domingo, 17 de abril de 2011

BlueHat Security Forum Sao Paulo 2011

Cuando aun no había terminado de disfrutar el éxito de "Doing Blue Security Forum" y lo enriquecedor de dichas jornadas, ya estaba volando a Sao Paulo para participar como espectador de otro de los eventos con los que ya me he encariñado :), me estoy refiriendo a "BlueHat Security Forum", esta vez edición Sao Paulo!

Participar de una nueva edición de BlueHat, de momento sigue siendo un privilegio (?) puesto que solo se accede a dichas conferencias solo por invitación directa de Microsoft EEUU. Dichas invitaciones, por lo general están dirigidas a no mas de 200 investigadores y tomadores de decisiones (En este caso latinoamericanos) en temas de seguridad, tanto de organizaciones privadas como gubernamentales.

En esta oportunidad, si bien en mi modesta opinión esta edición no ha logrado superar aquella llevada a cabo en Buenos Aires (Ver blog de Leo), lo cierto es que de todos modos ha valido mucho la pena el viaje :)

Pero... cual era la agenda? aquí va:


Café de Manhã -  Breakfast & Meet and Greet
09:30-09:45      Welcome    Ricardo Lerner, Vice President FIESP
09:45-10:00      Welcome    Paula Bellizia, Director Microsoft Brasil  Business & Marketing Organization
10:00-10:45       The Latin American Threat Landscape – David Monnier Team Cymru
Team Cymru, pronounced “kum-ree”, a US-based not-for-profit security research group, is an independent and impartial advocate for Internet security and a world leader in information security analysis. Using data from around the world, Dave Monnier will provide a detailed and up-to-date view of the Latin American threat landscape and will help the audience to understand how the region is doing in comparison with the rest of the world.  Dave will show specific categories of badness like bots, compromised infrastructure devices, services open to abuse, and the like and provide insight into the workings of the eCrime ecosystem and its linkages to the legitimate economy.   

10:45-11:00         -15 min coffee break-

11:00-11:45       A security Comparison of OpenOffice and Microsoft Office
Will Dorman – CERT-CC (USA) &  Tom Gallagher – Principal Test Lead – Microsoft Office
Will Dorman (CERT-CC) will describe the tools and methodologies used to test popular Productivity Suite and will provide comparative results for OpenOffice and Microsoft Office.  Tom Gallagher – Principal test lead in Office will describe the tools and methodologies used as part of the Security Development Lifecycle for Microsoft Office.  Will and Tom jointly will provide best practice engineering and response guidance to software developers, IT managers and decision makers responsible for purchasing.


11:45-12:30       What Can Brazil Learn from the German digital ID program – Felix 'FX' Lindner (Head of Recurity Labs)
Germany rolled out a national digital ID in 2010. FX will give a security researcher’s perspective on the some of the technical, social and business issues encountered and suggest lessons Brazil can learn as it rolls out the RIC

12:20-14:00        Lunch – Lunch will be provided for all attendees.
Afternoon Block
14:00-14:45       Cloud Security Considerations and Solutions  -
John WaltonPrincipal Security Manager, Microsoft Online Services
During the coming year many organizations will attempt to balance the promise and challenges of Cloud Computing.  John Walton – Security Manager of Microsoft’s Business Online Services Division spent the last 5 years helping Microsoft meet those challenges while developing Microsoft’s cloud offerings.  He will enumerate the risks and benefits every IT Manager and business decision maker must understand by describing how his team addressed cloud security concerns and ultimately delivered Office365.  Office 365 brings together cloud versions of Microsoft’s most trusted communications and collaboration products with the latest software for businesses of all sizes.

14:45-15:45       Evolving the Security Capability in the Microsoft Trustworthy Computing Division
Mike Reavey  Director Microsoft Security Response Center
Microsoft formalized its security engineering and incident response processes in reaction to the dramatic changes in the security landscape and the threat environment. Mike Reavey will recount the maturing of the Microsoft security capability to its current focus on Collaborative Defense and highlight lessons, methodologies, strategies what Brazilian organizations can employ to help them meeting the continuing challenge of the evolving security landscape.

15:45-16:00         -15 min coffee break-


16:00-17:00       Lightning Talks* - Various attendees
17:00 – 18:00    BlueHat Reception – Join us after BlueHat sessions for drinks and appetizers.


Nada mal no crees? claro que no! realmente ha sido grato ver a unos cuantos referentes y tener la oportunidad de interactuar como siempre con colegas y publico en general. Aqui dejo unas fotos de alguno de los oradores:

Julien Vanegue (Microsoft Security Science Team)
John WaltonPrincipal Security Manager, Microsoft Online Services

Felix 'FX' Lindner (Head of Recurity Labs)

David Monnier Team Cymru

\
Anchises Moraes

Andrew Cushman

Tom Gallagher – Principal Test Lead – Microsoft Office

Por ultimo, solo decir que como BlueHat nos tiene acostumbrados, el nivel de información ha sido realmente bueno, capaz de cumplir con la expectativa de casi todos.
A excepción de alguna de ellas, todas las charlas han sido realmente enriquecedoras y con bastante valor agregado sobre todo, basado en los oradores, todos ellos grandes conocidos de muchos de nosotros ya sea por sus trabajos de invetigación, sus logros profesionales o sus magníficos libros :)

Las charlas del final (Lightning Talks) también estuvieron bien, conversando acerca de algunas iniciativas de inclusión en Brasil mediante la tecnología y el hacking, la experiencia del CERT de Brasil y algunas otras cosas interesantes...

Aqui algunas de las pocas fotografias que he tomado de algunos de los slides que por algun motivo en el momento me llamaron la atención:

Comparativas de la gente de MS

Algunos Datos Respecto de Explotabilidad (Según MS)

No hay comentarios.: