Presentations and Publications

Presentations | Sample Feedback | Publications

Presentations

September 2024

“National Security Implications of Unchecked AI and the Exploitation of Personal Data: Part I“, American Bar Association National Security Law Today Podcast
“Is it possible to inject integrity into AI?” CISO Series Podcast

July 2024

“Looking BEYOND ‘Garbage In, Garbage Out’ when it comes integrity of AI systems”, Defense in Depth Podcast
“Civil Rights and Human Rights in the Age of AI”, ICON-s International Society of Public Law conference

March 2024

“Cyber Attacks, AI Weaponry, & the Future of National Security Policy”, William & Mary National Security Conference

January 2024

“When Good Data Becomes Bad“, Super Cyber Friday, CISO Series

October 2023

“The Heaviest of Burdens: Hackback”, National Security Seminar, William and Mary Law School
“I Taught DeNiro Security Theater, I Can Teach You“, CISO Series Podcast

September 2023

Cyber Security Headlines: Week in Review (September 11 – 15, 2023)
“How to Make AI Safer: the Empowering Solutions of W3C Solid”, Solid World

June 2023

“Realities of Securing Big Data in the Age of AI”, Flexology Advisory Council

June 2023

“Disinformation history and what it means for the future of AI”, Tech Discovery Conference
“Collaborating for Breakthroughs: How Corporates and Deeptech Startups Can Work Together”, Tech Discovery Conference

April 2023

“Pentesting AI: How to Hunt a Robot“, RSA SF Conference

August 2022

“Data Integrity Lights the Way: Security With the Decentralized Web“, Paul’s Security Weekly #753

April 2022

“Toward Architecture-Driven Interdisciplinary Research — Learnings from a Case Study of COVID-19 Contact Tracing Apps”, Discussant for the Data Law and AI Ethics Research Colloquium

March 2022

CISO Series Podcast
“AI: the Good, Bad and Ugly”, Technically Divided

January 2022

“The Decentralisation of the Internet“, Are You a Robot

October 2021

“Episode 51: Decentralization of the Internet”, The Data Diva Talks Privacy
“AI Auditing“, ISACA-SF Annual Conference

September 2021

Keynote: “Why Did The Driverless Car Cross The Road? To Crash on the Other Side“, Mind the Sec 2021

May 2021

“Key technology enablers for secure data sharing respectful of data sovereignty“, Big Data Value Association, Data Week 2021
“Top Seven AI Breaches: Learning to Protect Against Unsafe Learning”, RSA Conference, Virtual Experience

April 2021

“Cyber Security Headlines – Week in Review April 12-16“, Podcast

February 2021

“Ethics of the Internet”, ironically available through separated streams, Apple, Spotify, etc. created by Here the future podcast, London
“Reimagining the Internet” podcast, Institute for Digital Public Infrastructure (IDPI), Amherst
“Humanization of the Web“, Citizen D #drzavljand podcast, Slovenia

November 2020

“OWASP for AI: the Open Web AI Security Project”, OWASP OC
Panelest for “Virtual Data Privacy Conference on Pandemic Surveillance“, co-hosted by Penn State’s Institute for Computational and Data Sciences (ICDS) and Privacy Innovation Lab of Tomorrow (PILOT), Duke’s Kenan Institute for Ethics and the InternetLab in São Paulo, Brazil

October 2020

“AI Auditing”, ISACA SF Fall Conference
“Preparing for Data Decentralization and Verifiable Credentials”, ISACA SF Fall Conference
“Episode 100: Ethics/Discrimination of AI”, Hacker Valley Studio

September 2020

“Data Ethics and Innovation“, Nonconformist Innovation podcast

August 2020

“Privacy in an Internet Era”, Southeastern Association of Law Schools (SEALS)

July 2020

“Episode 22: Independent, expert fact-checking services for Coronavirus (COVID-19)”, Infotagion Podcast

June 2020

“Could Better Technology Protect Privacy when a Crisis Requires Enhanced Knowledge?”, Geotech Center, Atlantic Council
“Privacy Engineering and Privacy Tech in the COVID-19 Age“, The Rise of Privacy Tech Virtual Summit

May 2020

“Data Ethics and How to Save the Web“, CHANGEMAKERS
“Third Party Risk and COVID19“, ZeroDaysLive – Security Begins Here
POSTPONED // “High Tech Crimes of Tomorrow: New Tech, New Crimes”, 5th Annual Cyber Symposium, USAO/IIA

April 2020

“Hacking the Modern Workforce: An hour of critical thinking about managing access in a dynamic workplace“, CISO/Security Vendor Relationship Podcast
“Cleaning Those Tough to Reach Digital Identity Stains,” CISO/Security Vendor Relationship Podcast

March 2020

POSTPONED // “The Catcher in the AI: Hackers on ‘The Other Side'”, Sleuthfest
POSTPONED // “Regulating Technology: Issues and Ethics”, Panelist, Roger Mudd Center for Ethics, Washington and Lee University

