstrate how knowledge of attacker behaviors can be used to evaluate and improve application and infrastructure design. It’s my attempt to improve upon traditional threat modeling. The ISC Security Congress is co-located with the ASIS International conference, and I’m looking forward to attending talks from the world of physical security.