Agenda

View a track to see all sessions related to that topic

*Times of sessions are subject to change

Detect & Respond

Explore approaches and technologies for monitoring operational performance, detecting suspicious activity, and responding to critical events.

Assess & Remediate

Learn the strategies and techniques you need to measure and manage your network and application security risk, from identifying vulns, to prioritizing remediation and implementing changes.

Phish, Pwn, & Pivot

Learn technical tips and tricks from the experts on how to take a proactive and adversarial approach to protecting your network, systems, and teams from attackers.

Research & Collaborate

Gain insight into Rapid7's bleeding-edge research projects, learn how you can apply them in your own enterprise, and explore the open communities that make our security intelligence truly world class.

Sept 11

9am

Pre-Conference Trainings

Learn More

Sept 12

9am

Pre-Conference Trainings

Learn More

2pm (Optional)

User Experience Focus Group

Learn More

6pm

Welcome Reception

General Session

Details Coming Soon

Speakers

Sept 13

Optional

UNITED Running Club

Learn More

Breakfast

Included with Conference Pass

9am

Welcome Remarks

General Session

Show Details

Speakers

Corey Thomas

President & CEO, Rapid7

Read Bio

9:30am

Opening Keynote - Nicholas Negroponte

General Session

Show Details

Speakers

Nicholas Negroponte

Co-Founder, MIT Media Lab

Read Bio

Break

Optional:

1-to-1 Tech Expert Sessions

Offerings, support, Q&A

Learn More

Customer Engagement

Rapid7 Voice Program

Learn More

Capture the Flag

Metasploitable CTF

Learn More

IoT Labs

Live Hacking Demo

Learn More

11am

What Is Customer Centered Innovation, and Why Is It Integral to the Future of Tech?

General Session

Show Details

Join Rapid7 Chief Product Officer Lee Weiner and Senior Vice President of Customer Success Stephanie Furfaro to get an insiders’ view of how listening to our customers shapes our technology and services—and more importantly—how it makes them (even more) successful.

Speakers

Lee Weiner

Chief Product Officer, Rapid7

Read Bio

Stephanie Furfaro

Senior Vice President, Customer Success & Sales Strategy, Rapid7

Read Bio

12pm

Rapid7 UNITED Customer Awards

Learn More

Lunch

Optional:

1-to-1 Tech Expert Sessions

Offerings, support, Q&A

Learn More

Customer Engagement

Rapid7 Voice Program

Learn More

Capture the Flag

Metasploitable CTF

Learn More

IoT Labs

Live Hacking Demo

Learn More

1:15pm

War Stories: Battle of the Breach

Detect & Respond

Show Details

While they sound more like the evil monster in a classic fairy tale than something your IT and security team is facing, polymorphic worms are indeed real. Of course, just one bit of evil isn’t enough for this story: enter villain number 2: simultaneously deployed RATS. This presentation will focus on how we defeated QBOT, a polymorphic worm that was used as part of a targeted attack. Jordan will also cover the common mistakes, issues, successes and failures that the Rapid7 team sees in many engagements. He’ll also highlight the other side - where consulting teams go wrong - and where they add significant value. If you want to prepare yourself to avoid common pitfalls that arise when an incident occurs, you will want to attend this session.

Speakers

Jordan Rogers

Principal Consultant, Rapid7

Read Bio

You're Always Wrong. That's Ok!

Assess & Remediate

Show Details

Working as a vulnerability manager within a global company teaches you some important lessons. Whether testing for vulnerabilities, reporting on them, assessing the latest zero day, or providing additional remediation guidance, someone will say you’re wrong. In order to be successful at vulnerability management, and cybersecurity in general, you must have the right attitude and knowledge to handle these situations. In this session, Ben will breakdown some major lessons learned in the field to help you deal with the never ending push back you receive in cybersecurity, how to get colleagues on your side, and the key lessons that can be applied to your everyday work.

Speakers

Benjamin Sondgeroth

Principal Cybersecurity Engineer, CA Technologies

Read Bio

A Hands-on Introduction to Capture the Flag (CTF) Competitions Using Metasploitable

Phish, Pwn, & Pivot

Show Details

This crash course introduction to penetration testing will take you through all the steps required for looting a box - all under the guise of friendly competition. We’ll show you how to break into the target, what to look for once you’ve gained access, and tricks to decrypting any locked files you may find. All of this will give you a head start on capturing flags in our official CTF competition hidden within Metasploitable3, our intentionally vulnerable virtual environment. If you’ve never participated in a CTF before, this is the perfect way to jump right in with a step-by-step walkthrough on capturing your first flag.

Speakers

James Barnett

Software Engineer II - Automation, Rapid7

Read Bio

Wei Chen

Senior Security Researcher, Rapid7

Read Bio

Brent Cook

Senior Engineering Manager, Software Development, Rapid7

Read Bio

CVE: Too Big To Fail

Research & Collaborate

Show Details

CVE is Cyber Critical Infrastructure. It is both too big to fail and failing. A comprehensive, timely, and accurate view of known vulnerabilities are foundational to vuln scanners, detection & prevention products, and key risk management priorities for defenders. Originally prioritizing enterprise product market share, CVE hovers at around 60% of the coverage of commercial Vuln databases (which themselves are about 80% of all known vulnerabilities). Worse, the budgets and staffing to maintain this critical infrastructure is no where near keeping pace with the rates of change in things like: the (market & adversary) shifts toward open source, increased connectivity of safety critical systems like ICS, Healthcare, and the explosive growth of IoT. Flat budgets and resourcing will not scale with dynamic growth. Very bold ideas need exploration. We will explore and visualize the current coverage challenges, explore key stresses and problem trends coming, and a few ideas about getting to something more sustainable.

Speakers

Josh Corman

Founder, I am The Cavalry | Director, Cyber Statecraft Initiative for the Atlantic Council

Read Bio

2:00pm

Containers: Our Approach to Security and Performance Monitoring

Detect & Respond

Show Details

Cloud native applications and container orchestrations tools not only change deployment artifacts but require rethinking when it comes to handling performance monitoring and vulnerability management. This talk focuses on our journey of revamping the existing Rapid7 Platform, focusing on the technical challenges as well as organizational ones. As part of this change, we'll discuss dog-fooding our own services, using InsightVM for vulnerability management and InsightOps for performance monitoring.

Speakers

Ulrich Dangel

Lead Infrastructure Architect, Rapid7

Read Bio

James Green

Director Engineering for Nexpose, Rapid7

Read Bio

Evolving Vulnerability Management for the Modern World

Assess & Remediate

Show Details

Critical business processes and applications are increasingly run in the cloud. Containerization technology is moving from development to production. Automation is quickly becoming a necessity to combat a threat landscape where exploits are widely available for attackers to weaponize. In this session, we’ll talk about the newest features available on InsightVM and Nexpose to help organizations evolve their security program for the modern world.

Speakers

Jane Man

Senior Product Manager, Rapid7

Read Bio

Ken Mizota

Product Management, Rapid7

Read Bio

Closing the Gaps in Your Apps

Phish, Pwn, & Pivot

Show Details

Today’s demand on organizations to provide the richest and most robust user experience while also being secure has dramatically shifted the way they think about Web Application Security. The changing landscape of modern applications has suffered, causing many organizations to underestimate the risks associated with doing business online. And for organizations who are aware of those risks, they are often left with accepting a more laxed or less vetted stance in security policy and practice. This talk will discuss these challenges, the ever-changing landscape of modern apps, and ways to close some of the gaps in your organization's web applications.

Speakers

Hollis Howell

Sr. Manager, Application Security Specialist, Rapid7

Read Bio

Under the Plastic Case: Embedded Hardware Exploration

Research & Collaborate

Show Details

Often the key to thorough testing of IoT requires gaining access to and extracting information from the technology. This presentation will take a deep dive into IoT technology, discussing methods for console access and data extraction, as well as some basic tools used by the trade. By disassembling and examining certain devices, we’ll cover the process required for gaining console access via Universal Asynchronous Receiver Transmitter (UART) port. We will also discuss and demo several processes around firmware extraction and examination. Attendees can expect to walk away with some general methods that can be leveraged to mitigate physical attacks against embedded devices.

Speakers

Deral Heiland

Research Leader, Global Services, Rapid7

Read Bio

Break

Optional:

1-to-1 Tech Expert Sessions

Offerings, support, Q&A

Learn More

Customer Engagement

Rapid7 Voice Program

Learn More

Capture the Flag

Metasploitable CTF

Learn More

IoT Labs

Live Hacking Demo

Learn More

3:00pm

Survival of the Fastest: Evolving Defenders with Broad Security Automation

Detect & Respond

Show Details

Security automation is nothing new to defenders: it’s been used by us for decades, but the automation that vendors sold us hasn’t been good enough to beat attackers. And with the advent of elastic, containerized, serverless microservices being continuously deployed at scale, we must implement defenses that are as hyperdynamic as the systems we’re tasked with protecting. To top it all off, there's a well-documented shortage of security staff. All of this has left us understandably jaded. But it doesn’t have to be this way! In this talk, Justin and Rebekah will cover some issues they see with security automation, ways that threat intel can help (or hurt) automation, and demo some tactics they’ve been working on to stay ahead of attackers.

