O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The O'Reilly Security Conference - New York, NY 2016

Video Description

A founding member of the Google security team; one of the seven key shareholders able to restore the Internet’s Domain Name System; a former instructor at an information warfare school; the co-inventor of the Yubikey; a principal investigator in the Zotob criminal investigation. These are the bona fide security backgrounds of just four of the 82 world-class experts O'Reilly Media gathered together for "Security 2016 New York," O'Reilly's first-ever conference on the threats facing today's Internet. This video compilation provides you with a front row seat for each of the 51 sessions, 8 half-day tutorials, and 6 keynotes delivered at the conference. Looking for new ways to fend off a targeted attack, eject persistent intruders from your environment, or recover quickly and effectively from a breach? Need to integrate new technology into your environment securely and successfully? Need to figure out how to keep your access controls (to data, network, or cloud) effective at scale—without losing your mind? Get this video compilation (more than 60 hours of material) and you’ll get answers to those questions and more.

  • Enjoy complete access to each of the conference’s 51 sessions, 8 half-day tutorials, and 6 keynotes
  • Hear 82 of the world’s top experts provide pragmatic advice on defensive cybersecurity practices
  • Get tutorials on microservices security, writing secure Node code, threat modeling, and more
  • Learn from White Ops’ Dan Kaminsky about Autoclave, defensive trickery, and better cryptography
  • Watch DARPA’s Michael Walker describe the world's first autonomous computer security systems
  • Hear from Yubico’s Stina Ehrensvard on FIDO U2F and the future of strong online identities
  • Learn about Fastly’s Incident Command protocol and Etsy’s real-time security alerting tool, 411
  • See Matt Tesauro explain the OWASP AppSec Pipeline project that makes appsec affordable to all
  • Learn about detecting security threats with Apache Hadoop and the new Apache Spot
  • Get 17 sessions on security tools and processes and 9 on security and data science