February 2020

“Breaking Bad AI: Closing the Gaps Between Data Security and Science”, RSAC SF 2020
“How Biased and Malicious AI Can Do Harm“, Voice America with Rebecca Herold

December 2019

POSTPONED // “Dr. Frankenstein Got Wheels: Are we Creating Monsters or Meaningful Mobility?”, Future of AI in Automotive, VDI Wissensforum
POSTPONED // “Hype meets reality, opportunities meet ethics: Do we need a morality framework for AI enabled cars and what is really possible?”, Future of AI in Automotive, VDI Wissensforum
“Whose AIs Are On Your Data: How Web De-Centralization May Be the Civil Rights Battle of Our Time”, Hackers Next Door

November 2019

“Advances in Network Visibility”, IANS Boston
“IOT: Who Owns Device Risk Management”, IANS Boston
“Getting Control of Container Security”, IANS Boston
“Breaking a Failed Vulnerability Management Cycle”, IANS Boston
“Vendor Optimization: Thinning the Herd”, IANS Boston

October 2019

Keynote: “An Introduction to Solid”, ISACA SF Fall Conference
“Auditing AI and Things”, ISACA SF Fall Conference

September 2019

CISO Series “Defense In Depth” Podcast
GigaOm “Voices in AI” Podcast

August 2019

“AIs Wide Open – Making Bots Safer Than Completely #$%cking Unsafe“, BSidesLV

June 2019

“Getting Control of Container Security”, IANS LA
“Prioritizing Privilege Management”, IANS LA
“Cutting Through the AI/ML Vendor Hype”, IANS LA

May 2019

“How to Recruit and Retain the Best People”, IANS NYC
“Vendor Optimization: Thinning the Herd”, IANS NYC
“Getting Control of Container Security”, IANS NYC
“Breaking a Failed Vulnerability Management Cycle”, IANS NYC
“Case Study: How One Company Uses AI/ML”, IANS NYC

April 2019

“Why Privacy Matters”, 2019 Conference on the Ethics of Emerging Tech, Duke’s Kenan Institute for Ethics
“Post-Cold War Cyber Ethics”, 2019 Conference on the Ethics of Emerging Tech, Duke’s Kenan Institute for Ethics
“Machine Learning Failures“, Defense in Depth Podcast
“DevSecOps Business Cases”, IANS Toronto
“IoT: Who Owns Device Risk Management”, IANS Toronto
“Advances in Network Visibility”, IANS Toronto
“Prioritizing Privilege Management”, IANS Toronto
“Cutting Through the AI/ML Vendor Hype”, IANS Toronto

March 2019

“Top 10 Security Disasters in ML: How Laurel and Yanny Replaced Alice and Bob“, RSA Conference SF

January 2019

“Security Experts Panel – Trends of 2019“, Masters of Data Webinar

November 2018

“Cybercrime 2020: Revisiting the Future of Online Crime and Investigations“, Georgetown Law and the U.S. Department of Justice
“A Practical Guide to Endpoint Protection and UEBA”, IANS Boston
“Encryption: The Good, The Bad and The Ugly”, IANS Boston
“Securing Hybrid Clouds in a Post-CASB World”, IANS Boston
“Advantages and Risks of Containerization”, IANS Boston

October 2018

“Speak Softly and Carry a Big STIG”, MongoDB.local DC

September 2018

“Enterprise Cloud Security”, MongoDB.local Chicago

August 2018

“Hidden Hot Battle Lessons of Cold War: All Learning Models Have Flaws, Some Have Casualties”, Global Big Data Conference

July 2018

Paul’s Security Weekly Podcast

June 2018

“Enterprise Security in the Cloud“, MongoDB World

May 2018

“Security in a World of Intelligent Machines,” Private Event – Invited Lecturer
“A Practical Guide to Endpoint Protection and UEBA,” IANS LA
“Securing Hybrid Clouds in a Post-CASB World,” IANS LA
“Moving to the Cloud: What Works, What Doesn’t and What to Do About It,” IANS LA
“Prioritizing Privilege Management,” IANS LA
“Machines at Work: Engineering Safety in a Big Data World,” IANS DC

April 2018

“Machines at Work: Engineering Safety in a Big Data World,” IANS Seattle

March 2018

“Making Cloud Simpler With Security Built-in Instead of Bolt-on,” Ziff-Davis Webinar
“Managing Your Mobile Risk Future,” IANS NYC
“Encryption – The Good, the Bad and the Ugly,” IANS NYC
“Prioritizing Privilege Management,” IANS NYC
“Identity: One Cloud Control to Rule Them All,” IANS NYC

January 2018

“Unpoisoned Fruit: Seeding Trust into a Growing World of Algorithmic Warfare,” AppSecCali

