Presentations and Publications

Sample Feedback from RSA Conference 2010

• The Webcast was excellent and I would like to direct several colleagues to sign up and watch it. One of the best I have seen in a long time.
• Best presentation of the day!
• Excellent info.
• Good content.
• Great material.
• Very relevant.
• Best yet. Tells the story. Very effective.
• Excellent and engaging – delivered exchanged info in highly engaging and funny manner.
• Excellent, engaging speaker. One of the best I’ve heard.
• Excellent.
• Great speaker.

Presentations

November 2010

• “Cloud Threats and Compliance”, Cloud Computing Event at Lima

October 2010

• “Top Ten Breaches”, 2010 RSA Conference: Europe
• “Compliance in the Cloud”, 2010 SF ISACA Fall Conference
• “Cloud Investigations and Forensics”, CSI Annual Conference

September 2010

• “Forensics and Investigations in the Cloud”, High Technology Crime Investigation Association International Conference
• “Anatomy of a Breach: Critical Infrastructure”, High Technology Crime Investigation Association International Conference
• “No Patch for Social Engineering”, High Technology Crime Investigation Association International Conference

August 2010

• “Cloud Investigations and Forensics”, International Conference on Free and Open Source Software and eGovernment (CONSEGI) 2010
• “Compliance in the Cloud: Managing Risks and Addressing Concerns”, VMworld 2010

July 2010

• “Telephone Entrance System Vulnerabilities”, Security BSides
• “Current Top Threats”, UC Berkeley School of Information
• “Easy Hacks to Telephone Keypad Entry Systems”, The Next HOPE

June 2010

• “Cloudy with a Chance of Security” (video), Security BSides
• “Segmentation for PCI Compliance”, Crossbeam Seattle Executive Briefing

April 2010

• “Top 10 Security Breaches”, RSA Conference Webcast
• “Segmentation for PCI Compliance”, Crossbeam San Francisco Executive Briefing

March 2010

• “Top 10 Security Breaches”, RSA Conference
• “There’s No Patch for Social Engineering”, RSA Conference

January 2010

• “There’s No Patch for Social Engineering”, RSA Conference Podcast

September 2009

• “Compliance in the Cloud“, SF ISACA Fall Conference

June, 2009

• “Has HIPAA gone HITECH?”, ArcSight Webinar
• “Top 10 Ways to Ensure Your Security Operation Center Fails”, SC Magazine Webinar
• “Is your contractor a crook?”, ArcSight PodCast

May 2009

• “Top 10 Security Breaches”, ArcSight Webinar
• “Automation for SOX and NERC Compliance”, ArcSight Webinar

April 2009

• Top Threats to Personally Identifiable Information, SafeNet Presentation, RSA Conference
• “Top 10 Security Breaches”, ArcSight Webinar
• “Breach Lessons: Kaiser Health Records and Octomom”, ArcSight PodCast
• “Addressing HIPAA & Implications of 201 CMR 17.00″, Massachusetts Health Data Consortium
• “Addressing Basel II Requirements with SIEM”, ArcSight Webinar

March 2009

• “Cyber Security and NERC CIP 002 to 009″, ArcSight PodCast
• “Breach Lessons: RBS WorldPay”, ArcSight PodCast
• “PCI Compliance and Beyond – The Lessons of Data Breaches”, Qualys, VeriSign and ArcSight Executive Roundtable
• “Eight Steps to NERC CIP CyberSecurity Compliance”, ArcSight and CoalFire Webinar
• “Top 10 Security Breaches”, WhiteHatWorld Webinar

February 2009

• “Addressing HIPAA & Implications of 201 CMR 17.00″, ArcSight Webinar
• PCI Panel, SecureWorld
• “Powerful Cyber Security Lessons: A cost-effective approach to NERC compliance”, ArcSight Webinar
• “Five Compliance and Security Lessons You Can Learn from Recent HIPAA-Related Incidents”, ArcSight Webinar

January 2009

• “Addressing Multiple Regulations with a Broad Set of Compliance Controls”, ArcSight Webinar