Speakers

Justin Pagano

Manager, Information Security, Rapid7

Read Bio

Rebekah Brown

Threat Intelligence Leader, Rapid7

Read Bio

Keepin’ It Real: Identifying ‘Real Risk’ and Building a Threat-Centric Vulnerability Management Program

Assess & Remediate

Show Details

Hundreds of vulnerabilities (or more) are identified every month. That doesn’t include all the legacy software vulnerabilities that you know already exist in your environment. It’s a daunting task to address every issue that exists, and in some cases, it is impossible. In this presentation, we’ll discuss strategies that can be used to tackle the problem using examples of how it was done at Regions. Attendees will walk away with greater insight into vulnerability management strategies, risk management principles, and communicating with key stakeholders.

Speakers

Lora McIntosh

Vice President of Vulnerability Management, Regions Bank

Read Bio

Jarrod Petrovics

Sr. Information Security Engineer, Regions Bank

Read Bio

Gone Phishing: A Rapid7 Case Study!

Phish, Pwn, & Pivot

Show Details

Employees continue to be the weakest link in computer security—a few wayward clicks can render organizations vulnerable to external attacks, data exfiltration and more. In this session, Rapid7’s IT, infosec, and engineering teams will share their experience and insight into conducting an effective internal phishing campaign and how to use the results to improve security policies and practices. From campaign ideation to email delivery, this talk will be a tell-all tale of how we conducted a 1000-email phishing campaign—and how companies of all sizes can build smart phishing campaigns to identify internal weaknesses and out-engineer attackers.

Speakers

Leonardo Varela

Director Engineering for Metasploit and Innovation, Rapid7

Read Bio

Naveen Bibinagar

Manager of Engineering, Rapid7

Read Bio

Cybersecurity for Trade Agreements

Research & Collaborate

Show Details

Cybersecurity was not a major issue when most US trade agreements were developed, but today it has become a major economic and security force. As the US begins modernizing trade agreements – such as the current renegotiation of NAFTA – the time has come to incorporate cybersecurity industry and policy issues. This presentation will cover concrete ways free trade agreements can strengthen cybersecurity while promoting trade. The presentation will also provide a status update on US action on trade negotiations and give a broad overview of how global developments – including restrictive regulations overseas – have underscored the importance of setting positive industry norms for cybersecurity.

Speakers

Harley Geiger

Director of Public Policy, Rapid7

Read Bio

3:45pm

Monitoring, Triage and Response for revenue generating systems

Detect & Respond

Show Details

When IT outages occur, things can get chaotic. When IT outages occur in a warehouse during the holidays that leave hundreds of shift workers unable to process orders, all hell breaks loose. This talk explores the challenges and implications of anticipating and responding to critical issues when they directly impact company revenue.

Tunnel Vision: Managing Only To Compliance Costs Companies More

Assess & Remediate

Show Details

The problem with most compliance frameworks, such as PCI, is that when managed only to the line of compliance there will always be gaps in your information security positioning. The more gaps you have, the higher your risk, and the More costly it becomes to fill those gaps later. During this session, Magen will discuss the requirements of some compliance frameworks, and the gaps that occur when the sole focus is on compliance. She will also describe the gaps between compliance and information security in detail, give suggestions on how to address them, and how to plan for future risk as business grows and changes. Attendees will walk away with a solid understanding of how a more mature security posture can help make the evidence gathering process more efficient and easier to execute, as well as plan for other compliance requirements from other compliance frameworks.

Speakers

Metasploit: the New Shiny

Phish, Pwn, & Pivot

Show Details

This year, we provided a public roadmap of where Metasploit was heading. This talk is a progress report of how we did, the new shiny bits, and what is left to complete. Brent will cover new developments in the database, new ways to build modules, and improvements in payloads and user interaction.

