If You Missed Suits and Spooks NY, Here It Is On Video

O'Reilly Media, the publisher of my book Inside Cyber Warfare, has produced a video compilation of our Suits and Spooks event. I'm proud to say that this is the first non-O'Reilly conference that they have produced for sale and it looks great. It doesn't include every speaker because some of the talks were under Chatham House rules, but here are the speakers that are included:

• The Top 50 Non-state Hacker Groups in the World - Christopher Ahlberg (CEO of RecordedFuture)
• Out of the Mountains: A Future of Feral Cities, Urban Systems Under Stress, and Increasing Overlaps Between the Real and Virtual Worlds - David Kilcullen (CEO of Caerus Associates)
• Emerging Bad Actors in the Virtual and Physical Worlds (Jeffrey Carr, Moderator with Dr. David Kilcullen, Jonathan Hutson, Thomas Dzieran, Aaron Weisburd, Peter Mattis, and John Scott-Railton)
• How to Survive a Surveillance-friendly Environment - Mike Janke (Co-founder, CEO of Silent Circle)
• Should Defensive Strategies be Specific to the Threat Actor or Generalized for all Threat Actors? (Jeffrey Carr, Moderator with Pierre-Marc Bureau (ESET), Derek Manky (Fortinet), Roel Schouwenberg (Kaspersky), Chris Coleman (LookingGlass), Brian Carrier (Basis Technology))
• Real-time Depiction of the Global Cyber Threat Landscape - Chris Coleman
• Icefog: Mercenary Hackers Who Focus on Supply Chain Attacks in Asia - Roel Schouwenberg
• Joseph Kony, the LRA and Elephant Poaching in Africa - Jonathan Hutson

The complete series is only $149. Here's where to order. We're going to be offering this again for Suits and Spooks DC so please let me know what you think.

Add to Cart View detail

Three Suits and Spooks Courses taught by 3 World-Renowned Experts: Limited Enrollment and Savings!

At Suits and Spooks events, we always have world-class speakers. But for 2014, I wanted to offer world-class training as well. For example, in January we're featuring:

CARMEN MEDINA: Specialist leader at Deloitte Consulting LLP after retiring from an almost 32 years-career at the Central Intelligence Agency where her roles included Director of the Center for the Study of Intelligence (CSI); the Deputy Director for Intelligence, and Chief of the Strategic Assessments Group in the Office of Transnational Issues, Directorate of Intelligence. She has led analysts working on Southern Africa and Central America, and helped to design the Global Coverage Program and innovate new production methods to support policymakers. In the early 1990s, she served overseas in Western Europe.

Course title: "Analytic Methodology and Critical Thinking for Cyber Intelligence and Information Security"

LANCE COTTRELL: Chief Scientist at Ntrepid Corp. and the founder and principal at Obscura Security. He founded Anonymizer Inc. in 1995, and is an internationally recognized expert in cryptography‚ online privacy‚ and Internet security.

Course title: "Tools, Techniques, and Pitfalls in Internet Anonymity and Pseudonymity"

ROB DUBOIS: Security advisor, smart power authority and retired U.S. Navy SEAL with experience in more than thirty nations. He recently served as the operations manager for the Department of Defense Red Team where his innovative tactics earned him the reputation of the U.S.’s “top terrorist”. Rob has provided his “Think like the Adversary” workshop to elite military units in combat zones, Fortune 500 companies, and agencies including the National Counterterrorism Center.

Course title: "Better Red than Dead: Learn to build your own full-spectrum Red Team with a veteran Red Team leader"

Originally, in order to attend a workshop you needed to also register for the conference. I've changed that policy so now you can take the training without having to register for Suits and Spooks DC, or you can register for both. Basically, it's now your choice.

Finally, in order to help us fill up these courses so as to have a more effective test on whether this is something that we continue to offer at Suits and Spooks events, I've lowered the tuition by 33% on all 3 courses until December 20th.

You can get complete details on each course by clicking on the course title, or call us with any questions you may have. Please help spread the word about this unique opportunity to learn from these highly esteemed professionals. Depending on our enrollment numbers, it may be the only time that we offer it.

Add to Cart View detail

Carmen Medina to teach Workshop on Analytic Methods and Critical Thinking at Suits and Spooks DC 2014

As the rush to the Cloud and the aggregation of data in amounts here-to-for unheard of accelerates, the one area that continues to suffer from lack of attention is the use of analytic methods designed to off-set cognitive bias; in other words the rare skill of critical thinking.

This is particularly true among information security companies but it applies across all industry vectors. I've recognized and railed against this problem for years, but now with Suits and Spooks entree into offering workshops, I'm able to offer a solution in the person of Carmen Medina.

Carmen is a CIA veteran of almost 32 years. She was the Director of the Center for the Study of Intelligence (CSI) from January 2007-December 2009. As the CSI Director, she developed and managed CIA’s first Agency-wide Lessons Learned Program. Her record as a visionary analytic thinker and a dedicated, caring leader made her widely recognized--inside CIA and beyond--as an articulate, passionate voice for excellence in intelligence.

