NCC Group is co-hosting its next security event with Pinterest in San Francisco. Join us at Pinterest HQ for an evening of talks and refreshments about the latest in security trends and topics.

You’ll hear from different thought leaders in the security community as they give insight into TLS 1.3 challenges and deployment, how the Federal Trade Commission is working on protecting privacy, and how you just might be the best tool in an information security program.

Event Details:

5:30 PM Doors open for registration

6:00 PM Presentations begin

Pinterest does not have parking lots, however there is metered street parking and parking lots. We recommend taking public transportation, as the SOMA offices are near Caltrain and Powell BART station

Food and drinks will be provided

ID WILL BE REQUIRED for alcoholic beverages





SPEAKER - Nick Sullivan, Head of Cryptography at Cloudflare

TALK TITLE - TLS 1.3

ABSTRACT - The protocol that protects most of the Internet secure connections is getting the biggest ever revamp, and is losing a round-trip. We will explore differences between TLS 1.3 and previous versions, focusing on the security improvements of the new protocol as well as some of the challenges we face around securely implementing new features such as 0-RTT resumption. At Cloudflare we will be the first to deploy TLS 1.3 on a wide scale, and we’ll be able to discuss the insights we gained while implementing and deploying this protocol as well as challenges to the broader ecosystem of encryption on the web.

BIO - Nick Sullivan is a leading cryptography and security technologist. As Head of Cryptography at Cloudflare, a top Internet performance and security company, he is responsible for overseeing all cryptographic products and strategy. He was instrumental in building Cloudflare’s security engineering team and led major projects including as Keyless SSL and TLS 1.3. Prior to joining Cloudflare, he was a digital rights management pioneer, helping build and secure Apple’s multi-billion dollar iTunes store. He holds an MSc in Cryptography, is the author of more than a dozen computer security patents, and regularly speaks at major security conferences.





SPEAKER - Whitney B. Merrill, Attorney, Federal Trade Commission

TALK TITLE - An Overview of FTC Law



ABSTRACT - The Federal Trade Commission a law enforcement agency tasked with protecting consumers from unfair and deceptive practices. This talk will provide an overview of FTC law, as the leading enforcer of privacy and data security, discuss interesting cases, and discuss initiatives at the FTC like Start with Security, OTECH, and the IoT Home Inspector Challenge.

BIO - Whitney Merrill is an attorney at the Federal Trade Commission. She works on a variety of consumer protection matters including data security, privacy, and deceptive marketing and advertising. Whitney received her master’s degree in Computer Science from the University of Illinois at Urbana-Champaign and her J.D. from the University of Illinois College of Law, where she explored issues associated with the intersection of technology, information security, privacy, and the law. Recently, she received the 2017 Women in Security Award at RSA and was recognized named one of the 2017 Top Women in Cybersecurity by CyberScoop.



During her time at UIUC, she was Managing Editor of the Illinois Law Review, an Illinois Cyber Security Scholar, and member of the Illinois Security Lab. Her research was published last year in the Network and Distributed System Security Symposium (NDSS). Whitney also runs the Crypto & Privacy Village, which appears at DEF CON & other conferences each year.







SPEAKER - Damon Small, Technical Director at NCC Group



TALK TITLE - Layer 8 and Why People Are the Most Important Security Tool



ABSTRACT - People are the cause of many security problems, but people are also the most effective resource for combating them. Technology is critical, but without trained professionals, it is ineffective. In the context two case studies, the presenter will describe specific instances where human creativity and skill overcame technical deficiencies. The presenter believes this topic to be particularly relevant for “blue teamers” who often must defend their organization’s’ information assets under less-than-ideal circumstances.

Technical details will include the specific tools used, screenshots of captured data, and analysis of the malware and the malicious user’s activity. The goal of the presentation is show the importance of technical ability and critical thinking, and to demonstrate that skilled people are the most important tool in an information security program.

Several technological challenges conspired against the team during these incidents. Using both commercial and freely obtainable tools the team was able to overcome these obstacles in a resourceful and cost-efficient manner. The analysts’ actions demonstrate that problems can be solved creatively using limited resources. While companies must regularly evaluate commercial products, properly trained personnel can be more valuable to an organization than any hardware or software device.

BIO - Damon Small began his career studying music at Louisiana State University. Pursuing the changing job market, he took advantage of computer skills learned in the LSU recording studio to become a systems administrator in the mid 1990s. Over the past 16 years as a security professional he has supported infosec initiatives in the healthcare, defense, aerospace, and oil and gas industries. In addition to his Bachelor of Arts in Music, Damon completed the Master of Science in Information Assurance degree from Norwich University in 2005. His role as Technical Director includes working closely with NCC Group consultants and clients in delivering complex security assessments that meet varied business requirements.