2008 and earlier

• “Cyber Security Solutions for NERC CIP-002 to CIP-009″, ArcSight Webinar, December 2008
• “Data Security – DLP, Encryption, Mobile Devices”, CSI 2008: Security Reconsidered, November 2008
• “SIEM: The Next Generation of Security & Compliance Monitoring”, INTERFACE 2008, November 2008
• “Are You Ready for the Red Flags Rule?”, ArcSight Webinar, October 2008
• “Log Management, Identities and PCI DSS 1.2″, ArcSight Webinar, October 2008
• “Compliance Panel”, IEEE Key Management Summit, September 2008
• “Applying Security and Compliance in Tandem”, Protect 08: Connect the Dots, September 2008
• “Monitoring PCI Compliance”, Protect 08: Connect the Dots, September 2008
• “Integrating SIEM and Identity Monitoring Solutions”, Bell-Canada Security Solutions Rendez-Vous, June 2008
• “PCI Compliance”, Bell-Canada Dinner, June 2008
• “Securing the Mobile and Remote Workforce”, RSA Conference, April 2008
• “False Voices: the Impact of Culture on Information Security”, Central States Anthropological Society (CSAS) Meetings, April 2007
• “False Harmony: Racial, Ethnic, and Religious Stereotypes on the Internet”, National Association for Ethnic Studies (NAES) Conference, November 2006
• “Maintaining Your Organization’s Privacy”, Las Positas Chapter of the International Association of Administrative Professionals (IAAP), July 2006
• “Maintaining Your Organization’s Privacy”, Annual Education Forum for the International Association of Administrative Professionals (IAAP), June 2006
• “Manage Identities and Keys for the Retail Risk Model”, Retail Security Forum, November 2005
• “Retailer Panel — More than One Way to Safety: Practitioners Discuss Their Methodology”, Retail Security Forum, November 2005
• “Urgent/Confidential — An Appeal for your Serious and Religious Assistance”, Central States Anthropological Society (CSAS) Meetings, April 2004
• “How to Build your own Information Security Assessment Practice”, Secure IT Conference, April 2004
• “A Practical Approach to Implementing ISO/IEC 17799″, Secure IT Conference, April 2004
• “Auditing Technology for Sarbanes-Oxley Compliance” San Jose State University, Information Systems Audit and Control Association (ISACA) Club, August 2003
• “Should the Government Regulate Corporate Security?” Lighthouse Venture Forum breakfast discussion, June 2003
• “Urgent/Confidential — An Appeal for your Serious and Religious Assistance”, National Association for Ethnic Studies (NAES) Conference, April 2003
• “Secure Software Distribution”, Microsoft Certified Professional (MCP) TechMentor Summit on Security, July 2002
• “Auditing Windows 2000″, Silicon Valley Information Systems Audit and Control Association (ISACA) Chapter Meeting, December 2002

Publications

• “Especialista fala sobre forense computacional no Consegi”, CONSEGI Notícias, August 2010
• White Paper: Remote Communications and the Latest Threats, BlackHat Conference, NCP Secure Communications, July 2010
• “Experts say research into Nigerian 419 scam e-mails could lead to improved anti-phishing technologies, most messages not actually from Africa”, Kansas State University Press Release, April 2010
• White Paper: Virtualization and the Sarbanes-Oxley Act, HyTrust, April 2010
• “State of Cybercrime”, ArcSight Video, October 2009
• “Protection of Sensitive Data from Device to Acquirer”, ASC X9 Committee — ANSI (American National Standards Institute) accredited standards developing organization, September 2009
• “Defeat Cyber Threats & Risks”, ArcSight Whitepaper, July 2009
• NERC Cybersecurity Solutions for CIP-002 to CIP-009, ArcSight Whitepaper, June 2009
• “How to Identify the Source of Threats”, Channel World India, May 2009
• “Internet security problems have an upside for Silicon Valley” (contributor), Mercury News, May 2009
• “Identifying the source of corporate threats”, ComputerWorld, April 2009
• “Identifying the source of corporate threats”, CIO, April 2009
• “Identifying the source of corporate threats”, Insider Threat, Network World, April 2009
• “Addressing Basel II Requirements”, ArcSight Whitepaper, March 2009
• “Healthcare Security Oversight for HIPAA Audit and Compliance”, ArcSight Whitepaper, February 2009
• “Addressing Red Flag Requirements – Using SIEM to Implement Compliance Monitoring”, ArcSight Whitepaper, November 2008
• Symmetric Key Services Markup Language, OASIS Encryption Key Management Infrastructure Technical Committee, July 2008
• “GLBA Compliance: Tips for Building a Successful Program”, BankInfoSecurity, July 2008
• “On the tracks of medical data: Electronic records pressure”, SC Magazine, June 2008
• “Log management as a tool against insider threats”, Insider Threat, Network World, May 2008
• US Patent filed for mobile device authentication, November 2006
• Extensively quoted in “Firewalls are not enough”, Chain Store Age, December 2005
• “A Comparative Analysis of x86 Operating System Security”, Intel Corporation, 2001
• “Securing Linux: Step-by-Step”, SANS Institute, 2000
• Electronic Poetry Review (EPR), 1996 to present.
• Ottenheimer, Davi and Jeremy Allaire. “The Public Domain: International Human Rights Newsletter”, St. Paul, Minnesota, 1992.
• Ottenheimer, Harriet, Afan Ottenheimer and Davi Ottenheimer. “Shintiri: The secret language of the Comoro Islands.” Papers from the 1985 Mid-America Linguistics Conference, Manhattan, KS: Department of Speech, Kansas State University, 181-188, 1986. (Re-published in the “Workbook/Reader for Anthropology of Language”, 2005)