Speakers

Brent Cook

Senior Engineering Manager, Software Development, Rapid7

Read Bio

Mostly True Stories of Open Source Security Collaboration

Research & Collaborate

Show Details

When contributing to the largest open-source Ruby project in existence, a few mishaps are bound to occur. In this 'tales from the trenches' talk, we'll explore the fun and follies of becoming a member of a geographically disperse team. Why join? We'll lay out all of the benefits to contributing for attackers, defenders, the companies they work for and with, and the world itself.

Speakers

Mike Cyr

Owner, St. Cyr Security and Metasploit Committer

Read Bio

William Vu

Security Researcher II, Rapid7

Read Bio

4:30pm

Industry Roundtables

Learn More

6:30pm

Rapid7's UNITED Dinner Reception

Learn More

Sept 14

Optional

UNITED Running Club

Learn More

Breakfast

Included with Conference Pass

9am

Adding Network Context to Vulnerability Prioritization

Partner Session

Show Details

Does this sound familiar? Too many “critical” results, new vulnerabilities, unpatched assets, and legacy systems without patches. And was your whole network scanned? Join us and learn how RedSeal and Rapid7 InsightVM help you: Prioritize vulnerabilities with network context, discover unscanned assets, contain a vulnerability with no patch.

Speakers

Kurt Van Etten

Vice President, Product Management, RedSeal

Read Bio

3 Strategies to Protect Corporate IP in the Age of Employee Churn

Partner Session

Show Details

Your business is built on data. In fact, 80% of your company value is in your intellectual property. It’s exactly this data—created by your knowledge workers—that holds the key to innovation and market advantage. But today, workers leave for new opportunities every 3-5 years—and take IPwith them. So how do organizations develop security strategies for this new age? Attend the session to learn how to combat one of the largest data security blind spots—employee behavior.

Speakers

Jen Schmitz

Senior Product Manager, Code42

Read Bio

9:45am

Fireside Chat

General Session

Show Details

Join our group of security leaders for a discussion on the future of cybersecurity.

Speakers

Jen Ellis

Vice President, Community & Public Affairs, Rapid7

Read Bio

Chris Nickerson

CEO, Lares

Read Bio

Chris Wysopal

CTO and Co-Founder, Veracode

Read Bio

Mary Beth Borgwing

MACH37 Cyber Managing Director, CompTIA Cyber Advisory Board, CyberBridge Advisory Group CEO

Read Bio

Break

Optional:

1-to-1 Tech Expert Sessions

Offerings, support, Q&A

Learn More

Customer Engagement

Rapid7 Voice Program

Learn More

Capture the Flag

Metasploitable CTF

Learn More

IoT Labs

Live Hacking Demo

Learn More

11am

Practical Strategies for Taking on the Modern Adversary

Detect & Respond

Show Details

An attackers ability to go from vulnerability to exploit is faster than ever. Is your team ready to respond to an incident quickly and efficiently? In this session, we'll go over Rapid7's approach to outpacing the modern attacker.

Speakers

Nick Davis

Technical Product Manager, InsightIDR, Rapid7

Read Bio

Puzzle Pieces: Combining Nexpose, NAC, NGFW, and UEBA for Incident Response and Audit Compliance

Assess & Remediate

Show Details

Between a sea of acronyms, ever-changing requirements, and an industry in a constant state of flux, it can be difficult to know how to fit various security-focused products and services together. Using Nexpose as a cornerstone of our information security program, this session will discuss how we satisfy state audit requirements and security framework compliance (e.g. NIST800-53, Critical Security Controls) by combining Nexpose with data from NAC, NGFW, and UEBA solutions to produce actionable intelligence and reporting. We'll discuss challenges and opportunities related to significantly expanding vulnerability scanning efforts, the Rapid7 'Health Check' service, and some of the unique issues that impact higher education.

Speakers

Sean Hagan

Chief Information Security Officer, Yavapai College

Read Bio

phishOn

Phish, Pwn, & Pivot

Show Details

Want to learn how to run an effective phishing education campaign and help reduce the risk your organization faces from one of the most prevalent threats in the wild? We will walk through the concepts, best practices, and pro-tips required to help you run an effective and impactful phishing simulation training campaign at your organization. Additionally, we'll cover the myriad of tactics attackers use to target your organization with real world examples of recent phishing attacks, their methods and consequences.

