The Jericho Forum and Challenge

Presented at DEF CON 14 (2006), Aug. 4, 2006, 11 a.m. (50 minutes)

In the first half of this session, Paul Simmonds will present on behalf of the Jericho Forum taking participants through the initial problem statement and what people need to go away and start implementing. Topics will include: De-perimeterization - the business imperative From protocols to accessing the web - the technical issues What should be implemented today - current and near term solutions Planning for tomorrow - future solutions and roadmap The second half on this session will focus on the Jericho Challenge, the format, the rules, the judging format and the prizes followed by a Q&A. The aim with the Jericho Form Challenge is to develop a "technology demonstrator" with a full year from start to finish. The competition is based on a typical business environment with at least one business application, one legacy application, typical business usage (Web, E-mail and Word Processing) using at least one "office" PC and one laptop. The finals and judging will occur in 2007 at DEFCON.

Presenters:

• Presenter: Paul Simmonds - CISO
  Paul Simmonds joined ICI in 2001 when he was recruited to head up Information Security for ICI, working for the CIO Office in London. Prior to joining ICI he spent a short time with a high security European web hosting company as Head of Information Security, and prior to that seven years with Motorola, again in a global information security role. In his career he has worked with many external agencies, and has also been directly involved in two successful criminal prosecutions, giving evidence in one case. Paul has a degree in Electronic Engineering and a City & Guilds in Radio Communication. He came to the Information Security field from a background in IT Systems Implementation and consultancy during which he wrote and implemented one of the UK's first web sites. Paul was voted 36th in the 2004 list of the top 50 most powerful people in networking, by the US publication Network World Fusion, for his work with the Jericho Forum.
• Judges: Pamela Fusco - EVP
  Pamela Fusco is currently Presidental Advisor to the ISSA and an EVP in the public sector. She was previously Executive Global Information Security Professional for Merck & CO., Inc. Pamela has accumulated over 19 years of substantial experience within the Security Industry. Her extensive background and expertise expand globally encompassing all facets of security inclusive of logical, physical, personal, facilities, systems, networks, wireless, and forensic investigations.
• David Mortman - former CISO
  David Mortman is former Chief Information Security Officer for Siebel Systems, Inc. where he and his team were responsible for Siebel Systems' worldwide IT security infrastructure, both internal and external. He also worked closely with Siebel's product groups and the company's physical security team and was leading up Siebel's product security and privacy efforts. Previously, Mr. Mortman was Manager of IT Security at Network Associates, where, in addition to managing data security, he deployed and tested all of NAI's security products before they were released to customers. Before that, he was a Security Engineer for Swiss Bank. A CISSP, member of USENIX/SAGE and ISSA, and an invited speaker at RSA 2002 and 2005 security conferences, Mr. Mortman has also been a panelist at InfoSecurity 2003, Blackhat 2004 and 2005 as well as Defcon 2005. He sits on a variety of advisory boards including Qualys, Teros, and Sygate amongst others. Mr. Mortman holds a BS in Chemistry from the University of Chicago
• Henry Teng - CISO
  Henry Teng is the Enterprise Security compliance officer, Senior Director for Philips International B.V. He is currently based in The Netherlands. Henry is responsible for the global Enterprise Security Compliance Management Program including information security and IT security for Philips in the Americas, Europe, and Asia Pacific. Philips International has annual revenue of about $36 billion and a worldwide employee population of 126,000. Henry has over nineteen years of IT security, information security, risk and compliance management experience for fortune 500 companies ranging from financial services, e-commerce, to electronics manufacturing. He is the author of three patents on security related areas granted by the U.S. Patent Office. Prior to Philips Henry worked for a number of large enterprises such as eBay as their chief of Information Security, for Charles Schwab as their Managing Director of Security Engineering & Design, and for KPMG LLP in the Risk & Advisory Services. Henry is a Certified Information Systems Security Professional (CISSP), and a Certified Information Security Manager (CISM). He served as a Board member for the Information Systems Security Association (ISSA) Silicon Valley Chapter for two years, which won the ISSA National Best Chapter Award for 2003. He was also one of the founding members of an industry consortium against distributed denial of service (DDoS) attacks and served as its chairperson from 2000 to 2002.

Links:

• https://defcon.org/html/defcon-14/dc-14-speakers.html#Simmonds
• https://infocon.org/cons/DEF CON/DEF CON 14/DEF CON 14 video/DEF CON 14 - Paul Simmonds - Jericho Challenge - Video.mp4
• https://www.youtube.com/watch?v=VN4NyIAdXQY

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Business Developement: The best non-four letter dirty word in infosec.
• BSidesLV 2019 / Duck and (Re)Cover - The missing link in the security evolution
• Black Hat USA 2010 / Security is Not a Four Letter Word