November 2017

“Managing Cloud Security Design and Implementation in a Ransomware World,” MongoDB Europe

October 2017

“Safe Shipping With Big Data: Don’t Make It an Oar Deal”, ISACA-SF
“Hunting The Unknown With AI”, ISACA-SF
“Mission Possible: A DevSecOps Odyssey”, WhiteHat Security Webinar

September 2017

“CISO Roundtable on Emerging Issues: Artificial Intelligence,” IANS Philly
“Implementing Big Data and SIEM,” IANS Philly
“Cloud Access Security Brokers,” IANS Philly
“Managing Cloud Security Design and Implementation,” IANS Philly

August 2017

“Data Integrity and the Downfall of AI“, Episode 11, Digital Guardian Podcast

July 2017

“Hidden Hot Battle Lessons of Cold War: All Learning Models Have Flaws, Some Have Casualties,” BSidesLV
“Baby Got Hack Back,” BSidesLV

June 2017

“Managing Cloud Security Design and Implementation in a Ransomware World,” MongoDB World

May 2017

“DevSecOps – Security at the Speed of Innovation,” IANS Austin
“Effective Threat-Hunting Tactics and Toolkits,” IANS SF
“IDAM in the Cloud: A Strategy Session,” IANS SF
“Managing Cloud Security Design and Implementation,” IANS SF

Feb 2017

“How to Delete Data for Realz: This Presentation Will Self-Destruct In…,” RSA Conference SF

November 2016

“Smashing Machine Learning for Fun and Profit,” OWASP Orange County
“Pwning ML for Fun and Profit,” Kiwicon X

October 2016

“Active Cyber Response: Not Your Grandparent’s Self-Defense,” Privacy + Security Forum
“AI Accountability and Audits: Assessing Black Box Disasters Before They Happen,” SF-ISACA

August 2016

“Great Disasters of Machine Learning,” BSidesLV Keynote

June 2016

“Six Elements in Securing Big Data,” MapR Webcast

February 2016

“Dar-win or Lose: The Anthropology of Security Evolution,” RSA Conference SF
“Hog-tying Hackers,” SleuthFest 2016

January 2016

“Making Bones About It: Autonomous Drone Discovery of Forgotten Graves,” SF DataKind Meetup

December 2015

“Warning, Slippery Road Ahead: Preserving Privacy With Self-Driving Cars,” International VDI Conference – Automotive Big Data
“Five Steps to Safer Mobile Collaboration,” Ziff-Davis Webinar on behalf of Dropbox

November 2015

“Auditing Big Data: The Ethics of Machine Learning”, SF ISACA Fall Conference
“Securing the Internet of Things”, SF ISACA Fall Conference

August 2015

“Building Secure Clouds”, VMworld

July 2015

“Compliance and Big Data: Can They Coexist?”, IANS Webinar

May 2015

“Securing the OpenStack for Fun and Profit,” Cloud Security World 2015

April 2015

“More APT Than You Think: Data Protection at Massive Scale“, RSA Conference USA 2015
“Security Humanitarianism: Extraordinary Examples of Tech Improving Lives“, RSA Conference USA 2015
“The Insider Threat in the Cloud: The Harsh Reality in Today’s World“, RSA Conference USA 2015
“Use of Technology in Preserving and Protecting Humanity“, RSA Conference USA 2015

November 2014

“Practical Cloud Deployments and Secure OpenStack Strategies”, Fast and Secure Conference
“New Security Models for IoT”, IoT Expo
“Auditing Social Media”, ISACA Edu Panel
“Panel: Securing Mobile and BYOD”, ACSC Annual Conference

October 2014

“Babar-ians at the Gate: Data Protection at Massive Scale”, IANS Keynote
“Auditing an Internet of Things”, ISACA-SF 2014
“Auditor Tales from the Trenches of Big Data,” ISACA-SF 2014
“Realities of Securing Big Data,” 2014 CS Graduate Student Course, St. Polten
“7 Simple Ways to Deal With Serious Risks and Elephantine Security Challenges,” BlackHat EU 2014

September 2014

“Regulatory Compliant Cloud Computing and Content Distribution Networks,” IX Taller Internacional, Comision de Regulacion de Comunicaciones, Columbia
“Trusted IT: How EMC, VMware, Pivotal and RSA Together Redefine Security,” RSA Summit 2014
“The Pizza Box Zombie Mall Bank Accounts of Despair: Why CISOs Love Metaphors,” Yahoo Security Summit 2014

August 2014

“Babar-ians at the Gate: Data Protection at Massive Scale,” Blackhat USA 2014
“Role of Regulation in Protection – Continuous Diagnostic Monitoring (CDM), PCI, and more,” Blackhat Executive Summit 2014
“The Insider Threat and the Cloud: Harsh Reality in the Wake of Recent Security Breaches,” VMworld 2014
“Security Analytics: Challenges Opportunities, and New Directions,” UW CSE MSR Summer Institute