Speakers

Brian O'Neill

Senior Product Manager, Rapid7

Read Bio

David Johnson

Lead Systems Security Analyst, OGE Energy Corp

Read Bio

Data Mining the Undiscovered Country

Research & Collaborate

Show Details

Rapid7 Labs builds and maintains internet-scale active and passive telemetry platforms that enable us to ask and answer big and complex questions. Join us as we regale you with insightful tales from the remote reaches of the internet and learn how you can both use our data to defend your organizations and also become a virtual part of our research team.

Speakers

Bob Rudis

Chief Security Data Scientist, Rapid7

Read Bio

Derek Abdine

Director, R7 Labs

Read Bio

11:45am

Skin in the Game: How Security Teams are Scaling Through IT Orchestration

Detect & Respond

Show Details

It is a universal truth acknowledged that security teams have too much to do, and never enough resources to do it. Traditionally, there are tactical tasks that security organizations own, but invest far too many resources in: alert triage, managing vulnerabilities, and more. These tasks lead to alert fatigue, but worse, they suck up valuable time that security experts could be using to strategically design and improve defenses.

Automation is often an obvious solution, but why is it still so hard to implement? What if you could scale your security tasks beyond your organization and instill a sense of ownership of security posture cross-functionally? This talk will discuss how some other modern companies are scaling their security organizations using technologies like security orchestration and automation platforms.

Speakers

Jen Andre

Senior Director of Orchestration and Automation, Komand

Read Bio

Teaching a Fish to Ride a Bicycle: How to Talk to the Board about Information Security

Assess & Remediate

Show Details

As information security professionals, there are a lot of important points that need to be conveyed to executive management and the Board. Just because we know a lot about infosec doesn’t mean that the Board does, and explaining the more important facets to them can be challenging. Over time I observed a thing or two about what works (and what definitely does NOT work) and I’d like to make it a little easier by sharing some of my experiences. So if you’re curious what fish, bicycles, the banking industry, and the movie Jaws have to do with talking to the Board, feel free to drop by!

Speakers

Jim Bowker

VP, ISO, Northern Bank & Trust

Read Bio

Keeping the Pen Tester and Bad Guys Out, K.I.S.S.

Phish, Pwn, & Pivot

Show Details

Today, companies spend millions of dollars on security software and applications to protect their networks. However, when a breach occurs, it’s often done through exploiting a simple flaw in the network - one that could be fixed through simple methods and protections. Most major failures are due to improper network segmentation, bad firewall rules, bad patch management, and lack of air gapped networks. During this talk, Bo will present his findings from years of pen testing networks around the world, and the common problems found that can turn into serious attack vectors. He’ll also discuss these kinds of major network issues and the fixes needed to make your network most secure.

Speakers

Bo Weaver

Senior Penetration Tester, CompliancePoint

Read Bio

Learning to Self-Drive

Research & Collaborate

Show Details

In this talk we will be discussing the automotive journey to fully self-driving vehicles. We will discuss the different classifications of self-driving vehicles and how that relates to security. We will also do several interactive learning experiments to give you a good understanding on how you can reverse engineer CAN bus packets. We will discuss why reversing CAN packets is so important and why you see so many researchers mention CAN bus reversing. After the talk you should feel comfortable reverse engineering your own vehicle and have a better understanding for the new self-driving tech.

Speakers

Craig Smith

Research Director of Transportation Security, Rapid7

Read Bio

Lunch

Optional:

1-to-1 Tech Expert Sessions

Offerings, support, Q&A

Learn More

Customer Engagement

Rapid7 Voice Program

Learn More

Capture the Flag

Metasploitable CTF

Learn More

IoT Labs

Live Hacking Demo

Learn More

1:30pm

Pushing the Envelope with Bots & AI: Is your organization prepared?

Detect & Respond

Show Details

New emerging technologies including bots, AI, and natural language processing present opportunities for radical employee productivity — with radical security implications in tow. As your organization’s IT team plans for the immediate future, are these technologies on the roadmap? If so, how do your organization’s security and operations teams plan to prepare? This panel explores the IT, security and operational realities of driving radical productivity through new technologies.

Speakers

Rajeev Jaswal

Chief Information Officer, Rapid7

Read Bio

Josh Feinblum

Vice President, Information Security, Rapid7

Read Bio

Derek Heintz

Director of IT, Infrastructure, Rapid7

Read Bio

GDPR or GDP-argh?