Table of Contents

  1. The O'Reilly Security Conference Keynotes
    1. Once Upon a Future - Heather Adkins (Google) 00:20:55
    2. A Vision for Future Cybersecurity - Rebecca Bace (CFITS, University of South Alabama) 00:27:56
    3. Playing Through the Pain - The Impact of Secrets and Dark Knowledge on Security and Intelligence Professionals - Richard Thieme (ThiemeWorks) 00:32:59
    4. Security and Feudalism: Own or be pwned - Cory Doctorow (EFF) 00:32:54
    5. Meet the World's First Autonomous Computer Security Systems - Michael Walker (DARPA) 00:21:33
  2. Security in context (security datasci)
    1. Modern identity and access management for the Web - Jim Manico (Manicode Security) - Part 1 1:00:05
    2. Modern identity and access management for the Web - Jim Manico (Manicode Security) - Part 2 00:52:45
    3. Modern identity and access management for the Web - Jim Manico (Manicode Security) - Part 3 00:57:52
    4. Security data science beyond operations - Jay Jacobs (BitSight Technologies) 00:35:23
    5. Detecting anomalies efficiently at scale: A cybersecurity streaming data pipeline using Kafka and Akka clustering - Jeff Henrikson (Groovescale) 00:37:17
    6. Security analytics: Machine learning applied in the SOC - Macy Cronkrite (Splunk) 00:35:56
    7. The future of strong online identities: Simple, open, and mobile - Stina Ehrensvard (Yubico, Inc.) 00:32:57
    8. Classifiers under attack - David Evans (University of Virginia) 00:36:22
    9. Hello to the dark side: Understanding your adversaries without all those expensive threat intel tools - S. Grec (NovaInfosec Consulting) 00:49:55
  3. Tools & processes
    1. The industrial age of website bots: How to detect and block automated attacks - Ido Safruti (PerimeterX) and Chris Federico (PerimeterX) - Part 1 00:46:49
    2. The industrial age of website bots: How to detect and block automated attacks - Ido Safruti (PerimeterX) and Chris Federico (PerimeterX) - Part 2 00:35:18
    3. Microservices and security - Sam Newman (Atomist) - Part 1 00:55:34
    4. Microservices and security - Sam Newman (Atomist) - Part 2 00:54:40
    5. Microservices and security - Sam Newman (Atomist) - Part 3 00:57:27
    6. Writing secure Node code - Guy Podjarny (Snyk) and Danny Grander (Snyk) - Part 1 00:56:19
    7. Writing secure Node code - Guy Podjarny (Snyk) and Danny Grander (Snyk) - Part 2 00:52:40
    8. Writing secure Node code - Guy Podjarny (Snyk) and Danny Grander (Snyk) - Part 3 00:42:00
    9. Applying Docker security - Ben Hall (Katacoda | Ocelot Uproar) - Part 1 1:02:18
    10. Applying Docker security - Ben Hall (Katacoda | Ocelot Uproar) - Part 2 1:11:29
    11. Drilling into network data with Apache Drill - Charles Givre (Booz Allen Hamilton) - Part 1 00:52:23
    12. Drilling into network data with Apache Drill - Charles Givre (Booz Allen Hamilton) - Part 2 00:59:20
    13. Using Python to automate forensics - Philip Polstra (Bloomsburg University of Pennsylvania) - Part 1 1:00:25
    14. Using Python to automate forensics - Philip Polstra (Bloomsburg University of Pennsylvania) - Part 2 00:46:18
    15. Using Python to automate forensics - Philip Polstra (Bloomsburg University of Pennsylvania) - Part 3 00:42:37
    16. Incident Command: The far side of the edge - Maarten Van Horenbeeck (Fastly), Lisa Phillips (Fastly), and Tom Daly (Fastly) 00:38:47
    17. Benefits of isolation provided by containers - Jessica Frazelle (Google) 00:29:02
    18. Operationalizing risk - Bruce Potter (KEYW Corporation) 00:41:39
    19. Migrating to HTTPS - Eric Lawrence (Google) 00:39:58
    20. Infrastructure is code: A DevOps approach to PCI compliance - John Bullard (Distil Networks) and Benji Taylor (Distil Networks) 00:37:04
    21. You don’t need to be a unicorn to have great security: Appsec programs for the rest of us - Aaron Weaver (Cengage) and Matt Tesauro (Pearson plc) 00:41:25
    22. Securing application deployments in a multitenant CI/CD environment - Binu Ramakrishnan (Yahoo) 00:35:04
  4. Bridging business & security
    1. User experience and security: Enemies or allies? - Peter Hesse (10Pearls) 00:36:20
    2. A social scientist’s perspective on how the intersection of humans and technology will shape the future workforce - Andrea Limbago (Endgame) 00:39:21
    3. Protecting your organization against ransomware (while ensuring no one sends you a Christmas card) - Allan Liska (Recorded Future) and Timothy Gallo (Symantec) 00:46:08
    4. Criminal cost modeling - Chris Baker (Dyn) 00:45:17
    5. Automating security in the cloud: Modernizing technology governance - Timothy Sandage (Amazon Web Services) 00:47:40
    6. Hacker quantified security - Alex Rice (HackerOne) 00:32:10
  5. Sponsored
    1. Moving cybersecurity forward: Introducing Apache Spot - Rocky DeStefano (Cloudera) 00:39:19
    2. Intrusion ≠ breach: Reducing risk via faster detection and response - Chris Martin (LogRhythm) 00:37:20
    3. Why current security practices are ineffective against today's hackers - Paul Poh (SecurityScorecard) 00:38:01
    4. The third wave of application security - Jacob Hansen (Cobalt) and Caroline Wong (Cobalt) 00:37:02
  6. The human element
    1. Security FORCE: A model for highly reliable security behaviors and cultures - Lance Hayden (ePatientFinder) 00:38:24
    2. Educating the steel pipeline - Jamesha Fisher (GitHub), Christina Morillo (wocintechChat.com), Quiessence Phillips (Barclays | JOURNi), Heather Adkins (Google), and Krystall Parrington (DePaul University) 00:44:10
    3. The groupthink vulnerability: Impacts and countermeasures - Laura Mather (Unitive) 00:42:48
    4. The future UX of security software - Audrey Crane (DesignMap) 00:35:19
    5. Building a product security incident response team: Lessons learned from the hivemind - Kymberlee Price (Bugcrowd) 00:42:55
    6. Privacy and threat in practice: Lessons from at-risk user populations - Sara "Scout" Brody (Simply Secure) 00:40:41
    7. Saving time: How a few committed people helped hold up the Internet. . .again - Susan Sons (Center for Applied Cybersecurity Research, Indiana University) 00:35:06
    8. The economics of cybersecurity - Fernando Montenegro (vArmour) 00:38:50
    9. A technical dive into defensive trickery - Dan Kaminsky (White Ops) 00:50:20