5 Sessions I’m Looking Forward to at BlackHat 2014

In less than a week, I’ll be in Las Vegas for BlackHat 2014, along with thousands of security professionals. While my primary reason for being there is to staff the Druva booth, that hasn’t stopped me from following the #BHUSA conversation on Twitter and checking out the conference session schedule. Out of all the topics, these top five sessions caught my eye:

  1. Mobile Security Roundtable: What Does Mobile Security Look Like Today? What Will It Look Like Tomorrow?
    Here at Druva, we often talk about data protection challenges that arise as users store more data on mobile devices. The rise in mobile devices brings a rise in attacks on these devices, surfacing new concerns around mobile security. From the platforms themselves to the apps that reside on them, this session, led by Vincenzo Iozzo and Peiter Zatko, promises to look at the challenges around mobile device security and the intricacies of securing at every level — application, baseband, kernel, etc.
  2. OpenStack Cloud at Yahoo Scale: How To Avoid Disaster
    Last year, we started supporting OpenStack for Private Cloud deployments, so this session jumped out at me. Using OpenStack offers many benefits — massive scalability and the ability to use commodity hardware — but like any infrastructure, it needs to be adequately secured. This session is going to be great because of the real-world examples it promises: Anders Beitnes from Yahoo will use examples from their deployments to illustrate what you can do to harden an OpenStack cluster and make it more difficult for a large compromise to happen.
  3. Stay Out of the Kitchen: A DLP Security Bake-off
    One of the things our customers are concerned about is the risk of data breach from lost and stolen equipment, so to address this, we built data loss prevention (DLP) features into inSync. DLP is great, but not if it’s insecure and can be easily worked around. In this session, presenters Zach Lanier and Kelly Lum say they will demonstrate flaws in administrative and programmatic interfaces and inspection engines that they discovered in several DLP solutions.
  4. Pivoting in Amazon Clouds
    For our cloud deployment, we leverage Amazon Web Services and have a whole white-paper-worth of certifications, authentication controls, encryption, and more. Therefore, this session, which aims to teach attendees about the security of the components used in Amazon’s cloud applications, caught my eye. Presenter Andres Riancho will talk attendees through security at each level as if they were following a knowledgeable intruder.
  5. Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA?
    This session has nothing to do with anything related to data security, mobility, or endpoints, but it caught my attention simply because I’m a frequent traveler. I go through airport security without giving much thought to the behind-the-scenes workings. In this session, presenter Billy Rios will explain some of the sophisticated technology used at airport security, why airport security checkpoints are set up in particular configurations, and what some of the weaknesses of these security systems are. I doubt I will go through airport security again without thinking about it!

Which conference sessions do you think are essential? Because I can always make a little more room in my schedule.