The CFP is over for this year and the speaker lineup is ready for your reading pleasure.
Without sounding too enthusiastic for a Finn, it’s difficult not to get excited when there are entries on the agenda like the keynote from John Lambert, Distinguished Engineer and General Manager of the Microsoft Threat Intelligence Center. A seasoned t2 attendee might remember him from sparking the original inspiration behind olleB’s t2’15 talk ”If attackers think in graphs, why can’t we?”.
Looking at the schedule, it’s both refreshing and rousing to see research targeting wireless input devices and VPN clients. Both could easily be dismissed during target selection as mature technology, yet here we are. Having said that, there’s still a healthy focus on modern and up-and-coming tech in the agenda, such as using machine learning for vulndev.
Traditionally this post always ends with a gentle reminder to get your ticket early. The sales have been open for a couple of months and a good chunk of the tickets have already been sold. If you haven’t bought yours already, there’s not a better time for action than right now.
The advisory board and organizers of t2 are honored and pleased to have Halvar Flake deliver the headlining keynote for the 15th anniversary edition of the event. His speaking history with t2 starts in 2005, and Halvar is certainly recognized as one the luminaries in the field. The following teaser provides a taste of what to expect.
Risks, Damn Lies, and Probabilities
IT continues to bring pervasive change to our societies, industries, and everyday life. This transformation also brings individualized and complicated risks to individuals, companies, and to societies.
IT security is, to some extent, charged with managing these risks. But for an industry tasked with managing risk, we are pretty unstructured in thinking about risk, accounting for risk, and most of all: Holding ourselves and other tech executives accountable for estimates of risks and their probabilities.
The IT industry is often incentivized to incur risks on behalf of others – and to underestimate the actual magnitude of these risks. Customers are either not empowered or not incentivized to challenge excessively rosy risk estimates. Entire executive careers in IT are built on underestimating risks incurred for others.
This talk will cover my observations about the ways we think sloppily about risk and harm, about the IT industries’ lack of risk management for systemic risks, and some thoughts about holding IT industry executives accountable for their risk estimates and decisions.
We are extremely excited to have two excellent keynote speakers. The headlining keynote comes from none other than Halvar Flake himself, and Friday starts with a live action keynote by Viss. While we don’t officially have tracks as such, the themes revolve this year around machine learning, hardware, and vulnerability research, with a mix of exploitation and lessons learned.
It’s funny how things come together – we were never going for a classic t2 lineup, but ended up getting one nevertheless. Regular visitors and long time friends might notice that the list of speakers revisits 2005, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, and 2017. All in all, seven talks out of thirteen are given by people who have been with us before, many of them several times. As such, we feel this suits the 15th anniversary celebrations well.
Slightly over 30% of the tickets were sold during the summer, and since 2014 we’ve been sold out one to two months before the event. Register now.
Edit: While the content has aged little, our keynote speaker choice failed on a catastrophic level. We are leaving this post and video up in the name of transparency.
“Those who cannot remember the past are condemned to repeat it.”
— George Santayana, The Life of Reason: The Phases of Human Progress – Vol. I, Reason in Common Sense. 1905
In this 2015 keynote headhntr aka Morgan Marquis-Boire philosophizes on nation state attacks, their history, how hackers operate, and the nature of the Internet. As with all philosophical content and/or keynotes, very little has fundamentally changed since the talk.
Is modern technology the Panopticon? What is the East Germany tipping point of today? Do you agree with Morgan at all? Watch the keynote and let us know on the Twitter with #t2infosec !
Those who actually read the CFP announcement might have noticed the fine print in the footnote section where we announced this year’s keynote. Like having an IRC gateway from a BBS group chat, we’re trying to stay modern and understand that since time is money and everybody wants a TL;DR which fits a tweet, we need to provide one:
Breaking: Dave Aitel giving the headline keynote at t2’17! #t2infosec #cyber #leftoflaunch #dailydave #voiceofreason #buffythevampireslayer
In other words, we’re continuing the tradition of inviting former @stake / NSA employees / DailyDave posters to speak at t2. If you’ve been reading mailing lists and not just clicking on random links from Twitter, you will probably agree that people who have been long enough in the game often have the kind of insight you can only get by having been there and done that. It is our pleasure to welcome Dave Aitel to deliver the keynote this year.
In case you were born after Miami Vice originally aired, do some googling and figure out a way to mention GOBBLES and our keynote speaker in the same sentence.
Some of us are young/old enough to have spent too much time browsing through Cryptome archives in the late 90s and being amazed by documents about ECHELON and TEMPEST. Yet, it only took a couple of decades to see those unravel before our very eyes.
Compared to many other security topics, open source information available on electromagnetic intelligence cannot be described as extensive nor comprehensive. Luckily, the talented researchers from Tel Aviv took public research to a new level by demonstrating their 300 USD pita bread.
The setup brings practical attacks to class rooms and coffee shops near you. This time paper and pencil are recommended for taking notes.