Program Overview

Thursday, 2 March

Track 1 (Room 110)Track 2 (Room 120)
08:00 – 08:30

Checkin and Continental Breakfast

08:45 – 09:00

Welcome

Hira Advani (IBM Software Chief Security Compliance Officer)

09:00 – 10:00

Keynote

Ravi Mani (Director & CISO, IBM Watson Platform Security)

10:00 – 10:15

Coffee Break

10:15 – 11:00

PSIRT Services Framework

Peter Allor (IBM)

11:00 – 11:15

Break: Q&A, Meet People, Move to Next Talk

11:15 – 12:00

Operations Technology and IoT

Fred Cohn (Schneider Electric) & Rupert Wimmer (Siemens)

A Year in the Life of Branded Flaws in Open Source

Christopher Robinson (Red Hat)

12:00 – 13:00

Lunch (Provided)

13:00 – 13:45

Evolving vulnerability coordination in Japan

Takayuki Uchiyama (JPCERT/CC)

Remediation Timelines for Product Security Vulnerabilities

Beverly Finch (Lenovo)

13:45 – 14:00

Break: Q&A, Meet People, Move to Next Talk

14:00 – 14:45

Building and Maturing your PSIRT

Lisa Bradley (NVIDIA), Christopher Robinson (Red Hat)

Evolving role of PSIRT in the Cloud

Vic Chung (SAP)

14:45 – 15:00

Coffee Break: Q&A, Meet People, Move to Next Talk

15:00 – 16:00

Threat Modeling

Kenneth Van Wyk (KRvW Consulting)

Gameshow! Gameshow! Branded Flaws Jeopardy!

Christopher Robinson (Red Hat)

18:00 – 22:00

Carolina Ale House in Brier Creek

Friday, 3 March

Track 1 (Room 110)Track 2 (Room 120)
08:00 – 08:30

Arrival and Continental Breakfast

08:30 – 09:15

MultiParty Disclosure

Brian Willis (FIRST)

09:15 – 10:00

CVE and the CNA Program

Daniel Adinolfi (The MITRE Corporation)

10:00 – 10:15

Coffee Break

10:15 – 11:00

PSIRT Framework: Function 5.3.4 Engage with Security Vendors

Jerry Bryant (Microsoft)

How to Transform Developers into Security People

Chris Romeo (Security Journey)

11:00 – 11:15

Break: Q&A, Meet People, Move to Next Talk

11:15 – 12:00

BoF Sessions - How PSIRT is Structured and why? AND Triage Process - High-Priority Cases

How IBM manages Open Source vulnerabilities in IBM Offerings?

Pratibha Rikh (IBM)

12:00 – 13:00

Lunch (Provided)

13:00 – 13:45

BoF Sessions - Metrics - External / directed / appropriated from internal derived AND Ticketing System / Case tracking / case numbers

AppSec Behaviors for DevOps Breed Security Culture Change

Chris Romeo (Security Journey)

13:45 – 14:00

Break: Q&A, Meet People, Move to Next Talk

14:00 – 14:45

BoF Sessions - CVRF 1.1 >1.2 > CSAF OASIS CSAF (Common Security Advisory Format) AND Show and Tell - Sharing PSIRT Operational Lessons, CVE / CNA

MITRE

THINKPWN: PSIRT Case Study of a Zero-Day

Amy Rose & Bill Jaeger (Lenovo)

14:45 – 15:00

Closing Session