James N. Duncan, CISSP, is the Cyber Security Incident Response Team Coordinator for BB&T Corporation, currently the 11th largest domestic financial holding company in the United States. His constituency extends over 34 subsidiaries and nearly 30,000 employees in eleven states providing nearly every imaginable financial service from traditional banking, wealth management, and investments, to insurance, payroll management, software development, and ASPs for other financial services companies. The bank's web presence, bbt.com, has received numerous awards for excellence in on-line banking.
Previously, Jim Duncan worked at Cisco Systems where he provided incident response team support within the Critical Infrastructure Assurance Group, acting as technical liaison for various ISACs and government agencies (US and others), and was the team lead for the Cisco Product Security Incident Response Team, handling vulnerabilities in Cisco products from initial report to final composition and publication of a security advisory. Prior to that, he was employed as network engineer and principal systems administrator in various departments at the Pennsylvania State University.
In between, Mr. Duncan developed one of the first tutorials focusing on developing incident response teams way back in 1996 (with Rik Farrow for the USENIX Association), served a two-year term on the Steering Committee/Board of Directors of the Forum of Incident Response and Security Teams, and became an approved TRANSITS instructor, teaching several TRANSITS classes around the globe.
Jim is also a soccer referee, certified by the United States Soccer Federation, US Indoor Soccer, and the North Carolina High School Athletic Association, and has officiated many hundreds of matches in the last four years.
He is in wide demand on multiple continents as a speaker and instructor (and referee).
Before moving to the United States in 2001, he was the Director of Operations at Terra Networks, Venezuela. Between 2001 and 2003, he worked as the senior UNIX Engineer of Terra Networks USA. In this position, he
participated in forensic analysis activities and responded to DDoS attacks which included investigations that led to the identification of possible attackers using social engineering techniques within the Internet Relay Chat
(IRC) while collaborating with the FBI.
Mr. Laurent was also the Operations Manager at Terra Networks USA where he was responsible for the design, architecture, building and ongoing operations of the technological platform for several web sites including
terra.com, lycos.com, tripod.com among others.
Previous to his involvement in Information Security and Forensics, he managed UNIX systems for British Petroleum (BP) Venezuela. Mr. Laurent holds a degree in Computer Science from “Universidad Central de Venezuela”
(Central University of Venezuela), and he is a Certified Information Systems Security Professional (CISSP).
Mr. Laurent served in several organizations as a volunteer and was a member of the steering committee for the ACM International Collegiate Programming Contest (ACM-ICPC). He also co-founded of the Venezuelan chapter for the International Olympiad in Informatics (IOI), which launched in 1998.
Mr. Laurent's interests are Systems Automation, Telecommunications and he is a hobbyist of Voice over IP (VoIP) technologies. His future academic goal is to pursue a degree in Criminology with a focus on Forensic Science
Investigation in Computer Crime.
Francisco "Paco" Monserrat is the Security Coordinator of RedIRIS (the Spanish Academic and Research Network) and he is a FIRST member since 1997. During the last few years, he has worked actively on the TF-CSIRT, iniromoting the cooperation among CSIRTs in Europe.
Paco has spoken on various conferences and his activities focus on Forense Analysis, criptography and Computer Security Incidents Response Teams.
Writing good security advisories: A Hands-On guide to delivering bad news in the best possible way
James N. Duncan (BB&T Corporation, US)
Once a rare occurrence a decade ago, security advisories are now produced many times a day. For each one, there are multiple other companion advisories or commentaries produced in response, and each of those have slightly different information from different sources, are produced or collected at different times, and are written in different styles with different ultimate goals.
Is it any wonder that we are confused? And we are the experts!
The existing state of the art is complex and so are the products, but the goal of this hands-on class is simple: Find the common elements of advisory construction that are _good_, eliminate the _bad_, and develop a framework for producing better future advisories.
Format
The class will be consensus-led. The instructor will provide background and examples, propose one or more vulnerabilities to study, encourage discussion, and collate material contributed by the participants. Attendees are expected to contribute to discussion and commentary, identify desirable and undesirable elements of advisories, compose (or help with composing) sections of text as a result of what has been learned, and then develop rules for ensuring better content in future security advisories.
Laptops are recommended highly but are not required; pen and paper will be adequate. Attendees will compose some sections separately at the same time to compare with others, and at other times attendees will work in parallel on different sections of an advisory to be collated by the instructor. Experience with more than one language will be valuable but is not required.
October 18, 2007 09:00-10:30, October 18, 2007 10:50-12:00
