LASCON X has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Core [clear filter]
Thursday, October 24


Achieve AI-powered API Privacy using Open Source
This presentation, part talk and part practical demonstration, will introduce Privacy-by-Design (PbD) onto a typical software application as part of a Secure Development Lifecycle, with a live demo showcasing how artificial intelligence (AI) can contribute to the process. We will cover:

- How ever-increasing privacy regulation impacts the software industry now, and what the future may bring.
- What lessons we can learn from the DevSecOps approach to security
- How we can harness both PbD and threat modeling to control software risk up front, addressing privacy issues before they impact consumers
- Leveraging security defense approaches to protect customer information
- Introduction to Deep Neural Networks (DNN); how DNN can be leveraged to address privacy concerns
- How to use free and open source software (TensorFlow, Keras and PrivAPI) to roll out Privacy-by-Design
- Live demo based on free and open source stack(s); showcasing AI for detecting sensitive dataflows in a typical API

avatar for Gianluca Brigandi

Gianluca Brigandi

Security and Privacy Researcher, Atricore Inc.
Gianluca Brigandi is a developer, security researcher, entrepreneur and open source contributor. His work in the past 15 years has revolved around delivering products at the intersections of privacy, application and container security, Identity & Access Management and AI.Gianluca... Read More →

Thursday October 24, 2019 1:00pm - 2:00pm
Cypress Room 2525 W Anderson Ln #365, Austin, TX 78757, USA


Threat Modelling Stories from the Trenches
Threat modelling is a software analysis technique capable of finding design defects. But what sort of issues are uncovered in practice using threat modelling? This talk bridges the gap between theory and practice by describing case studies – design flaws uncovered for actual (but anonymised) systems across many domains, for example online gaming, two-factor authentication, business-to-business, embedded, and cloud. In this talk we are less concerned with theory. Instead, in this interactive session the attendee will gain insight into the mindset of threat modelling by considering mistakes in the real-world. Along the way we will (re)learn secure design principles and attack patterns and see how the theory is expressed in reality.


Stark Riedesel

Associate Principal Consultant, Synopsys

Thursday October 24, 2019 2:00pm - 3:00pm
Cypress Room 2525 W Anderson Ln #365, Austin, TX 78757, USA


Cloud Security At Scale: Managing the Chaos
This talk will cover the journey that many organizations take when moving to the cloud. Large enterprises face a harder road moving their on-prem and legacy infrastructure to the cloud in a secure way. We'll discuss the dos and don't while making that journey.

avatar for Ken Toler

Ken Toler

Consultant, IBM
avatar for Michael McCabe

Michael McCabe

President, MBM Consultants
Michael McCabe is the president of MBM Consultants. Michael helps clients migrate their workloads to the cloud in a secure and managed way. He's worked with large financials during their cloud migrations and transformations. He focuses on creating secure, sane and organized solutions... Read More →

Thursday October 24, 2019 3:00pm - 4:00pm
Cypress Room 2525 W Anderson Ln #365, Austin, TX 78757, USA
Friday, October 25


Security Management 101: Practical Techniques They Should’ve Taught You
Becoming a new manager in information security can be overwhelming. As demand for security professionals increases, technical contributors find themselves thrust into management and leadership positions, and often feel poorly equipped. Unfortunately, they grapple for answers, resources, and support in a haphazard way, lacking clarity or effective practices.

This presentation introduces the fundamental activities a new manager should adopt. It addresses the differences between technical contribution and management, and between management and leadership. The intended audience are those hungry for guidance, those starting to figure things out the hard way, and those who simply want to deliver outstanding value to their employers and the security profession.

The topics include concrete recommendations about how to build relationships with one’s team and get results. If you’re ready to meet others who are wrestling with similar issues and are driven to perform as a leader, let’s get started.

avatar for Philip J Beyer

Philip J Beyer

Vice President, Security Engineering, Global Payments
Philip Beyer is the Vice President of Security Engineering for Global Payments Inc. (NYSE: GPN), a leading pure play payments technology company delivering innovative software and services globally. He leads the teams building solutions to protect customer and cardholder data.Mr... Read More →

Friday October 25, 2019 10:00am - 11:00am
Cypress Room 2525 W Anderson Ln #365, Austin, TX 78757, USA


Offensive Threat Models Against the Supply Chain
This presentation focuses on applying a more adversarial threat model to supply chain systems that are integrated into client environments.  It focuses on how to research geo-political risk issues or historical threats that are specific to your industry as a means to begin with building an effective threat library.  From there, the presentation covers on how to build upon that library with a list of attack sequences and targets that would be the objects of your supply chain threat model.  

avatar for Tony UcedaVelez

Tony UcedaVelez

CEO/ Owner, VerSprite
Tony UcedaVélez is CEO at VerSprite, an Atlanta based security services firm assisting global multi-national corporations on various areas of cyber security, secure software development, threat modeling, application security, security governance, and security risk management. Tony... Read More →

Friday October 25, 2019 2:00pm - 3:00pm
Contrast Security Room 2525 W Anderson Ln #365, Austin, TX 78757, USA