Assess & Remediate

Show Details

Just like winter, the General Data Protection Regulation is coming (although not until spring of 2018 - May 25th, to be precise), and it’s coming for pretty much all of us. Whilst it’s an EU regulation, it has a much further reach than just the 28 EU member states, and non-compliance comes with some eye-watering fines. GDPR is all about protecting personal data. No matter where in the world you are based, what vertical you are in, or the size of your company - if you hold any personal data about EU citizens then GDPR applies to your organization. During this session you can learn more about what GDPR is, why it’s a Good Thing™, and how you should be preparing. Plus, as we’re in the midst of our preparations too, you’ll hear from our governance team about how we’re approaching GDPR compliance, and some of the challenges we’ve had to think through along the way.

Speakers

Sam Humphries

Senior Manager, International Solutions, Rapid7

Read Bio

Katie Ledoux

Senior Security Analyst, Rapid7

Read Bio

Hacking with Flair

Phish, Pwn, & Pivot

Show Details

Speakers

Leon Johnson

Principal Security Consultant/Manager, Rapid7

Read Bio

Half Empty, Half Full, or Half-Baked: Cyber Threat Information Exchange with the Government

Research & Collaborate

Show Details

Cyber threats are becoming more complex and increasingly treacherous; understanding them - and quickly - is critical for threat detection and response. Recent legislation has made information sharing with the government less risky, and peer-to-peer information exchanges appear to be ramping up. So why isn’t robust information sharing between the private sector and the government happening? Hear two information sharing experts—one from the private sector and the other from the government—discuss today’s information sharing challenges, bust some myths about private sector-to-government information sharing, and debate the path to making cyber threat information sharing more commonplace and meaningful.

Speakers

Rebekah Brown

Threat Intelligence Leader, Rapid7

Read Bio

Leonard Bailey

US Department of Justice

Read Bio

2:15pm

The Hidden Value in Logs: What to Look for When Choosing a Log Management Solution

Detect & Respond

Show Details

Often thought of as noisy, difficult to manage, and collected only as a requirement for compliance, log data has developed an undeserved bad reputation. In reality, choosing a log management solution based only on compliance requirements can be an opportunity lost. This talk dives into the hidden value in log data. We'll explore how a well-planned logging strategy can go a long way toward maintaining a robust, automated, and secure IT environment and discuss important considerations when choosing your next log management solution.

Speakers

Trevor Parsons

Senior Director, Log Management and Search, Rapid7

Read Bio

Mind the Gap: Going Beyond Penetration Testing to Improve Your Security Program

Assess & Remediate

Show Details

Security teams and leaders know the value of regular external and internal testing of technical controls for their organization's security program, but what about the other stuff? Subjects like IT security management, threat modeling, incident response and security architecture improvement aren't usually addressed in most penetration tests, and compliance driven audit processes rarely extend beyond the regulation or standard that is being audited.

This talk will cover a few great ways to examine, analyze, review and improve organizational and product-oriented security programs using data and experience from Rapid7's consulting teams. Drawing data and experience from penetration testing, research, incident response, and advisory services work, we'll examine common gaps in security programs, and ways of solving them using a cyclical approach to security improvement.

Speakers

Caspian Kilkelly

Program Development Consultant, Rapid7

Read Bio

Capture The Flag Closeout

Phish, Pwn, & Pivot

Show Details

Join us while we present our UNITED CTF winners with their prizes, and stick around for a town hall discussion.

Speakers

James Barnett

Software Engineer II - Automation, Rapid7

Read Bio

Wei Chen

Senior Security Researcher, Rapid7

Read Bio

Brent Cook

Senior Engineering Manager, Software Development, Rapid7

Read Bio

Zero Day Software Vulnerabilities: Deal With It

Research & Collaborate

Show Details

Software of any complexity always ships with bugs. Given our reliance on a staggeringly complex web of data and services, how do we, and how should we, deal with these security vulnerabilities when they are discovered? What are the social, legal, and ethical norms around discovering and disclosing software vulnerabilities? This session is a guided tour through the semi-secret, often misunderstood world of vulnerability research and development and how it affects your life and business.

Speakers

Tod Beardsley

Director of Research, Rapid7

Read Bio

Break

Optional:

1-to-1 Tech Expert Sessions

Offerings, support, Q&A

Learn More

Customer Engagement

Rapid7 Voice Program

Learn More

Capture the Flag

Metasploitable CTF

Learn More

IoT Labs

Live Hacking Demo

Learn More

3:15pm

Closing Keynote - Dan Geer

General Session

Show Details

Speakers

Dan Geer

Chief Information Security Officer, In-Q-Tel

Read Bio