And the Winner is….

A REVIEW OF BLACK HAT’S 2011 PREVIEW DOESN’T DISAPPOINT

(LiveHacking.Com) — As a security compliance professional with a limited training budget, I really had to do my home work this year to choose my learning opportunities wisely. So when the question came up “Are you going to Black Hat this year?” I had to pause and ponder… Am I? So off I went to do my research: Who’s going to speak, present, train, showcase this year and what will the ‘wow’ factor be? In doing my ‘use your money wisely’ research, I looked at other security conferences that offer training and I discovered that the Computer Security Institute’s (CSI) annual conference has been canceled this year and they are actually referring people to Black Hat. After completing my research, I had made my ‘more bang for my corporate buck decision’. And the winner is… Black Hat wins hands down!

This year’s event will be hosted at Caesars Palace in Las Vegas July 30th -Aug 4th and offer over 50 multi-day training sessions, feature 7 Briefings tracks with the latest research, and 2 workshop tracks dedicated to practical application and demonstration of tools. Over the years, Black Hat has earned the reputation for being the premier security event where members of the security industry gather together to learn from elite security researchers, discuss threats to an organization and develop ways to tackle them.

Previous years, have entertainingly educated us. In 2010, I found out:

Our money isn’t safe – researcher Barnaby Jack demonstrated how some ATMs are not very hard to compromise. He did it by both physically opening the machine & installing malware on it and by compromising the ATM over the network.

Our cell phones aren’t safe – Mobile Security was hit hard in 2010, Carmen Sandiego showed that you don’t have to be a phone company or government to find out who’s using a particular cell phone number or where the phone is located. I actually used this scenario for a Mock Security Incident at my company this year. – Thanks for the great idea Black Hat!

So what can we expect from Black Hat 2011? – Glad you asked. New this year, Black Hat has formed a Content Review Board comprised of sixteen experts throughout the areas of information security. As a part of this peer review, Black Hat will bring public and private sector security professionals and underground hackers together to uncover groundbreaking vulnerabilities and debut new security tools. Not surprisingly this year is expected to be the biggest Black Hat Conference yet, with over 6,000 Black Hatters in attendance. 2011’s special events include: Def Con, Black Hat Arsenal, Executive Briefing, and USA 2011 Uplink: Live Streaming Video.

2011 Key Note Speakers are Cofer Black and Peiter “Mudge” Zatko. Cofer, will discuss the 10th Anniversary of 9/11 and Lessons Learned for Black Hat. And Mudge, will discuss How a Hacker Has Helped Influence the Government – and Vice Versa.

In addition to the top-notch key note speakers, I am definitely looking forward to catching many of the countless opportunities to learn, grow, gain insight, and engage in great industry discussions. Here is my choice of top 10 events that I will be sure to look for:

1. Faces Of Facebook-Or, How The Largest Real ID Database In The World Came To Be
2. Legal Aspects of Cybersecurity (AKA) CYBERLAW: A Year in Review, Cases, issues, your questions my (alleged) answers
3. The Law of Mobile Privacy and Security
4. SSH as the next back door. Are you giving hackers root access?
5. Don’t Drop the SOAP: Real World Web Service Testing for Web Hackers
6. Reverse Engineering Browser Components: Dissecting and Hacking Silverlight, HTML 5 and Flex
7. Corporate Espionage for Dummies: The Hidden Threat of Embedded Web Servers
8. Staring into the Abyss: The Dark Side of Security and Professional Intelligence
9. WORKSHOP – Infosec 2021: A Career Odyssey
10. Turbo Talk – Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities

Honorable Mention – I love this title! – Don’t Hate the Player, Hate the Game: Inside the Android Security Patch Lifecycle

About the author:
Angel’s Security Compliance knowledge is well honed by her experience from working with and consulting for multiple companies in a variety of industries. Peers and customers consider her a knowledgeable and positive motivator at all levels. She has had the pleasure of establishing an effective security program at multiple companies designed to addresses information system threats and corporate risks. She takes great pride in her ability to assist with business, operational and technology concerns. She understands the benefits gained from explaining risks in a business-oriented, non-technical manner. She believes that educating people in security, compliance and risk management ‘common sense’ is the foundation to any successful security program. Angel also prides herself in staying on top of industry standards and new innovations in the security and compliance field. Her professional past time includes meeting and networking with peers that have similar interest and goals. Her personal motto is: “Work hard, work smart, never stop learning or listening, do what’s right all of the time and never burn bridges.”