SecurityCRob/presentations

Presentations CRob has given over the years

presentations

Presentations CRob has given over the years

Infosec Presentations

• AppDev & SecArch - building a better future together - A presentation on how developers and security folks can work better together
• AppSec Panel of Power - PSL Edition - A panel we did with Chris Bush, Scott Geotte, and Dave Russo at the 2023 CLE-ISS
• Circles and Boxes - A presentation about Security Architecture as a disipline from Derbycon 2015 Video
• Cracks in the Foundation - A presentation about observed patterns many infosec programs follow and suggestions on how to avoid them at a CLE-ISS
• Culture Club - A presentation about how to cultivate a positive culture on an infosec team and with your stakeholders from a spring CLE-ISS
• Having a Career in InfoSec - Presentation we gave for newcomers interested in having a career in information security and the CISSP certification at a CLE-ISS
• Introducing the Cart to the Horse - A presentation telling the tale of how to assemble a high-performing infosec CSIRT team at IBM Interconnect 2015
• Little Red Riding CRob and the Big, Scary Log Journey - Circa 2007 hand-doodled presentation for a SplunkLive event
• Measuring and Reporting Risk - A presentation where CyberFace helps us understand different ways to measure, manage, and communicate risk to stakeholders at the 2021 CLE-ISS
• Mock Incident - Oh Pastebin, what have you done to me? - Mock incident run at a past CLE-ISS conference
• Mock Incident - all your networks are belong to us - Another mock incident we ran at CLE-ISS 2014
• Security, Compliance, and Quantum Entanglement - a 2023 CLE-ISS keynote I did with Kevin Baker about how Secuity and Compliance programs are "entangled" together
• Security Jeopardy - Application Security A game we ran at a conference around application security concepts at a CLE-ISS
• Security Jeopardy - CIS Controls - A game we ran at a conference around the CIS Controls
• CLE-ISS-2018 - Choose Your Own Disaster: The Curious Case of the Cloudy Conundrum - A Mock Disaster Dave Russo and I ran about Cloud-based companies having a bad day at the CLE-ISS 2018
• CLE-ISS-2019 - Choose Your Own Disaster: Zippy Spacedirt and the Spiders from the Web

PSIRT Presentations

• A Day in the Life of a TPC CVE - A presentation on how Third Party Component CVEs should be managed by a PSIRT
• CLE-ISS 2017 - Hitchhiker's Guide to Vulnerabiities - A presentations I did with Dave Russo reviewing common terms and practices used in Coordination Vulnerabiity Disclosure (CVD) at a CLE-ISS. Here is a delightful picture of Dave and I in our robes.
• Don't Be Elmer (FUD) - A presentation for the 2023 FIRST PSIRT TC providing advice on how the PSIRT should read security vulnerability reports, red flags to look for, and techniques to working more effectively with security researchers.
• I Found a Vulnerability, Now What? - A presentation Lisa Bradley and I gave at Derbycon 2018 about how security researchers and PSIRTs can more efficiently communicate. Video
• PSIRT Maturity - A presentation on how to measure and improve the maturity of your PSIRT at the FIRST PSIRT TC 2020
• Starting and Maturing a PSIRT - A presentation talking about key services a PSIRT should provide their stakeholders and how to improve the maturity of those capabilities

OSS Presentations

• Free Fish Aren't Free - A presentation about how open source software projects work and how steps downstream consumers of those projects need to do to ensure they are secure from several conferences in 2021
• Implementing the OSSF Best Practices Badges & Scorecards into your project - A presentation that Dr. Wheeler and I have given at the 2023 OSS-NA and OSS-EU conferences about how developers can integrate the OSSF Best Practices Badge and OSSF Scorecard into their projects. There also were videos for the NA and EU]( ) sessions.
• Open By Default - A presentation about 2019 CVEs in open source software from the FIRST PSIRT TC 2019
• Open Source doesn't care about you, but you should care about it - A presentation about how vulnerabilties are worked upstream and about things downstream consumers should be aware of/plan for the inevitable vulnerability in some open source software they are using - FIRSTCON2022 & CLE-ISS 2022
• Securing OSS At Scale - a presentation about OSS threats and how the Open Source Security Foundation is working to address them from Blackhat 2021 & OSS-NA 2022 Youtube Video
• The Chain - an open source software supply chain talk I've given in 2023 at the Intel Vision, Cloud Nirvana, and CLE-ISS conferences
• The Future of Open Source is Trust - a keynote I gave around how open source always was and will be based on trust at the OSS-EU 2022 YouTube Video
• Zero Day Preppers - A presentation about zero days in open source and how maintainers/contributors can work to ensure positive outcomes from them from OSS-NA 2022