Monta Elkins was recently asked to give this expert talk to US Congressional Staffers in Washington DC! In this presentation, Monta covers the best practices that business owners need to consider to responsibly deal with vulnerability disclosures, i.e. when someone calls you about a vulnerability, or your own people discover a vulnerability in your or someone else’s systems or software. Don’t miss your chance to join us at the upcoming Cyber Security Forum for this one-time local presentation of How to Treat Your “Hacker”: Security Researchers and Responsible Vulnerability Disclosure.
Q: What are the pluses and minuses of security vulnerability disclosures?
Q: What do you do if someone finds a vulnerability in your product, site, or systems?
Q: What are the recommended ways to disclose vulnerabilities and respond to a vulnerability disclosure your people find?
Someone just called your organization’s switchboard (the only phone number they could find) and declared they had discovered what they think is a serious security problem in your product or service. They said they are planning to publish the information soon, but wanted to call you first.
What would your organization do with such advanced notice?
On the other side:
You are a hard-working cyber security researcher that has just uncovered a significant vulnerability in a popular device, either on your own, or for a client, and you are concerned about the potential abuse of it. How can responsible disclosure help ensure that the vulnerability is rectified while recognizing your hard work, and without painting you as ‘the bad guy’.
We’ll cover how to deal with vulnerability disclosures from both perspectives, how to use them to mutual advantage as well as key things NOT to do.
Monta Elkins is currently “Hacker-in-Chief” for FoxGuard Solutions, an ICS patch provider. He is a security researcher/consultant and BFFs with the elusive #TrooperBR549. Considered by many of his friends to be the Chuck Norris of ICS Cybersecurity, Rackspace enjoyed his tenure as Security Architect, and Radford University hired him as their first Information Security Officer.
Known for having once discovered ALL the devices on an ICS network, Monta is the author of “Defense Against the Dark Arts” a series of hands-on hacker tools and techniques classes and SANS instructor. He has served as a guest lecturer for colleges, universities and elsewhere teaching Arduino programming/circuit design, SDR, and rapid prototyping techniques. As a small child, he entertained himself by memorizing Pi — backwards.
When: Thursday, June 27 from 5:30 to 7:30 pm
Where: FoxGuard Solutions | 2285 Prospect Dr, Christiansburg, VA 24073
Cost: Members $15.00 | Future Members $25.00 | Students $5.00