CONFERENCE MATERIALS HAVE BEEN UPLOADED
http://conference.hitb.org/hitbsecconf2009dubai/materials/
CONFERENCE PHOTOS HAVE BEEN RELEASED
http://photos.hackinthebox.org

KEYNOTE 2: Mark Curphey (Director, Information Security Tools Team, Microsoft Corp)

Presentation Title: Security Cogs and Levers
Presentation Abstract:

The security tools and technology available to the masses today can only be described as primitive in comparison to electronic gaming, financial investment, or medical research software. Modern massive multi-player games are built on complex physics engines that mimic real real-world movement, leverage sophisticated artificial intelligence engines that provide human-like interactions, and connect hundreds of thousands of players at a time in massively complex virtual worlds. The financial management software underpinning investment banks performs “supercrunching” calculations on datasets pulled from public and private sources and builds sophisticated prediction models from petabytes of data. Medical research systems analyze DNA for complex patterns of hereditary diseases, predicting entire populations’ hereditary probability to inherit genetic traits.

In stark contrast, the information security management programs that are supposed to protect trillions of dollars of assets, keep trade secrets safe from corporate espionage, and hide military plans from the mucky paws of global terrorists, are often powered by little more than Rub Goldberg Machines (Heath Robinson machines if you are British) fabricated from Excel spreadsheets, Word documents, home grown scripts, Post-It notes, email systems, notes on the backs of Starbucks cups, and hallway conversations. Is it any wonder we continue to see unprecedented security risk management failures and that most security officers feel they are operating in the dark? If information security is to keep pace (and it will), people, processes, and security technology will need to evolve. The Hollywood security that security professionals snigger at today needs to become a reality tomorrow.

Mark will discuss key technology trends and how they will be applied to the information security domain in the future as well as the work he is doing to turn this vision into a reality leading the tools team for Microsoft’s own corporate information security program.

About Mark

Mark graduated from Royal Holloway, University of London with a Masters degree in Information Security in the mid-nineties (as a mature student). Royal Holloway is recently famous as the cryptography school where the cryptographer Sophie Neveu was educated in the bestselling novel “The Da’Vinci Code”.

After spending several years working at investment banks in the City of London working on a variety of technical projects including PKI design, Windows NT security, policy development and single sign-on systems, he moved to Atlanta to run a consulting team performing security assessments at Internet Security Systems (now IBM). In late 2000 Mark took a job at Charles Schwab to create and manage the global software security program where he was responsible for ensuring the security of all business applications protecting over a Trillion dollars of customer investments. During this period Mark started OWASP, the Open Web Application Project.

In 2003 he then joined a small startup called Foundstone to take the experience learnt at Schwab to other Fortune 1000 companies. The company was sold to McAfee in October 2004 and Mark joined the McAfee executive team reporting directly to the President. Mark was awarded the Microsoft MVP for Visual Developer Security in 2005 for his community work in advancing the discipline of software security. In November 2006 he left Foundstone, moved back to Europe and took a year out to think seriously about the design of an information security management platform.

A year later he joined Microsoft as a product Unit Manager to make that platform a reality. He currently has a house in the UK and lives on a plane to Redmond!