- "Security Best Practices for Cloud IAM," Keynote, ISACA Virtual Conference on Cloud Maturity
- "Baby Got Risk: I like Big Data and I Can Not Lie," BayThreat
- "Breaches of personal data security: Causes and Consequences," Keynote, International Forum on Personal Data Protection: IFAI (Federal Institute for Access to Information and Data Protection) Recommendations
- "Auditing Big Data," Institute of Internal Auditors, Silicon Valley
- "The 七 of Big Data: Finding Whiro," KiwiCon
- "Auditing Big Data for Privacy, Security and Compliance," ISACA-SF
- "#HeavyD: Stopping Malicious Attacks Against Data Mining and Machine Learning," ISACA-SF
- "Active Defense 2013," ISACA-SF
- "Data Breach Panel," BSidesLV
- "New Threats to Cloud Infrastructure and Big Data," RSA Conference Asia Pacific 2013
- "Big Data Security: Emerging Threats and How to Predict Them," SOURCE Dublin
- "Is it Whack to Hack Back a Persistent Attack?" Panel with Trend Micro and CrowdStrike, 2013 RSA Conference, San Francisco
- "Big Data, Pirates and Bourbon: Secure All the Things," b:Secure Conference, Mexico City
- "Putting Security First – DNP episode 27," digitalnibbles Podcast with Reuven Cohen and Allyson Klein
- "Real-time security analytics: catching cyber criminals before it’s too late," GigaOM Analyst Roundtable with Click Security
- "Big Data Calls for Big Security!" The 14th Annual Privacy and Security Conference, Victoria, BC
- "The Effective Use of Big Data in Security Analytics," The 14th Annual Privacy and Security Conference, Victoria, BC
- "Legal and Technical Issues of Forensics in the Cloud: How to Prepare," 2013 RSA Conference, San Francisco
- "Big Data, Pirates and Bourbon: Secure All the Things," 2013 RSA Conference, San Francisco
- "Big Data Risk," Panel with Symantec, NetApp and Astute at ViaWest
- "Defending the Virtual Environment," Hands-on Workshop, CONSEGI
- "Cyberfall: Active Defense 2012," CONSEGI
- "Hybrid Cloud Identity Management," GigaOM Pro Webinar with Ping Identity
- "Accidents happen: backing up your business in the cloud," GigaOM Pro Panel with Spanning
- "The Loch Ness Monster (Big Data Security)," Intel Security Conference
- "Hacking Back In Self-Defense: How Can I Do It Legally?" Hacker Halted 2012
- "Active Defense/Response (Hacking Back in Self-Defense) – Not Just a Theory, But Here is How it Will Work,” ISSA International Conference
- "Auditing and Assurance in the Cloud," ISACA-SF
- "In(sta)Security: Managing the BYOD Risk," ISACA-SF
- "Keynote" Dubex Security & Risk Management Summit
- "vSphere Hardening to Achieve Regulatory Compliance: Better, Faster, Stronger,” VMworld Europe 2012
- "Securing the Virtual Environment: Defending the Enterprise Against Attack,” VMworld Europe 2012
- "Encryption for Clouds," RSA Europe 2012
- Interview of Bruce Schneier on his new book "Liars and Outliers: Enabling the Trust that Society Needs to Thrive" in the Author's Studio, RSA Europe 2012
- Interviewed by Bruce Schneier on our new book "Securing the Virtual Environment: How to Defend the Enterprise Against Attack" in the Author's Studio, RSA Europe 2012
- "Active Defense: How to Counter Your Attackers," RSA Europe 2012
- "Securing the Virtual Environment: Defending the Enterprise Against Attack,” UNITED Security Summit
- "BYOD everywhere: Unknown isn't always a threat," GigaOM Mobilize
- "Top 5 Considerations for Website Vulnerability Assessments,” Ziff Davis/Symantec Webinar
- "Mind The Gap: Making PCI Compliance Reality Through Predictive Network Modeling and Visualization,” RedSeal Networks Webinar
- "vSphere Hardening to Achieve Regulatory Compliance: Better, Faster, Stronger,” VMworld US 2012
- "Securing a Virtualized PCI Environment Using vShield and vCenter Configuration Manager," VMworld US 2012
- "Securing the Virtual Environment: Defending the Enterprise Against Attack,” VMworld US 2012
- "Encrypt Your Cloud," RSA China 2012
- "Message in a Bottle: Finding Hope in a Sea of Security Breach Data," RSA China 2012
- "Encryption for Clouds," RSA Europe 2012 Podcast
- "Big Data's Fourth V: or Why We'll Never Find the Loch Ness Monster," BSidesLV 2012
- "Preparing Your Presentation for RSA® Conference China 2012," RSA Conference Webinar
- "PCI Compliance in Virtual Environments – QSA Primer," VMware Webinar
- "#87 – Virtualization Security Roundtable," The Virtualization Practice
- "Key Steps to an Airtight Vulnerability Assessment," Verisign/Ziff Davis Webinar
- "Virtualization Compliance and PCI DSS v2: QSA Roundtable with IOActive and K3DES," VMware Webinar