July 2014

“Cloud Trust Redefined: Eight Essential Steps in a Strong Defense,” RSA Conference Asia Pacific & Japan 2014
“How to Hadoop Without the Worry: Protecting Big Data at Scale,” RSA Conference Asia Pacific & Japan 2014
“Certificate Management in the Cloud,” BrightTALK Panel 2014

June 2014

“New Security Models for the IoT,” 1st International Internet of Things Expo at Cloud Expo
“FFIEC DDoS Guidelines for Financial Institutions: What you need to know,” Infoblox Webinar

May 2014

“Baby Got Risk: I like Big Data and I Can Not Lie,” BSidesNOLA
“Delivering Big Data, Security at Scale,” SOURCE Dublin
“Embracing a Zero Trust Security Model,” Cyphort Meetup
“Protecting Big Data at Scale,” CONFidence 2014

April 2014

“Why is Internet trust such a wicked problem?” SRII Global Conference Panel
“The unCERTanty of Attribution: Finding the Needle in the Needlestack,” Ã–sterreich Stammtisch
“Delivering Security at Big Data Scale,” SOURCE Boston
“Drone Security: 50 Ways to Lose Your Hover,” Loopcast
“Exploring the Future of HIPAA-Secure Cloud,” Digital Health Summit

March 2014

“Protecting Critical SaaS Data before It’s Too Late: Tales from the Trenches,” Forrester/Spanning Webinar

February 2014

“Securing the Big Data Ecosystem,” RSA Conference SF
“Redefining Threat and Risk Management,” Advanced Threat Protection Summit, BrightTalk

January 2014

“Data Whales and Troll Tears: Beat the Odds in InfoSec,” ShmooCon

December 2013

“Security Best Practices for Cloud IAM,” Keynote, ISACA Virtual Conference on Cloud Maturity
“Baby Got Risk: I like Big Data and I Can Not Lie,” BayThreat
“Breaches of personal data security: Causes and Consequences,” Keynote, International Forum on Personal Data Protection: IFAI (Federal Institute for Access to Information and Data Protection) Recommendations
“Extending HIPAA Compliance from EHR to Document and Data Transmissions,” Ziff-Davis Panel

November 2013

“Auditing Big Data,” Institute of Internal Auditors, Silicon Valley
“The /// of Big Data: Finding Whiro,” KiwiCon

September 2013

“Auditing Big Data for Privacy, Security and Compliance,” ISACA-SF
“#HeavyD: Stopping Malicious Attacks Against Data Mining and Machine Learning,” ISACA-SF
“Active Defense 2013,” ISACA-SF

August 2013

“Data Breach Panel,” BSidesLV

June 2013

“New Threats to Cloud Infrastructure and Big Data,” RSA Conference Asia Pacific 2013

May 2013

“Big Data Security: Emerging Threats and How to Predict Them,” SOURCE Dublin

March 2013

“Is it Whack to Hack Back a Persistent Attack?” Panel with Trend Micro and CrowdStrike, 2013 RSA Conference, San Francisco
“Big Data, Pirates and Bourbon: Secure All the Things,” b:Secure Conference, Mexico City

February 2013

“Putting Security First â€“ DNP episode 27,” digitalnibbles Podcast with Reuven Cohen and Allyson Klein
“Real-time security analytics: catching cyber criminals before it’s too late,” GigaOM Analyst Roundtable with Click Security
“Big Data Calls for Big Security!” The 14th Annual Privacy and Security Conference, Victoria, BC
“The Effective Use of Big Data in Security Analytics,” The 14th Annual Privacy and Security Conference, Victoria, BC
“Legal and Technical Issues of Forensics in the Cloud: How to Prepare,” 2013 RSA Conference, San Francisco
“Big Data, Pirates and Bourbon: Secure All the Things,” 2013 RSA Conference, San Francisco

January 2013

“Big Data Risk,” Panel with Symantec, NetApp and Astute at ViaWest

December 2012

“Defending the Virtual Environment,” Hands-on Workshop, CONSEGI
“Cyberfall: Active Defense 2012,” CONSEGI
“Hybrid Cloud Identity Management,” GigaOM Pro Webinar with Ping Identity

November 2012

“Accidents happen: backing up your business in the cloud,” GigaOM Pro Panel with Spanning
“The Loch Ness Monster (Big Data Security),” Intel Security Conference