From 2005 through 2007, she was the Deputy Director for Intelligence, a member of the executive team that led the CIA’s analytic directorate. In her CIA career, Carmen held positions of increasing responsibility to include Chief of the Strategic Assessments Group in the Office of Transnational Issues, Directorate of Intelligence. She has led analysts working on Southern Africa and Central America, and helped to design the Global Coverage Program and innovate new production methods to support policymakers. In the early 1990s, she served overseas in Western Europe.

By attending Carmen's four hour workshop on Analytic Methodology and Critical Thinking, your analysts will learn:

1. Different analytic techniques to help organize data.

2. The value chain of analytic insight.

3. Question templates to use when evaluating information.

4. Rules and techniques for using data and information.

5. Techniques to assist in more rigorous what if and future thinking.

The early bird rate for this workshop is only $495 and attendees must also register for Suits and Spooks DC. Complete information is available here. Register early to save money and to secure your seat.

Add to Cart View detail

A Suits and Spooks Collision in Washington DC

No, President Obama didn't authorize a CIA direct action against House Tea Party members who are keeping the government closed. The "Collision" that I'm talking about is the Suits and Spooks event that is happening in Washington DC on January 19-21. Some of you know that I've been reluctant to call it a "conference" ever since I created this event in 2011. Finally, thanks to my friend Jim Stogdill at O'Reilly Media, I've got a new name for it - a collision.

It's the perfect word because that's precisely what happens during many of the talks. It's not a Summit where high profile speakers get to express their opinions without the opportunity for audience members to question them. Our speakers understand that the content of their talks can be challenged at any time by the attendees. And since we keep our total attendance capped to under 150 and keep all of the sessions on a single track, there's a lot of interaction taking place that just doesn't happen at any other event. In fact, when you consider who some of our speakers are, that's a remarkable thing to experience.

Here are just a few of the 25 or so high profile speakers that we've lined up for SNS DC:

• Barbara M. Hunt: Co-founder of Cutting Edge C.A. who was formerly the Director for Capabilities of Tailored Access Operations at NSA as well as a 20 year veteran technical expert at CIA
• David Howe: CEO at Civitas Group; formerly Special Assistant to the President (Homeland Security Council)
• Carmen Medina: Career senior national security executive at CIA (retired). Assignments included Director for the Center of the Study of Intelligence; Deputy Director of  Intelligence; and Chief of the Strategic Assessments Group, Office of Transnational Issues, Directorate of Intelligence.
• Eric O’Neill: Attorney and co-founder, The Georgetown Group; former FBI operative who was instrumental in the Robert Hanssen espionage case.
• John Gilkes: Principal, Deloitte Financial Advisory Services; more than twenty years experience in asset tracing and recovery and in the management and conduct of financial/fraud investigations involving wire transfer fraud, bribery/corruption, and extortion.
• Steven Chabinsky: General Counsel, Chief Risk Officer at CrowdStrike; Previously Deputy Ass’t Director Cyber at FBI
• Stewart Baker: Partner, Steptoe & Johnson LLP; Previously Ass’t Secretary for Policy at DHS

Another first for Suits and Spooks DC 2014 will be our workshops. We're not a hacker con so you won't find the workshops that you're accustomed to at Blackhat and other events. That's because there's more to cyber security than malware alone. We'll be offering four workshops in January:

• Lance Cottrell, the founder of Anonymizer, will teach a half-day workshop on Internet Anonymity and Pseudonymity.
• Rob DuBois, a retired Navy SEAL and former director of operations for the Dept of Defense Red Team will teach a full-day course on how to train and operate a full spectrum red team.
• Carmen Medina, a former Deputy Director of Intelligence at CIA will teach a half-day course on analytic methods.
• Phil Rosenberg and John Gilkes will teach a course on financial fraud investigations and money laundering.

Registration for SNS DC is now open and we're already 25% full. Registration for the workshops is currently open for Lance Cottrell's topic and the others should be ready by next week (separate tuition is charged for the workshops). Here's the link for the SNS DC webpage. See you in January.

And if you're interested in having your company become a sponsor, please shoot me an email. 

Add to Cart View detail

Call for Papers: Suits and Spooks DC 2014 and Suits and Spooks Singapore 2014

Suits and Spooks DC is coming up on January 20-21, 2014 and Suits and Spooks Singapore will be March 20-21, 2014. The theme for both conferences will be on how companies can safely conduct business when they operate in what is essentially a digital battlefield. U.S. multinational firms not only have to contend with hacktivists targeting their websites and hacker groups stealing and selling their intellectual property. Their communications are being collected and monitored by most foreign intelligence services and insiders seem to be able to gain access to whatever they want.

If you've got an idea for a topic that fits this theme, please shoot me an email with a title and an abstract. Preliminary information on both events is available at the SuitsandSpooks.com website.

Add to Cart View detail

Dr. David Kilcullen: Speaking at Suits and Spooks NY on feral cities and other physical and digital stressors

I recently heard Dave Kilcullen speak at the Google INFO Summit on illicit trafficking during the summer of 2012 and ever since then I've been trying to find a way to bring his experience and novel insight into conflict mechanics to a Suits and Spooks conference.

Today, I'm extremely pleased to announce that Dave will be speaking at Suits and Spooks New York on the topic "Out of the Mountains: a future of feral cities, urban systems under stress, and increasing overlaps between the real and virtual worlds."

