Please join the ISSA Chicago Chapter for our monthly chapter meeting. This month’s featured speaker is Dustin Childs, Sr. Security, Trend. Hors d’oeuvres will be served. Cash bar available. ISSA Chicago Chapter members receive a complimentary drink if they register for the meeting as members.
Nearly every organization claims to do vulnerability research and threat intelligence, but what does that really mean? Various marketplaces exist for security research and the current gray and black markets can be as robust as their white market counterparts. At each stage of the process, information about the vulnerability equates to a monetary value and depending on how this information is disseminated, that monetary value can drastically change. Like any open market, various factors can spur changes in supply and demand, and market actors can shape what types of research either becomes public – or finds its way into an active exploit.
Even if you don’t actively participate in the exploit economy, it impacts the security of your enterprise. The most obvious way this manifests is through security patches that result from submissions to bug bounty programs, but other factors have wide-reaching impacts. Understanding the source of threat intelligence and the exploit economy are vital for getting proactive with your network defenses rather than merely reacting to threats.
Dustin Childs began his infosec journey in the late 1990’s at the Air Force Information Warfare Center, where he was a member of the Air Force CERT and a key player in Solar Sunrise and Moonlight Maze. He then transitioned from active duty to defense contractor, where he ran a multi-million dollar facility designed to test and verify network tools and architecture. Mr. Childs then worked in the Microsoft Trustworthy Computing group where he served as a case manager in the Microsoft Security Response Center (MSRC) with a focus on addressing vulnerabilities in the Windows operating system and in Microsoft’s developer tools. His cases included the original Conficker vulnerability and Stuxnet-related bugs. With over 20 years in information security roles, Mr. Childs approaches issues with an understanding of the different real-world implications for various IT roles.
Currently, Dustin is a part of Trend Micro’s Zero Day Initiative (ZDI), which is the world’s largest vendor agnostic bug bounty program. The ZDI team augments Trend Micro’s enterprise security products with 0-day research through a network of over 3,000 independent researchers around the world. In this role, Dustin’s continuing research provides insight into the threat landscape and guidance on research priorities. He is also part of the team that adjudicates the multiple Pwn2Own competitions organized by ZDI. Part of his role also includes speaking publicly and promoting the research produced by the ZDI. He has presented at numerous conferences including BlueHat and ThotCon.
Looking for presentations from past meetings? Members can access them HERE on the ISSA.org web site.
Event Anti-Harassment Policy
The ISSA Chicago Chapter is dedicated to providing a harassment-free event experience for everyone, regardless of gender, sexual orientation, disability, gender identity, age, race, or religion. We do not tolerate harassment of event participants in any form. Sexual language and imagery is not appropriate for any event venue, including talks. Event participants violating these rules may be sanctioned or expelled from the event at the discretion of the event organizers/management.
Please follow this link to see the full text of our Anti-Harassment Policy.