October 2012

“Hacking Back In Self-Defense: How Can I Do It Legally?” Hacker Halted 2012
“Active Defense/Response (Hacking Back in Self-Defense): Not Just a Theory, But Here is How it Will Work,” ISSA International Conference
“Auditing and Assurance in the Cloud,” ISACA-SF
“In(sta)Security: Managing the BYOD Risk,” ISACA-SF
“Keynote” Dubex Security & Risk Management Summit
“vSphere Hardening to Achieve Regulatory Compliance: Better, Faster, Stronger,” VMworld Europe 2012
“Securing the Virtual Environment: Defending the Enterprise Against Attack,” VMworld Europe 2012
“Encryption for Clouds,” RSA Europe 2012
Interview of Bruce Schneier on his new book “Liars and Outliers: Enabling the Trust that Society Needs to Thrive” in the Author’s Studio, RSA Europe 2012
Interviewed by Bruce Schneier on our new book “Securing the Virtual Environment: How to Defend the Enterprise Against Attack” in the Author’s Studio, RSA Europe 2012
“Active Defense: How to Counter Your Attackers,” RSA Europe 2012

September 2012

“Securing the Virtual Environment: Defending the Enterprise Against Attack,” UNITED Security Summit
“BYOD everywhere: Unknown isn’t always a threat,” GigaOM Mobilize

August 2012

“Top 5 Considerations for Website Vulnerability Assessments,â€ Ziff Davis/Symantec Webinar
“Mind The Gap: Making PCI Compliance Reality Through Predictive Network Modeling and Visualization,â€ RedSeal Networks Webinar
“vSphere Hardening to Achieve Regulatory Compliance: Better, Faster, Stronger,” VMworld US 2012
“Securing a Virtualized PCI Environment Using vShield and vCenter Configuration Manager,” VMworld US 2012
“Securing the Virtual Environment: Defending the Enterprise Against Attack,” VMworld US 2012
“Encrypt Your Cloud,” RSA China 2012
“Message in a Bottle: Finding Hope in a Sea of Security Breach Data,” RSA China 2012
“Encryption for Clouds,” RSA Europe 2012 Podcast

July 2012

“Big Data’s Fourth V: or Why We’ll Never Find the Loch Ness Monster,” BSidesLV 2012
“Preparing Your Presentation for RSAÂ® Conference China 2012,” RSA Conference Webinar

June 2012

“PCI Compliance in Virtual Environments – QSA Primer,” VMware Webinar
“#87 – Virtualization Security Roundtable,” The Virtualization Practice

May 2012

“Key Steps to an Airtight Vulnerability Assessment,” Verisign/Ziff Davis Webinar
“Virtualization Compliance and PCI DSS v2: QSA Roundtable with IOActive and K3DES,” VMware Webinar

April 2012

“Provider Controls: Why the Big Secret?” SearchCompliance Virtual Seminar on Overcoming Cloud Security Barriers
“Message in a Bottle – Finding Hope in a Sea of Security Breach Data”, 2012 RSA Conference Webcast

March 2012

“Big Data Security, Big Challenges: Start Here”: A Chat with Dave Asprey, VP Cloud Security at Trend Micro, Structure:Data 2012
“Data Protection in the Cloud”, TechTarget Webcast

February 2012

Interview of Bruce Schneier on his new book “Liars and Outliers: Enabling the Trust that Society Needs to Thrive” in the Author’s Studio, 2012 RSA Conference, San Francisco
“Message in a Bottle – Finding Hope in a Sea of Security Breach Data”, 2012 RSA Conference, San Francisco
“Lightning Round: Data Confidentiality and Integrity in the Cloud”, 2012 RSA Conference, San Francisco
“Compliance Audit Validated Industry Specific Architectures”, VMware Partner Exchange
“Achieving a Trusted Cloud â€“ vCM, VIN, vShield Technical Overview”, VMware Partner Exchange

January 2012

“Message in a Bottle – Finding Hope in a Sea of Security Breach Data”, 2012 RSA Conference Podcast

December 2011

“Sharpening the Axe: How to Chop Down a Cloud”, BayThreat

November 2011

“Cooking Security into the Cloud”, RSA Conference CHINA 2011
“Risks and Controls in Cloud Computing”, SF ISACA Fall Conference

October 2011

“Penetration Testing the Cloud”, VMworld Europe 2011
“Customer Panel: Ensuring Compliance in a Virtual World”, VMworld Europe 2011
“Everything You Wanted to Know About Virtual Compliance (But Were Afraid to Ask)”, RSA Conference Europe 2011
“A QSA Perspective on Cloud Compliance”, The Virtualization Practice Podcast
“Staying compliant in the cloud”, SearchCloudComputing Podcast

September 2011

“Future Trends in Cloud Forensics”, High Technology Crime Investigation Association (HTCIA) International Conference
“Everything You Wanted to Know About Virtual Compliance (But Were Afraid to Ask)”, RSA Conference Europe 2011 Podcast

August 2011

“Penetration Testing the Cloud”, VMworld USA 2011
“PCI-DSS Compliant Cloud – Design and Architecture Best Practices”, VMworld USA 2011
“2011: A Cloud Odyssey”, BSidesLV 2011
Dynamic Protection from Security Threats with the Cloud, IBM Webcast
Security in the Cloud: Data Sovereignty, Open Source and Multi-Tenancy, Focus Roundtable