- "Provider Controls: Why the Big Secret?" SearchCompliance Virtual Seminar on Overcoming Cloud Security Barriers
- "Message in a Bottle – Finding Hope in a Sea of Security Breach Data", 2012 RSA Conference Webcast
- "Big Data Security, Big Challenges: Start Here": A Chat with Dave Asprey, VP Cloud Security at Trend Micro, Structure:Data 2012
- "Data Protection in the Cloud", TechTarget Webcast
- Interview of Bruce Schneier on his new book "Liars and Outliers: Enabling the Trust that Society Needs to Thrive" in the Author's Studio, 2012 RSA Conference, San Francisco
- "Message in a Bottle – Finding Hope in a Sea of Security Breach Data", 2012 RSA Conference, San Francisco
- "Lightning Round: Data Confidentiality and Integrity in the Cloud", 2012 RSA Conference, San Francisco
- "Compliance Audit Validated Industry Specific Architectures", VMware Partner Exchange
- "Achieving a Trusted Cloud – vCM, VIN, vShield Technical Overview", VMware Partner Exchange
- "Message in a Bottle – Finding Hope in a Sea of Security Breach Data", 2012 RSA Conference Podcast
- "Sharpening the Axe: How to Chop Down a Cloud", BayThreat
- "Cooking Security into the Cloud", RSA Conference CHINA 2011
- "Risks and Controls in Cloud Computing", SF ISACA Fall Conference
- "Penetration Testing the Cloud", VMworld Europe 2011
- "Customer Panel: Ensuring Compliance in a Virtual World", VMworld Europe 2011
- "Everything You Wanted to Know About Virtual Compliance (But Were Afraid to Ask)", RSA Conference Europe 2011
- "A QSA Perspective on Cloud Compliance", The Virtualization Practice Podcast
- "Staying compliant in the cloud", SearchCloudComputing Podcast
- "Future Trends in Cloud Forensics", High Technology Crime Investigation Association (HTCIA) International Conference
- "Everything You Wanted to Know About Virtual Compliance (But Were Afraid to Ask)", RSA Conference Europe 2011 Podcast
- "Penetration Testing the Cloud", VMworld USA 2011
- "PCI-DSS Compliant Cloud – Design and Architecture Best Practices", VMworld USA 2011
- "2011: A Cloud Odyssey", BSidesLV 2011
- Dynamic Protection from Security Threats with the Cloud, IBM Webcast
- Security in the Cloud: Data Sovereignty, Open Source and Multi-Tenancy, Focus Roundtable
- "FISMA Clouds in 2011: Fact or Fiction?", Focus Roundtable
- "Security & Compliance Issues", CloudCamp, Silicon Valley
- "Compliance in the Cloud – Unfiltered and Unplugged", Interop
- "Cloud Computing: A Multi-Disciplinary View from Technology, Business and Law", IEEE, Riverbed, Santa Clara University School of Engineering and Leavey School of Business
- "Cloud Investigations and Forensics", 2011 RSA Conference, San Francisco
- "Dr Stuxlove: or How I Learned to Stop Worrying and Love the Worm", BSidesSF 2011
- Virtualization Security Podcast, The Virtualization Practice
- "vCloud Engineering Update: Monitoring and Logs", VMware/LogLogic Kickoff
- "Cloud Investigations and Forensics", RSA Podcast
- "All Clouds Love Logs. Yes, Logs", BayThreat, Hacker Dojo
- "PCI Compliance and Virtualization", HyTrust/Cisco/VMware/Savvis Webinar
- "Compliance in the Cloud", Cloud Computing Expo
- "Top Ten Breaches", 2010 RSA Conference: Europe
- "Compliance in the Cloud", 2010 SF ISACA Fall Conference
- "Cloud Investigations and Forensics", CSI Annual Conference
- "Identity and Access Management for PCI Compliance", Courion Webinar
- "Forensics and Investigations in the Cloud", High Technology Crime Investigation Association International Conference
- "Anatomy of a Breach: Critical Infrastructure", High Technology Crime Investigation Association International Conference
- "No Patch for Social Engineering", High Technology Crime Investigation Association International Conference
- "Cloud Investigations and Forensics", International Conference on Free and Open Source Software and eGovernment (CONSEGI) 2010
- "Compliance in the Cloud: Managing Risks and Addressing Concerns", VMworld 2010
- "Telephone Entrance System Vulnerabilities", Security BSides
- "Current Top Threats", UC Berkeley School of Information
- "Easy Hacks to Telephone Keypad Entry Systems", The Next HOPE
- "Cloudy with a Chance of Security" (video), Security BSides
- "Segmentation for PCI Compliance", Crossbeam Seattle Executive Briefing
- "Top 10 Security Breaches", RSA Conference Webcast
- "Segmentation for PCI Compliance", Crossbeam San Francisco Executive Briefing
- "Top 10 Security Breaches", RSA Conference
- "There's No Patch for Social Engineering", RSA Conference
- "There's No Patch for Social Engineering", RSA Conference Podcast