Dave will also be included on a panel that I'll be moderating with Jonathan Hutson of the Satellite Sentinel Project, retired Navy SEAL Thomas Dzieran, Aaron Weisburd of Internet Haganah and John Scott-Railton of Citizen Lab.

Attendees will have an opportunity to purchase a signed copy of Dave's new book "Out of the Mountains":

"In his third book, David Kilcullen takes us out of the mountains: away from the remote, rural guerrilla warfare of Afghanistan, and into the marginalized slums and complex security threats of the world’s coastal cities, where almost 75 per cent of us will be living by mid-century. Scrutinizing major environmental trends — population growth, coastal urbanization, and increasing digital connectivity-- he projects a future of feral cities, urban systems under stress, and increasing overlaps between crime and war, internal and external threats, and the real and virtual worlds. Informed by Kilcullen’s own fieldwork in the Caribbean, Somalia, the Middle East and Afghanistan, and that of his field research teams in cities in Central America and Africa, Out of the Mountains presents detailed, on-the-ground accounts of the new faces of modern conflict –– from the 2008 Mumbai terrorist attacks, to transnational drug networks, local street gangs, and the uprisings of the Arab Spring."

 We have only 18 seats remaining so register today and don't miss this extraordinary conference where both the speakers and the attendees engage in discussions in the private, exclusive setting of Soho House NYC on October 5-6, 2013.

Add to Cart View detail

Russian Institute Solicits Foreign Companies But Masks Ties with Russia's Defense Ministry

My company recently published a report which discovered that aerospace companies with joint ventures in Russia and China are hacked 2.4 times more often than those companies who don't. However, hacking a network is small potatoes when compared with the amount of intellectual property that is transferred in other ways.

One of the more surprising discoveries that we made while researching that report had to do with a Russian institute that was set up primarily to engage foreign companies with various types of assistance: the Research Institute of Mathematic Modeling and Intelligent Control Systems. This institute is a part of St. Petersburg State Polytechnical University's Institute of International Educational Programs. The website is in English and is not listed on SPSPU's Russian home page so it's entire focus is foreign-based. 

It conducts applied research in the following areas:

• Distributed industrial controllers networks for decentralized control of distributed objects and technological processes
• Intelligent multi-agent based control of android robots and cooperative behavior of robots network 
• Numerical modeling of external and internal flows aimed at dragand noise reduction
• Computation of vortical flows and wakes aimed at enhancement of safety in air and ground transportation 
• Numerical analysis of stress/strain distributions in the real world industrial objects, in particular for those working in the extreme conditions
• Numerical non-linear analysis of visco-elasticity, contact interaction, large deformations
• Seismic analysis, simulation of crash-tests, modeling of nucleation and propagation of damage
• Computation of cooling of electronic devices, heating and air-conditioning systems >> Development of graphic user interface to control virtual objects 
• Polygonal and NURBS-modeling

A few of the U.S. companies who work with RIMMICS include Boeing and GE. Foreign companies include EADS, Airbus, SAP, LG electronics and Bombardier. I wonder how many of those companies know that RIMMICS also provides avionics services, among others, for the Russian Ministry of Defense because it's not disclosed anywhere on the website.

More information on RIMMICS and other surprises that we've uncovered when investigating foreign vendors who service key U.S. enterprises will be disclosed at our upcoming Suits and Spooks luncheon at the Ritz Carlton Tysons Corner on Sept 10, 2013. Seats are extremely limited so register today. 

Add to Cart View detail

Taking a Deep Dive into China's Cyber Threat Landscape

The cyber threat landscape is so much more complex than is commonly reported by the media, the government, and especially by information security vendors. China is no different. The goal of the Suits and Spooks conference in New York City is to begin the process of diagramming the most complete cyber threat landscape that has ever been done by bringing together 15 international authorities on different geographical regions to discuss and debate the issues.

One of our panels is "Cyber Attacks and China: Who Should Be Held Responsible", and includes:

• Joel Brenner (moderator): former National Counterintelligence Executive at the Office of the Director of National Intelligence and former Senior Counsel at the NSA
• Peiran Wang: Ph.D. candidate, The Center for Economic Law and Governance, Faculty of Law and Criminology, Vrije Universiteit Brussel 
• Peter Mattis: Editor, Jamestown Foundation China Brief 
• Mihoko Matsubara: Cybersecurity analyst at Hitachi Systems and Adjunct Fellow at Pacific CSIS
• Tom Creedon: Chief Researcher, East Asia Cyber Threat Intelligence, Verisign-iDefense
• Sheena Chestnut Greitens, Ph.D.: Fellow, Harvard’s Fairbank Center for Chinese Studies
• Roel Schouwenberg: Sr. researcher, Kaspersky Labs' Global Research and Analysis Team

In addition to serving on this panel, each of the above panel members will be giving their own talks on related subjects. A full agenda for this two day event will be published soon. In the meantime, you may want to register for this unique and important conference before it sells out.

Add to Cart View detail

Identifying Aggressors in the Global Cyber Threatscape

Independent hacker groups and cyber militias who conduct network attacks complicate international relations between governments. President Obama, at the conclusion of his historic talks with President Xi Jingping last Friday, acknowledged that the "theft of business, financial and military information ... are not issues that are unique to the U.S.-China relationship. Those are issues that are of international concern. Oftentimes it’s nonstate actors who are engaging in these issues as well.”