June 2011

“FISMA Clouds in 2011: Fact or Fiction?”, Focus Roundtable

May 2011

“Security & Compliance Issues”, CloudCamp, Silicon Valley
“Compliance in the Cloud – Unfiltered and Unplugged”, Interop

April 2011

“Cloud Security”, Episode 11 of Cloud Cover TV

March 2011

“Cloud Computing: A Multi-Disciplinary View from Technology, Business and Law”, IEEE, Riverbed, Santa Clara University School of Engineering and Leavey School of Business

February 2011

“Cloud Investigations and Forensics”, 2011 RSA Conference, San Francisco
“Dr Stuxlove: or How I Learned to Stop Worrying and Love the Worm“, BSidesSF 2011
Virtualization Security Podcast, The Virtualization Practice

January 2011

“vCloud Engineering Update: Monitoring and Logs”, VMware/LogLogic Kickoff

December 2010

“Cloud Investigations and Forensics”, RSA Podcast
“All Clouds Love Logs. Yes, Logs”, BayThreat, Hacker Dojo

November 2010

“PCI Compliance and Virtualization“, HyTrust/Cisco/VMware/Savvis Webinar
“Compliance in the Cloud”, Cloud Computing Expo

October 2010

“Top Ten Breaches”, 2010 RSA Conference: Europe
“Compliance in the Cloud”, 2010 SF ISACA Fall Conference
“Cloud Investigations and Forensics”, CSI Annual Conference
“Identity and Access Management for PCI Compliance”, Courion Webinar

September 2010

“Forensics and Investigations in the Cloud”, High Technology Crime Investigation Association International Conference
“Anatomy of a Breach: Critical Infrastructure”, High Technology Crime Investigation Association International Conference
“No Patch for Social Engineering”, High Technology Crime Investigation Association International Conference

August 2010

“Cloud Investigations and Forensics”, International Conference on Free and Open Source Software and eGovernment (CONSEGI) 2010
“Compliance in the Cloud: Managing Risks and Addressing Concerns”, VMworld 2010

July 2010

“Telephone Entrance System Vulnerabilities”, Security BSides
“Current Top Threats”, UC Berkeley School of Information
“Easy Hacks to Telephone Keypad Entry Systems“, The Next HOPE

June 2010

“Cloudy with a Chance of Security” (video), Security BSides
“Segmentation for PCI Compliance”, Crossbeam Seattle Executive Briefing

April 2010

“Top 10 Security Breaches”, RSA Conference Webcast
“Segmentation for PCI Compliance”, Crossbeam San Francisco Executive Briefing

March 2010

“Top 10 Security Breaches”, RSA Conference
“There’s No Patch for Social Engineering”, RSA Conference

January 2010

“There’s No Patch for Social Engineering”, RSA Conference Podcast

September 2009

“Compliance in the Cloud“, SF ISACA Fall Conference

June, 2009

“Has HIPAA gone HITECH?”, ArcSight Webinar
“Top 10 Ways to Ensure Your Security Operation Center Fails”, SC Magazine Webinar
“Is your contractor a crook?”, ArcSight PodCast

May 2009

“Top 10 Security Breaches”, ArcSight Webinar
“Automation for SOX and NERC Compliance”, ArcSight Webinar

April 2009

Top Threats to Personally Identifiable Information, SafeNet Presentation, RSA Conference
“Top 10 Security Breaches”, ArcSight Webinar
“Breach Lessons: Kaiser Health Records and Octomom”, ArcSight PodCast
“Addressing HIPAA & Implications of 201 CMR 17.00”, Massachusetts Health Data Consortium
“Addressing Basel II Requirements with SIEM”, ArcSight Webinar

March 2009

“Cyber Security and NERC CIP 002 to 009”, ArcSight PodCast
“Breach Lessons: RBS WorldPay”, ArcSight PodCast
“PCI Compliance and Beyond – The Lessons of Data Breaches”, Qualys, VeriSign and ArcSight Executive Roundtable
“Eight Steps to NERC CIP CyberSecurity Compliance”, ArcSight and CoalFire Webinar
“Top 10 Security Breaches”, WhiteHatWorld Webinar

February 2009

“Addressing HIPAA & Implications of 201 CMR 17.00”, ArcSight Webinar
PCI Panel, SecureWorld
“Powerful Cyber Security Lessons: A cost-effective approach to NERC compliance”, ArcSight Webinar
“Five Compliance and Security Lessons You Can Learn from Recent HIPAA-Related Incidents”, ArcSight Webinar

January 2009

“Addressing Multiple Regulations with a Broad Set of Compliance Controls”, ArcSight Webinar

