I will be speaking at RMISC this May; my talk is titled: Hidden trust, a "dark web" of trust relationships that your organization doesn't know about.

The talk will begin with a brief summary will be provided on the current state-of-the-art in kernel, firmware and hypervisor-level attacks and defenses and how the cat-and-mouse game that is on-going in this field can impact your organization. After reviewing the threat landscape, the discussion will move to mitigation strategies and how to fold defending against these types of attacks into existing business models. A holistic view of the adversary model targeting OS and hypervisors will be provided and ranked against other common threats. Finally these implicit trust relationships that are typically overlooked will be closely examined under the lens of "InfoSec debt" and providing guidance to InfoSec decision makers on the ROI or risks of adding additional IT services/appliances to an organization's network. The "InfoSec debt" metric can then be tracked over time and provides an intuitive way to explain the cost/benefits of IT security to other organizational stakeholders.

As always, if you will be attending, or in the neighborhood while I am there, feel free to reach out via my Twitter and hopefully we can meet up!