No nation state can be held responsible for all of the attacks emanating from their own IP addresses. Attribution remains a hard challenge, and the potential for serious miscalculations and misjudgments is high.

Since the landscape is foggy, the threat actors numerous and hard to identify, and the attacks proliferating on a daily basis, the focus of the next Suits and Spooks conference will be to identify non-state aggressors in cyberspace. About twenty speakers will present briefings over two days on hackers, citizen militias, and other non-state entities operating in the Middle East, China, Russia, Pakistan, India, Iran, Africa, South America, the United States (yes - we have non-gov threat actors domestically), and other parts of the world.

A partial list of our country experts include:

• Peter Matthis (Editor, Jamestown Foundation China Brief): China
• Peiran Wang (Ph.D. candidate, The Center for Economic Law and Governance, Faculty of Law and Criminology, Vrije Universiteit Brussel): China
• John Scott-Railton (Research Fellow at Citizen Lab, University of Toronto): Syria, Libya
• A. Aaron Weisburd (Instructor, Combating Terrorism Center at West Point; Founder, Internet Haganah): Middle East
• Sheena Chestnut Greitens, Ph.D. (Fellow, Harvard's Fairbank Center for Chinese Studies): North Korea
• Jonathan Hutson (Communications Director - Satellite Sentinel Project and The Enough Project): Africa

The venue will be in New York City at SOHO House on October 5-6, 2013. Admission will be limited to no more than 80 people so register early. Lunch will be provided on both days. If you'd like to submit a proposal for a talk, please do so by July 15, 2013.

Companies interested in sponsorship options for this event can view our prospectus on Google Drive.

The SOHO House NY Library

Registration

Super Early Bird: (June 10 - July 10): $275
Early Bird (July 11 - Aug 31): $395
Standard (Sep 1 until sold out): $625

Select One

Super Early Bird $275.00 USD Early Bird $395.00 USD Standard $625.00 USD

Add to Cart View detail

New 007-inspired logo design for Suits and Spooks

3 weeks before our 6th Suits and Spooks conference (to be held in La Jolla), I'm pleased and proud to unveil our brand new logo created by gifted artist Angela Felan. Angela also created our Chimera logo for a new intellectual property and trade secrets product that Taia Global is developing.

I hope to have some cool Tees or dress shirts in time for the La Jolla conference. Hope to see you there.

Add to Cart View detail

Boston or New York for the next Suits and Spooks?

We try to host a Suits and Spooks event in different cities (other than Washington DC which remains a constant). Our Boston attendance was quite good last year, however I've been asked several times if we'd host a Suits and Spooks in New York City. What's your preference?

Click here to take survey

Add to Cart View detail

Challenges with Threat Intelligence, Attribution, and Active Defense are on the Agenda at Suits and Spooks La Jolla

We've got a tremendous speaker line-up including John Caruthers, the head of the FBI's National Security Cyber Program at the San Diego field office, while on intelligence matters, we have RADM Andy Singer (USN ret) who, among his many accomplishments, was the Director of Intelligence for PACCOM. Lance Cottrell, the founder of Anonymizer, will speak on Operational Anonymity & Misattribution: Why you need it, how they track you, how to do it, how it fails, and best practices.

Additional topics and panels include:

• Projecting Geopolitically Relevant Cyber Hot-Spots by Ali-Reza Anghaie
• Threat Intelligence for the Enterprise on a Shoestring Budget by Shane MacDougall
• The State of National Cyber Intelligence by Troy Townsend and Jay McAllister
• HUMINT Factor: How HUMINT Influences Attribution of Threat Actors and Whether or Not It’s Necessary
• Can Data Analytics and Incident Response Scale Down? by Stephen Cobb
• Is there a place on Special Operations teams for Cyber Warriors? (Panel moderator Jim Butterworth; Speakers – Thomas Dzieran, Rob DuBois, RADM Andy Singer (USN ret))
• The importance of international collaboration in identifying and interdicting non-state hacker groups (Panel moderator Christopher Burgess; Speakers – John Caruthers, Kenneth Geers, Michael Jaeger)
• Advanced Technologies for Detecting the Insider Threat by John Sipple
• Vulnerability Disclosure and ‘Cyberwar’: The Cost of Offensive Cyber Weapons by Ryan Ellis
• Kenneth Geers: Technical expert for the “Tallinn Manual on the International Law applicable to Cyber Warfare” will speak and take questions on this very important document.

This two day conference (Saturday, June 15 and Sunday, June 16) will be held at the San Diego Marriott La Jolla hotel and consist of a combination of plenary and break-out sessions. A continental breakfast and lunch will be served on both days. Attendance will be limited to no more than 100 people to allow attendees to interact more closely with our speakers during the event.

The following Early Bird rates apply through May 10, 2013.

• Early Bird $395
• Securing our eCity Foundation member or affiliate $345
• Government/Military/Academia rate $295

Register via PayPal or by telephone (1-855-777-8242)

After May 10, our discounted rates will revert to the standard $595.