2008

“Cyber Security Solutions for NERC CIP-002 to CIP-009”, ArcSight Webinar, December 2008
“Data Security – DLP, Encryption, Mobile Devices”, CSI 2008: Security Reconsidered, November 2008
“SIEM: The Next Generation of Security & Compliance Monitoring”, INTERFACE 2008, November 2008
“Are You Ready for the Red Flags Rule?”, ArcSight Webinar, October 2008
“Log Management, Identities and PCI DSS 1.2”, ArcSight Webinar, October 2008
“Compliance Panel”, IEEE Key Management Summit, September 2008
“Applying Security and Compliance in Tandem”, Protect 08: Connect the Dots, September 2008
“Monitoring PCI Compliance”, Protect 08: Connect the Dots, September 2008
“Integrating SIEM and Identity Monitoring Solutions”, Bell-Canada Security Solutions Rendez-Vous, June 2008
“PCI Compliance”, Bell-Canada Dinner, June 2008
“Securing the Mobile and Remote Workforce”, RSA Conference, April 2008

2007 and earlier

“False Voices: the Impact of Culture on Information Security”, Central States Anthropological Society (CSAS) Meetings, April 2007
“False Harmony: Racial, Ethnic, and Religious Stereotypes on the Internet”, National Association for Ethnic Studies (NAES) Conference, November 2006
“Maintaining Your Organization’s Privacy”, Las Positas Chapter of the International Association of Administrative Professionals (IAAP), July 2006
“Maintaining Your Organization’s Privacy”, Annual Education Forum for the International Association of Administrative Professionals (IAAP), June 2006
“Manage Identities and Keys for the Retail Risk Model”, Retail Security Forum, November 2005
“Retailer Panel — More than One Way to Safety: Practitioners Discuss Their Methodology”, Retail Security Forum, November 2005
“Urgent/Confidential — An Appeal for your Serious and Religious Assistance”, Central States Anthropological Society (CSAS) Meetings, April 2004
“How to Build your own Information Security Assessment Practice”, Secure IT Conference, April 2004
“A Practical Approach to Implementing ISO/IEC 17799”, Secure IT Conference, April 2004
“Auditing Technology for Sarbanes-Oxley Compliance” San Jose State University, Information Systems Audit and Control Association (ISACA) Club, August 2003
“Should the Government Regulate Corporate Security?” Lighthouse Venture Forum breakfast discussion, June 2003
“Urgent/Confidential — An Appeal for your Serious and Religious Assistance”, National Association for Ethnic Studies (NAES) Conference, April 2003
“Secure Software Distribution”, Microsoft Certified Professional (MCP) TechMentor Summit on Security, July 2002
“Auditing Windows 2000”, Silicon Valley Information Systems Audit and Control Association (ISACA) Chapter Meeting, December 2002
“Shintiri: The Secret Language of the Comoros”, Central States Anthropological Society (CSAS), 1984

Publications

Unfortunately I have not been able to keep up this manual list of publications and articles I contribute to, edit and author…a search may be the best bet going forward. For example: “Can Code Catch Corruption” in Forbes 4/25/2014 and “Heartbleed Bug” on ABC Local News 4/12/2014, found by searching for me by name.
eBook: “Cloud Computing Infrastructure: 2012 and Beyond,” GigaOM Pro, June 2012
Reference: “The Risks and Benefits of Allowing Employee-Owned Devices,” ComplianceWeek, June, 2012
Article: “Maintaining Compliance in the Cloud,” TechTarget, May 2012

