Stay Tuned for FuzzCon 2022! Register
Path

About

FuzzCon brings together software security experts and industry leaders from various sectors to share the benefits of fuzzing, a proven and accepted security testing technique. Through education, community building, and networking, FuzzCon aims to make this advanced technique accessible and help organizations realize the value of this emerging trend in continuous software testing.

Speakers

 
Anmol Misra
Director of Security, Autodesk

Anmol is an accomplished leader and researcher with over 15 years of experience in security. His engineering, security, and consulting background makes him uniquely suited to drive the adoption of disruptive technologies. Anmol is a team builder focused on mentoring and nurturing high-potential leaders, fostering excellence, and building industry partnerships. At Autodesk, Anmol is responsible for cloud and information security. Before Autodesk, he managed security & compliance for Collaboration Cloud & SaaS applications at Cisco. As part of EY's Risk Advisory Services, before Cisco, Anmol managed service delivery and consulting engagements for the Fortune 500 in the finance, healthcare, technology, retail, utility, consumer, entertainment, and e-commerce sectors. Anmol is the co-author of two books: Android Security: Attacks and Defenses, Core Software Security: Security at the source. He is also a contributing author of Defending the Cloud: Waging Warfare in Cyberspace. His books are used by leading universities worldwide to teach application and mobile security courses. He has taught security to students and professionals alike, and his work has been cited by research papers in prestigious journals, including ACM and IEEE.

 
Brook S.E. Schoenfield
Author, Passionate Security Architect, & Curious Questioner of Assumptions

Brook S.E. Schoenfield is the author of Secrets Of A Cyber Security Architect (Auerbach, 2019) and Securing Systems: Applied Security Architecture and Threat Models (CRC Press, 2015). His latest, Building In Security At Agile Speed (with Dr. James Ransome, Auerbach, 2021), focuses on software security for continuous development practices and DevOps. Brook helps clients with their software security and secure design practices. He mentors technical leaders to effectively deliver security strategies. He consults as a technical leader for IOActive Inc. and SEC Consult America’s holistic security architecture services. Previously, he led product security architecture at McAfee (Intel), Cisco Engineering, IT Security Architecture at Autodesk, and Web and Application Security for Cisco Infosec. He is a founding member of IEEE’s Center for Secure Design and is a featured Security Architect at the Bletchley Park Museum of Computing. He is the originator of Baseline Application Vulnerability Assessment (BAVA), Just Good Enough Risk Rating (JGERR), Architecture, Threats, Attack Surfaces and Mitigations (ATASM), and developer-centric security. He contributed to Core Software Security (CRC Press, 2014), and co-authored Avoiding the Top 10 Security Design Flaws (IEEE, 2014) and Tactical Threat Modeling (SAFECode, 2017).

 
Damilare D. Fagbemi
Founder, Resilient Software Security

Damilare is a software security leader and architect who has the pleasure of helping companies and organizations to design, build and deploy secure Internet of Things (IoT), cloud, and mobile solutions. He has taught secure software design across three continents ― North America, Africa, and Europe. He’s the founder of Resilient Software Security, a cybersecurity firm that provides security strategy, design, and operations services to businesses. He is also a co-author of the book, "The IoT Architect's Guide to Attainable Security & Privacy".

 
David Brumley
CEO & Co-founder, ForAllSecure

ForAllSecure CEO, David Brumley, received his Ph.D. in Computer Science from Carnegie Mellon University, MS in Computer Science from Stanford University, and a BA in Mathematics from the University of Northern Colorado. Brumley became a tenured Professor of Electrical & Computer Engineering at Carnegie Mellon University in 2016 and went on to become the Director of CyLab Security & Privacy Institute. With over 20 years of cybersecurity experience in academia and practice, Brumley is the author of over 50 publications in computer security and has received numerous awards, including the US PECASE award from President Obama, the highest award in the US for early-career scientists and engineers. In 2012, Brumley, along with his graduate students Athanasios Avgerinos and Alexandre Rebert, co-founded ForAllSecure with the mission to secure the world's critical software. In 2016, ForAllSecure went on to win the DARPA Cyber Grand Challenge with Mayhem, ForAllSecure’s autonomous cyber security system.

 
Jeff Costlow
Deputy CISO, ExtraHop Networks

As a security technologist and leader for over 20 years, Jeff’s deep experience securing information and technology assets as well as years of successful engineering leadership have resulted in secure product deployments to thousands of customers. As the Deputy CISO at ExtraHop Networks, Jeff leads the ExtraHop team towards groundbreaking security and privacy services in ExtraHop's best-of-breed network detection and response tool.