Rates

Early bird $395.00 USD Securing our eCity Foundation $345.00 USD Military/Gov/Academia $295.00 USD

Add to Cart View detail

U.S. superiority in network-centric warfighting may be in jeopardy. Join the discussion.

Network-centric Warfare has become the de facto standard for many nations, not just the U.S. Unfortunately, thanks to the exponential growth of global networks and the accompanying security vulnerabilities which seem to be infinite in number, the balance of power is no longer what it used to be and the U.S. cannot be assured of superiority in cyberspace.

Therefore, I think it's time that we had an indepth discussion on exactly how the InfoSec community can play a part in improving U.S. capabilities in Network-centric warfighting and/or U.S. covert actions rather than leaving such discussions solely to the classified world or one dominated by the Defense Industrial Base companies. As a result, I've invited 24 distinguished authorities from the DOD and the infosec world to come to San Diego and spend two days engaging in a discussion that will include the following topics, among others:

• "Operational Anonymity & Misattribution: Why you need it, how they track you, how to do it, how it fails, and best practices" - Lance Cottrell
• "Developing Offensive Cyber Tools, Techniques, and Procedures for Defending Corporate and Government Networks" - George Kurtz, Greg Hoglund, Jim Butterworth
• "Is there a place on Special Operations teams for Cyber or Information Warfare specialists?" - Thomas Dzieran, Rob DuBois, Jim Butterworth
• "Vulnerability Disclosure and ‘Cyberwar’: The Cost of Offensive Cyber Weapons" - Ryan Ellis
• Q&A with Kenneth Geers, Ph.D., Technical expert for the Tallinn Manual on the International Law applicable to Cyber Warfare
• "The Georgian Government’s cyber operation against internal political opponents" - Paul Joyal
• "The importance of international collaboration in identifying and interdicting non-state hacker groups" - Sanjay Virmani, Kenneth Geers, Michael Jaeger, Christopher Burgess
• "Projecting Geopolitically Relevant Cyber Hot-Spots" - Ali-Reza Anghaie
• "Threat Intelligence for the Enterprise on a Shoe-string Budget" - Shane MacDougall
• "Can big data and small incident response teams scale down to small and medium-sized businesses?" Steven Cobb
• "Advanced Technologies for Detecting the Insider Threat" - John Sipple
• "The State of National Cyber Intelligence" - Troy Townsend and Jay McAllister
• "All-Source Intelligence Shapes the Future of Security Operations Actions" - (to be announced)

I want to stress that while Suits and Spooks is a conference, it's not like any conference that you've attended before. We actually do have discussions because the speaker to attendee ratio is an unheard-of 1:4 or less. If you don't believe me, check out our testimonials page or ask anyone who's been to our past events.

Here's who you'll get to meet if you attend SNS La Jolla:

• Ali-Reza Anghaie: contract Security Engineer and Senior Analyst with Wikistrat
• David Burcham: President and CEO, VendorX
• Christopher Burgess: Sr. Security Consultant with Fortune 50 experience; retired national intelligence executive CIA
• Stephen Cobb: Security evangelist, ESET North America
• Chris Coleman: Vice President, LookingGlass Cyber Solutions
• Lance Cottrell: Founder / Chief Scientist of Anonymizer Inc., Chief Scientist of Ntrepid Corp.
• Robert DuBois: retired U.S. Navy SEAL, an international authority on Smart Power and the author of "Powerful Peace: A Navy SEAL's lessons on peace from a lifetime at war"
• Thomas Dzieran: retired U.S. Navy SEAL and software engineer
• Kenneth Geers, Ph.D.: U.S. Naval Criminal Investigative Service (NCIS) Cyber Subject Matter Expert
• Will Gragido: Senior Manager, RSA FirstWatch Threat Research
• Greg Hogland: Independent expert in offensive cyber strategies and tactics; former Vice President at Mantech and founder/CEO of HB Gary.
• Michael J. Jaeger (CAPT, USN): An active duty officer with the U.S. Navy Judge Advocate General's Corps
• Paul Joyal: Managing Director, NSI; Public Safety and Homeland Security Sector
• George Kurtz: Co-founder, President and CEO of Crowdstrike
• Rafal Los: Principal, Strategic Security Services, HP ESS
• Shane MacDougall: Co-founder Tactical Intelligence
• Jay McAllister: Senior Analyst, Software Engineering Institute, Carnegie Mellon University; formerly with NCIS
• Jeffrey McNeill, Ph.D.: Cyberspace Policy Analyst, STRATCOM
• John Pirc: Director, Security Intelligence, HP Security Research
• Billy Rios: Technical Director at Cylance, Inc.
• Andy Singer (USN RADM ret): Defense Intelligence Senior Leader; Deputy Director for Information Dominance Advocacy (OPNAV N2/N6)
• John Sipple: USN LT, AFRICOM J2 0166, IDC Region Wash DC
• Troy Townsend: Senior Analyst, Software Engineering Institute, Carnegie Mellon University; formerly with DIA and CYBERCOM
• Sanjay Virmani: Director, INTERPOL Digital Crime Centre; Supervisory Special Agent, FBI

Please help spread the word about this exciting and important event and join us in beautiful La Jolla on June 15-16. Register today.

