Director of Assessment Services, NTT Security
Christopher Camejo is an integral part of the Consulting leadership team for NTT Com Security, a global security consulting organization. He directs NTT Com Security's assessment services including ethical hacking and compliance assessments. Mr. Camejo has over 15 years of security experience. With his background in technical assessment, he has conducted large-scale, multi-discipline penetration tests spanning multiple countries for global clients. As part of NTT Com Security's threat intelligence capabilities, Mr. Camejo follows the latest techniques of attackers and has conducted presentations on this topic at Computerworld Expo and with a United States Secret Service Electronic Crimes Task Force; has assisted in research for presentations at Black Hat Briefings; and his commentary has been featured in television and print information security news stories including CBS Evening News, NBC News, CNN Money, USA Today, CSO Magazine, Secure Computing Magazine, Network Computing Magazine, and CRN.
W06 Behind the Vulnerabilities That Get Companies Hacked
Wednesday, April 6, 2016
12:45 PM - 5:00 PM, 5 CPEs
News stories about a major data breaches have become common. The victims range from small online startups through major multinational corporations to branches of the Federal government itself. The blame gets pinned on a variety of actors including hacktivists, foreign governments, and financially motivated organized crime groups. Meanwhile IT staff are dealing with vulnerability scan and penetration test reports containing long lists of vulnerabilities with obscure names like DoS, RCE, XSS, and SQLi. We're told that these vulnerabilities make our networks and applications insecure and that they put us at risk of being the next company in the headlines but how does it all fit together and what does it really mean?
This workshop will help IT managers, development managers, and CISOs tie the alphabet soup of vulnerabilities that IT security teams warn us about to real-world risks. We will run through the most common types of vulnerabilities that appear in both commercial software and custom applications to show how each vulnerability works, what the potential consequences are, who is exploiting it in the wild, and what we can do to prevent it. We will show some real-world scenarios demonstrating how these common vulnerabilities contribute to actual breaches and the strategic steps beyond addressing individual vulnerabilities that can help limit damage from a breach. Walk-throughs will be non-technical so don't worry if you don't know how to write code or operate a command line.