 
Larry Maccherone
DevSecOps Transformation, Contrast Security

Larry is a thought leader on DevSecOps. At Comcast, he launched and scaled the DevSecOps Transformation program over five years, and is now at Contrast helping organizations empower development teams to take ownership of security. Larry was a founding Director at Carnegie Mellon's CyLab and co-led the launch of Build-Security-In initiative. Contact Larry on his LinkedIn page: https://www.linkedin.com/in/LarryMaccherone

Moderators

 
Dr. Jared DeMott
Masters of Ceremonies

Dr. DeMott enjoys securing code and data in big tech after leading a successful startup. Jared has been passionate about fuzzing, since the early days of his career with the NSA. He holds a Ph.D. from Michigan State University and has often spoken on cyber matters at popular conferences. He was a finalist in Microsoft’s BlueHat security architecting contest and has been on three winning Defcon capture-the-flag teams. DeMott has authored books, blogs, and online courses on fuzzing and application security.

 
James Ransome
Veteran CISO, CSO, CPSO, & Author

Dr. James Ransome is the Chief Scientist for CyberPhos, an early-stage startup, and continues to do ad hoc cybersecurity consulting. He is on the Board of Directors for the Bay Area CSO Council. Most recently, Dr. Ransome was the Senior Director, Security Development Lifecycle (SDL) Engineering in the Intel Product Security and Assurance (IPAS) - Governance and Operations (IPAS GO) Group. His career is marked by leadership positions in the private and public industries, having served in three chief information security officer (CISO) and four chief security officer (CSO) roles at Applied Materials, Autodesk, Qwest Communications, Pilot Network Services, Exodus Communications, Exodus Communications-Cable, and Wireless Company, and Cisco. Dr. Ransome holds a Ph.D. in Information Systems specializing in Information Security, a Master of Science Degree in Information Systems, and graduate certificates in International Business and International Affairs. He received the 2005 Nova Southeastern University Distinguished Alumni Achievement Award. He is a member of Upsilon Pi Epsilon, the International Honor Society for the Computing and Information Disciplines, Certified Information Security Manager (CISM), a Certified Information Systems Security Professional (CISSP), and a Ponemon Institute Distinguished Fellow. Dr. Ransome is the author of several published books, including Wireless Operational Security; VoIP Security; Instant Messaging (IM) Security; Business Continuity Planning and Disaster Recovery Guide for Information Security Managers; Wireless Security: Know It All; Cloud Computing: Implementation, Management, and Security; Defending the Cloud: Waging Warfare in Cyberspace, Core Software Security - Security at the Source, and is currently working on a new book titled Building In Security at Agile Speed.

 
Robert Vamosi
CISSP, Host of The Hacker Mind podcast

Robert Vamosi is a CISSP and award-winning infosec journalist. He is the author of two books -- When Gadgets Betray Us [Basic Books: 2011] and The Art of Invisibility (with Kevin Mitnick) [Little, Brown & Co.: 2017] ‐‐ and is featured in Code 2600 , a feature-length documentary on the history of computer hacking. In its first year, the bi-weekly The Hacker Mind podcast has already amassed over 20K downloads with infosec guests such as LiveOverflow, Stok, and Jack Daniel.

Schedule

Registration
4:00PM-5:00PM
Welcome to FuzzCon 2021
4:30PM-4:45PM

Welcome to FuzzCon 2021 with David Brumley, ForAllSecure CEO & Co-founder, & Dr. Jared DeMott, FuzzCon Master of Ceremonies!

Can AppSec be Fixed?
4:45PM-5:15PM

It’s no secret that “Hacker Summer Camp” is a lot of fun. But, security conferences remain a long way from celebrations of victory. The breaches just keep rolling in, while the cadence of compromise increases. Fingers get pointed; blamestorming ensues. And yet, we keep applying the same, tired, often simplistic solutions to this thorny, complex, multi-dimensional problem that we call, “AppSec” or software security. Are our assumptions flawed? Is what “everybody knows” i.e., industry folklore, holding us back? And what part do testing techniques like fuzzing play in creating challenges, while at the same time offering us potential solutions? Please join author, security architect, and technical leader, Brook S.E. Schoenfield, to explore these questions and their possible answers.

Fuzzing Real Talks
5:30PM-6:50PM

Join experienced leaders of application and product security, Anmol Misra of Autodesk, Larry Maccherone of Contrast Security, Damilare D. Fagbemi of Resilient Software Security, and Jeff Costlow of Extrahop Networks, to learn the ins and outs of a successful security testing program. From tooling selection, to value justification, to organizational buy-in, to strategy building, these experts reference their 50+ years of collective industry experience to reveal their personal tips, tricks, and cautionary tales, so your security testing program is successful at its launch and throughout its lifetime. The Fuzzing Real Talks panel will be moderated by veteran CISO, CSO, & CPSO, James Ransome.

The Hacker Mind Feud
7:00PM-8:00PM

Join host of The Hacker Mind Podcast, Robert Vamosi, as he quizzes guests of the podcast on hacker trivia -- Family Feud style. Contestants will be playing to raise money for the non-profit BlackGirlsHack!

Networking | Social
8:00PM-9:30PM

After the main event, stay to network with security professionals, experts, and leaders while enjoying food, drinks, and games for the first time in over a year!