Add to Cart View detail

Call for Papers: Suits and Spooks Singapore: Dec 2-3, 2013

Suits and Spooks Singapore

The Mandarin Oriental Hotel

December 2-3, 2013

Call For Papers

Taia Global's hit conference series Suits and Spooks will hold its first international conference in Singapore this December at the incredible 5 Star hotel The Mandarin Oriental Singapore. If you'd like to participate as a speaker, please send me an abstract of your proposed talk by April 30th. Some broad topics ideas include:

• Offensive and Defensive Tactics in Information Security
• Attribution Methodologies
• Vulnerabilities in Critical Infrastructure; especially in Automated Systems
• An International Look at Informatized Warfare and International Cyber Commands
• International Law and Policy as it pertains to Cyberspace
• Strategies to Reduce the Threat Landscape

Sponsorships

We're actively seeking corporate sponsors for this high profile event. Please contact me if you'd like more information. 

For More Information

Follow @SuitsandSpooks on Twitter or request to be added to our event mailing list.

Add to Cart View detail

Personal Reflections on Suits and Spooks DC 2013

Now that I've had a chance to decompress from and reflect upon the terrific Suits and Spooks DC conference last weekend, I want to share some surprising shifts in thinking that occurred for me during those two days.

The speakers were all terrific, but some topics triggered a lot of passionate debate amongst the speakers and the attendees. You can get a sense of what transpired by reading the live Twitter stream from the event. How those passions were channeled and the manner in which some speakers conducted themselves in the heat of the moment really impressed me. Keep in mind that the speaker to attendee ratio was 1:4. That's unheard of at most conferences. In fact, I don't know of another event where it's that low, which is too bad because I believe that it makes for a much more valuable experience for both the attendees and the speakers.

Some of the areas in which my thinking has shifted includes:

International Cooperation. The international speakers that I invited to attend did a phenomenal job. I particularly want to commend Marco Obiso of the ITU. He was on the receiving end of a lot of heated debate and pointed comments and parried them all without loosing his temper (I can't say the same about some of his opponents). Marco did an excellent job of explaining the ITU's sometimes controversial platform while always responding to his critics in a balanced and informed way. The lesson for me was in watching how he wants engagement while his critics don't. Obiso and the ITU came out ahead because of that. In an adversarial debate, the side which has a deep expertise and is confident in their ability to engage can do so in a balanced way. Some of the ITU opponents weren't able to do that and they lost the debate as far as I was concerned.

Kaspersky. I take a lot of shots at Eugene Kaspersky, but his employee Roel Schouwenberg did a terrific job in explaining Red October. He provided some new information - that Kaspersky's client who brought ROCRA to their attention was from the European Union. Despite Kaspersky's contractual and non-contractual relationships with the Russian government, they are the world's fourth largest security software vendor and they arguably do the best work in writing reports that describe important malware attacks. Roel will always be a welcome speaker at future Suits and Spooks events.

Hack-Back and Active Defense. Some of the speakers who favored hack-back were successful in describing scenarios that made sense and seemed possible to implement without causing unfortunate blow-back. Other speakers took "hack-back" off the table when describing other active defense practices, particularly deceptive techniques. My take-away was that active defense including hack-back could probably be implemented responsibly by a few private parties but certainly would be taken advantage of by less responsible ones so I think that law enforcement oversight is a requirement. Also, the CFAA definitely needs to be modified from its out-dated current language.

Opinions Derived From Online Interactions. One of the most refreshing things that happened to me was how much I enjoyed interacting with people whom I had previously only known online. We all form opinions about people based upon limited interactions. In today's networked world of social media, many of those opinions are formed without the benefit of personal interactions. And sometimes those opinions conflate individuals with the companies that they were formerly employed by. Last week's Suits and Spooks was a joy for me to participate in because I was newly impressed by some people who I had previously only known from the news or social media. Those newly positive impressions came about precisely because of the extended interaction (two days), low attendee:speaker ratio, and heated discussions. Just meeting someone in "real life" often isn't enough to change perceptions. Extended interaction in combination with engagements or arguments over heated issues makes all the difference.

Feedback. In closing, I'm happy to share some of the feedback that I received from speakers and attendees of Suits and Spooks DC 2013:

"SNS provides a first-class forum to openly (and professionally) debate cyber security policy issues.  Everyone benefits from hearing all sides of the issues and, correspondingly, leave with new perspectives." - Robert Bigman, former CISO, Central Intelligence Agency

"One of those rare conferences where even the speakers learn something new."
- Stewart A. Baker, former General Counsel, National Security Agency; former Ass't Secretary for Policy, Department of Homeland Security

"Suits and Spooks provided a unique forum for discussing the hard, unanswered questions with leading technical and policy experts."  - Jim Denaro, founder of CipherLaw

"SNS provided a spotlight into the evolving edge of cyber." - Greg Hoglund, former founder, CEO of HBGary, Inc.

"Suits & Spooks brought together that right mix of backgrounds that allowed for informed discussion on the challenges of employing offensive techniques in support of defensive measures.  The networking alone made this conference worth being there." - Jim Butterworth, Commercial Chief Security Officer, HBGary, Inc.