Book: Securing the Virtual Environment: How to Defend the Enterprise Against Attack (with DVD), Wiley, May 2012
Article: “New Ways to Keep Hackers Out of Your Business“, Inc. Magazine, November 2011
Standard: X9F4 – Cryptographic Protocols and Application Security / X9.125 Cloud
Article: “Amazon GovCloud lurches toward private vs. public cloud“, SearchCloudComputing.com, August 2011
Standard: Distributed Management Task Force, Cloud Audit Data Federation
Standard: “Information Supplement: PCI DSS Virtualization Guidelines v2.0“, Virtualization Special Interests Group (SIG), Payment Card Industry (PCI) Security Standards Council (SSC), June 2011
Reference: “Expert cites new hack tactic in Michaels data breach“, Reuters, June 2011
White Paper: 5 Mistakes Auditing Virtual Environments (You Don’t Want to Make), HyTrust/K3DES, June 2011
Standard: Study Group Report on Cloud Computing, ISO/IEC JTC 1 SC38 SGCC, January 2011
White Paper: PCI DSS Compliance, AT&T Wireless Services/K3DES, March 2011
White Paper: PCI-Compliant Cloud Reference Architecture, HyTrust/Cisco/Savvis/VMware, November 2010
Standard: Consensus Assessments Initiative Questionnaire, Cloud Security Alliance, October, 2010
Reference: VMware working to boost security compliance features in vCloud Director, Security AU News, September 2010
Reference: “Especialista fala sobre forense computacional no Consegi”, CONSEGI Noticias, August 2010
White Paper: Remote Communications and the Latest Threats, BlackHat Conference, NCP Secure Communications, July 2010
Reference: “Experts say research into Nigerian 419 scam e-mails could lead to improved anti-phishing technologies, most messages not actually from Africa”, Kansas State University Press Release, April 2010
White Paper:Virtualization and the Sarbanes-Oxley Act, HyTrust, April 2010
Video: “State of Cybercrime”, ArcSight, October 2009
Standard: “Protection of Sensitive Data from Device to Acquirer”, ASC X9 Committee — ANSI (American National Standards Institute) accredited standards developing organization, September 2009
White Paper: “Defeat Cyber Threats & Risks”, ArcSight, July 2009
White Paper: NERC Cybersecurity Solutions for CIP-002 to CIP-009, ArcSight, June 2009
Article: “How to Identify the Source of Threats”, Channel World India, May 2009
“Internet security problems have an upside for Silicon Valley” (contributor), Mercury News, May 2009
Article: “Identifying the source of corporate threats”, ComputerWorld, April 2009
Article: “Identifying the source of corporate threats”, CIO, April 2009
Article: “Identifying the source of corporate threats”, Insider Threat, Network World, April 2009
White Paper: “Addressing Basel II Requirements”, ArcSight, March 2009
White Paper: “Healthcare Security Oversight for HIPAA Audit and Compliance”, ArcSight, February 2009
White Paper: “Addressing Red Flag Requirements – Using SIEM to Implement Compliance Monitoring”, ArcSight, November 2008
Standard: Symmetric Key Services Markup Language, OASIS Encryption Key Management Infrastructure Technical Committee, July 2008
Article: “GLBA Compliance: Tips for Building a Successful Program”, BankInfoSecurity, July 2008
Article: “On the tracks of medical data: Electronic records pressure”, SC Magazine, June 2008
Article: “Log management as a tool against insider threats”, Insider Threat, Network World, May 2008
Paper: “Urgent/Confidentialâ€“An Appeal for Your Serious and Religious Assistance: The Linguistic Anthropology of ‘African’ Scam Letters”
US Patent: Mobile Device Authentication, November 2006
Reference: “Firewalls are not enough”, Chain Store Age, December 2005
White Paper: “A Comparative Analysis of x86 Operating System Security”, Intel Corporation, 2001
Hardening Guide: “Securing Linux: Step-by-Step”, SANS Institute, 2000
Electronic Poetry Review (EPR), 1996 to present.
Research assistance to Sanford Schram, “Postmodern Policy Analysis: Discourse and identity in welfare policy”, 1993.
Ottenheimer, Davi and Jeremy Allaire. “The Public Domain: International Human Rights Newsletter”, St. Paul, Minnesota, 1992.
Ottenheimer, Harriet, Afan Ottenheimer and Davi Ottenheimer. “Shintiri: The secret language of the Comoro Islands.” Papers from the 1985 Mid-America Linguistics Conference, Manhattan, KS: Department of Speech, Kansas State University, 181-188, 1986. (Re-published in the “Workbook/Reader for Anthropology of Language”, 2005)

Sample Feedback

VMworld Conference 2011 LV: Penetration Testing the Cloud

“Excellent! Similar sessions needed,there’s a lot to cover!”
“Need more like this.”
“Great material, a lot too look into after session.”
“The instructor exceeded my expectations. His knowledge of the subject was deep and his passion for it also showed. Great stuff!”
“Excellent material. Speaker researched and developed the information exceptionally well. Extremely well presented.”
“This had to be one of the best sessions I have had at VMworld.”
“Very useful and applicable to my current situation.”
“This guy was an awesome speaker.”
“Great speaker – good use of real world examples / humor. Kept crowd engaged”
“Great speaker. Good insights. Need more speakers with this kind of technical content.”
“OVERALL AVERAGE: 4.63”

VMworld Conference 2010 SF: Compliance in the Cloud

“Davi’s talk on compliance is a disguise; it’s a fantastic talk on (security) quality & managing risk from an audit perspective #VMworld” — @Beaker (Christopher Hoff)
“Great session, incredibly valuable. The speaker did a very impressive job.”
“This was one of the better classes.”
“OVERALL AVERAGE: 4.23- highest score in [cloud] track!!!”

RSA Conference 2010: Top 10 Security Breaches

The Webcast was excellent and I would like to direct several colleagues to sign up and watch it. One of the best I have seen in a long time.
Best presentation of the day!
Excellent info.
Good content.
Great material.
Very relevant.
Best yet. Tells the story. Very effective.
Excellent and engaging – delivered exchanged info in highly engaging and funny manner.
Excellent, engaging speaker. One of the best I’ve heard.
Excellent.
Great speaker.

flyingpenguin

Presentations and Publications

the poetry of information security