"The most interesting, provocative, lively discussion of cyber conflict issues I’ve seen. And that’s my layman’s view." - Tom Gjelton, National Public Radio journalist

If you attended SNS DC 2013 and want to send me a quote to use, please do so via Twitter or email. If you didn't attend, but you want to be informed about upcoming events, you can follow Suits and Spooks on Twitter. Our next event will be announced shortly.

Add to Cart View detail

Become a "Friend of Suits and Spooks"

Whether you"re coming to Suits and Spooks DC or not, you can become a "Friend of Suits and Spooks" and have your name or your company"s name listed on the inside cover of our program. The listing includes your company"s name, logo, tag line or description, and contact information. The cost is only $500 but you have to act fast. My deadline is Monday, Feb. 4th by 1200 EST.

Current Friends include George Washington University, Invincea, and Iron Bow. Add your name to the list today. Once you"ve paid, just send me an email with the info that you'd like to have displayed in the program. Most of our speakers and attendees are decision-makers in the public and private sector so you'll receive terrific visibility in one of the world's most unique security events.

Add to Cart View detail

Kaspersky Labs Researcher to Present Operation Red October at Suits and Spooks DC

I'm very pleased to announce that Kaspersky Labs researcher Roel Schouwenberg, a senior malware researcher with Kaspersky Lab's Global Research & Analysis Team, will be presenting at Suits and Spooks DC on February 8-9, 2013. His presentation will cover:

• Earliest variants of the malware (2007)
• Victim profiles
• C&C domains and servers
• Mobile malware components: known and unknown
• An overview of +1000 malware plugins discovered during the research
• Possible links with other campaigns

I've suggested in the past that Red October may have been run by a NATO member country, which makes it an ideal topic for the Suits and Spooks conference. I'm particularly happy that with the inclusion of Kaspersky Labs to our other international speakers, that Suits and Spooks is rapidly acquiring a global reputation as a unique, security event that's not to be missed. We are rapidly approaching standing-room only capacity so register today.

Add to Cart View detail

Meet the New Director of INTERPOL's New Digital Crime Centre

I just received confirmation that the newly appointed director of INTERPOL's new Digital Crime Centre will be attending Suits and Spooks DC on February 8-9, 2013. The time frame between his appointment and the dates of our event were too short to enable him to get clearance for his talk but he is making himself available to meet with attendees and sponsors during the event and chat informally about what INTERPOL is seeking to accomplish by standing up this new center.

If you haven't already registered to attend this event, there are still a few seats available. We also have some last minute sponsorship options available. Information on those can be obtained by emailing me. I'm looking forward to meeting everyone in DC.

Add to Cart View detail

Five Critical Panels on the Use of Offensive Tactics in Cyberspace

On February 8-9, 2013, 24 world-renowned speakers will address and interact with about 80 attendees from the public and private sectors in a beautiful conference center high above the Potomac river on some of the most important issues in cyberspace - the controversial use of offensive tactics in defending networks (i.e., Active Defense). The full agenda can be seen here, but five critical panels are as follows:

• How is Russia and Georgia engaging in Active Defense?
• Featuring Ambassador David J. Smith (ret.) and Ms. Khatuna Mshvidobadze (Georgian Security Analysis Center)
• How Duqu, Flame, Gauss, and Shamoon can be reconfigured and reused against different victims (i.e., Iran against Saudi Arabia)?
• Featuring Dr. Boldizsár “Boldi” Bencsáth (Associate Professor, Laboratory of Cryptography and Systems Security (CrySyS), Department of Telecommunications, Budapest University of Technology and Economics) and Brig. Gen. Jim Jaeger (USAF, ret), Vice President of Network Defense & Forensic Services, General Dynamics
• How Much Leeway is there in the Computer Fraud and Abuse Act and International Law for Offensive Actions in Cyberspace?
• Featuring Dr. Catherine Lotrionte (Director of the Institute for Law, Science + Global Security, Georgetown University),  Mr. Stewart A. Baker (Partner, Steptoe & Johnson), Mr. Frank J. Cilluffo, Director, Homeland Security Policy Institute at George Washington University, and Mr. Marco Obiso (Cybersecurity Coordinator, International Telecommunications Union (ITU)
• What’s the Downside of Private Sector Offensive Engagement?
• Featuring Dr. Anup Ghosh (Founder and CEO at Invincea), Mr. Jeffrey Carr (Founder and CEO, Taia Global, Inc.), Mr. David Dittrich (Chief Legal Officer, The Honeynet Project), and Mr. Robert Bigman (former CISO, Central Intelligence Agency).
• If the ITU Assumes Ownership of the Internet, How May That Impact International Offensive Cyber Operations by Nation States?
• Featuring Mr. Marco Obiso (Cybersecurity Coordinator, International Telecommunications Union (ITU), Dr. Catherine Lotrionte (Director of the Institute for Law, Science + Global Security, Georgetown University), Mr. Robert Bigman (former CISO, Central Intelligence Agency), and Brig. Gen. Jim Jaeger (USAF, ret), Vice President of Network Defense & Forensic Services, General Dynamics

There are only 28 seats remaining and the Early Bird discount expires in one week so register today to be a part of the year's most unique and informative security event - Suits and Spooks DC 2013. If your employer is interested in joining RSA and Basis Technology as a sponsor, please contact me via email for details.

Add to Cart View detail

Debate: "Private Companies Should Be Authorized To Take Measured Offensive Action Against Attackers"

On Feb. 8-9, 2013, up to 100 people including some of the world's leading experts in law, incident response, reverse-engineering and intelligence will meet in Washington DC to debate the topic: "Private Companies should be Authorized to take Measured Offensive Actions against Attackers". The list of speakers includes CrowdStrike's Dmitri Alperovich, Mandiant's Richard Bejtlich, Microsoft's Dave Aucsmith, Dambala Labs' Gunter Ollmann, CrySys Labs' Boldi Bencsath, ReVuln's Donato Ferrante, INTERPOL's new Digital Crime Center's director, the ITU's Marco Obiso, The Grugq, The Jester, and many more.

The Agenda of Suits and Spooks DC will feature the most intriguing panel discussions every held on the highly controversial issue of "striking back" at those responsible for cyber attacks as well as how offensive markets for malware are changing the world of vulnerability exploits. The second day will include breakout sessions as well as an afternoon debate between two teams consisting of 12 volunteers from our attendees along with time for research and strategizing over a working lunch.

Friday, February 8, 2013 - Waterview Conference Center

9:00am - Registration and Continental Breakfast

9:45am - Welcome and Briefing on the Day's Activities

10:00am - 12:00pm: Panel Discussion - Offensive Tactics and Takedowns by Security Vendors

Featuring Mr. Dmitri Alperovich (CTO and Co-Founder, Crowdstrike), Mr. Richard Bejtlich (CSO, Mandiant), Mr. David Aucsmith (Sr. Director, Microsoft Institute of Advanced Technologies for Governments), and Mr. Nick Selby (Police Officer, DFW Area Department of Public Safety; Partner, Enterprise Security at N4Struct, Inc.).

12:00pm - 1:00pm: How Duqu, Flame, Gauss, and Shamoon can be reconfigured and reused against different victims

Featuring Dr. Boldizsár “Boldi” Bencsáth (Associate Professor, Laboratory of Cryptography and Systems Security (CrySyS), Department of Telecommunications, Budapest University of Technology and Economics)

1:00pm - 1:45pm LUNCH (provided on-site)

1:45pm - 3:45pm: Panel Discussion - Finding Exploitable Loopholes in the Computer Fraud and Abuse Act and International Law for Offensive Actions in Cyberspace

Featuring Dr. Catherine Lotrionte (Director of the Institute for Law, Science + Global Security, Georgetown University),  Mr. Stewart A. Baker (Partner, Steptoe & Johnson), Mr. Frank J. Cilluffo, Director, Homeland Security Policy Institute at George Washington University, and Mr. Marco Obiso (Cybersecurity Coordinator, International Telecommunications Union (ITU)

3:45pm - 4:00pm BREAK

4:00pm-6:00pm: Panel Discussion - Offensive Markets for Vulnerability Research - Pros and Cons

Featuring Mr. Donato Ferrante (Co-Founder and Security Researcher, ReVuln), The Grugq (a security engineer who specializes in reverse-engineering and anti-forensics), Mr. Gunter Ollmann (Chief Technology Officer, Damballa Labs)

Saturday, February 9, 2013 - Waterview Conference Center

9:00am Continental Breakfast

9:30am Welcome and Briefing on the Day's Activities

9:45am - 10:45am (Classroom A): Calculating The Adversary's Return-On-Investment and How That Can Inform Defense

Featuring Mr. Josh Corman (Director of Security Intelligence, Akamai)  and Mr. David Etue (Vice President, Corporate Development Strategy at SafeNet)

9:45am - 10:45am: (Classroom B): (topic to be announced)

Featuring Mr. Spencer Wilcox (Lead Security Strategist and Special Assistant to the Vice President of Corporate and Information Security Services for Exelon Corporation)

9:45am - 10:45am: (Classroom C): Q&A with The Jester via IRC "Is Offense The Best Defense, and Who Should Conduct It?"

This will be a moderated discussion with The Jester via IRC chat. Attendees will be able to pass their questions to the moderator and The Jester will respond in real-time.

 10:45am - 12:45pm: What's the Downside of Private Sector Offensive Engagement?

Featuring Dr. Anup Ghosh (Founder and CEO at Invincea), Mr. Jeffrey Carr (Founder and CEO, Taia Global, Inc.), Mr. Gunter Ollmann (Chief Technology Officer, Damballa Labs), and Mr. Josh Corman (Director of Security Intelligence, Akamai)

12:45pm-2:00pm: Working Lunch

12 attendees will volunteer to debate the proposition (6 per team). The working lunch will be spent dividing into teams and assisting the debaters in preparing research and debate strategies.

2:00pm - 3:30pm: Debate the Proposition "Private Companies Should be Authorized to Take Measured Offensive Actions Against Attackers"

The debate will be judged by a panel of 5 of our speakers

3:30pm - Closing Remarks

The Waterview Conference Center is one of Washington D.C.'s most beautiful and exclusive facilities but it has a capacity of only 100 people so don't miss out. Register today and be a part of one of 2013's most important events.

We are also still looking for companies to join Basis Technology in sponsoring this important event. Please contact me for more information.

Add to Cart View detail