- "Compliance in the Cloud", SF ISACA Fall Conference
- "Has HIPAA gone HITECH?", ArcSight Webinar
- "Top 10 Ways to Ensure Your Security Operation Center Fails", SC Magazine Webinar
- "Is your contractor a crook?", ArcSight PodCast
- "Top 10 Security Breaches", ArcSight Webinar
- "Automation for SOX and NERC Compliance", ArcSight Webinar
- Top Threats to Personally Identifiable Information, SafeNet Presentation, RSA Conference
- "Top 10 Security Breaches", ArcSight Webinar
- "Breach Lessons: Kaiser Health Records and Octomom", ArcSight PodCast
- "Addressing HIPAA & Implications of 201 CMR 17.00", Massachusetts Health Data Consortium
- "Addressing Basel II Requirements with SIEM", ArcSight Webinar
- "Cyber Security and NERC CIP 002 to 009", ArcSight PodCast
- "Breach Lessons: RBS WorldPay", ArcSight PodCast
- "PCI Compliance and Beyond – The Lessons of Data Breaches", Qualys, VeriSign and ArcSight Executive Roundtable
- "Eight Steps to NERC CIP CyberSecurity Compliance", ArcSight and CoalFire Webinar
- "Top 10 Security Breaches", WhiteHatWorld Webinar
- "Addressing HIPAA & Implications of 201 CMR 17.00", ArcSight Webinar
- PCI Panel, SecureWorld
- "Powerful Cyber Security Lessons: A cost-effective approach to NERC compliance", ArcSight Webinar
- "Five Compliance and Security Lessons You Can Learn from Recent HIPAA-Related Incidents", ArcSight Webinar
- "Cyber Security Solutions for NERC CIP-002 to CIP-009", ArcSight Webinar, December 2008
- "Data Security – DLP, Encryption, Mobile Devices", CSI 2008: Security Reconsidered, November 2008
- "SIEM: The Next Generation of Security & Compliance Monitoring", INTERFACE 2008, November 2008
- "Are You Ready for the Red Flags Rule?", ArcSight Webinar, October 2008
- "Log Management, Identities and PCI DSS 1.2", ArcSight Webinar, October 2008
- "Compliance Panel", IEEE Key Management Summit, September 2008
- "Applying Security and Compliance in Tandem", Protect 08: Connect the Dots, September 2008
- "Monitoring PCI Compliance", Protect 08: Connect the Dots, September 2008
- "Integrating SIEM and Identity Monitoring Solutions", Bell-Canada Security Solutions Rendez-Vous, June 2008
- "PCI Compliance", Bell-Canada Dinner, June 2008
- "Securing the Mobile and Remote Workforce", RSA Conference, April 2008
2007 and earlier
- "False Voices: the Impact of Culture on Information Security", Central States Anthropological Society (CSAS) Meetings, April 2007
- "False Harmony: Racial, Ethnic, and Religious Stereotypes on the Internet", National Association for Ethnic Studies (NAES) Conference, November 2006
- "Maintaining Your Organization's Privacy", Las Positas Chapter of the International Association of Administrative Professionals (IAAP), July 2006
- "Maintaining Your Organization's Privacy", Annual Education Forum for the International Association of Administrative Professionals (IAAP), June 2006
- "Manage Identities and Keys for the Retail Risk Model", Retail Security Forum, November 2005
- "Retailer Panel — More than One Way to Safety: Practitioners Discuss Their Methodology", Retail Security Forum, November 2005
- "Urgent/Confidential — An Appeal for your Serious and Religious Assistance", Central States Anthropological Society (CSAS) Meetings, April 2004
- "How to Build your own Information Security Assessment Practice", Secure IT Conference, April 2004
- "A Practical Approach to Implementing ISO/IEC 17799", Secure IT Conference, April 2004
- "Auditing Technology for Sarbanes-Oxley Compliance" San Jose State University, Information Systems Audit and Control Association (ISACA) Club, August 2003
- "Should the Government Regulate Corporate Security?" Lighthouse Venture Forum breakfast discussion, June 2003
- "Urgent/Confidential — An Appeal for your Serious and Religious Assistance", National Association for Ethnic Studies (NAES) Conference, April 2003
- "Secure Software Distribution", Microsoft Certified Professional (MCP) TechMentor Summit on Security, July 2002
- "Auditing Windows 2000", Silicon Valley Information Systems Audit and Control Association (ISACA) Chapter Meeting, December 2002
- eBook: "Cloud Computing Infrastructure: 2012 and Beyond," GigaOM Pro, June 2012
- Reference: "The Risks and Benefits of Allowing Employee-Owned Devices," ComplianceWeek, June, 2012
- Article: "Maintaining Compliance in the Cloud," TechTarget, May 2012
- Book: Securing the Virtual Environment: How to Defend the Enterprise Against Attack (with DVD), Wiley, May 2012
- Article: "New Ways to Keep Hackers Out of Your Business", Inc. Magazine, November 2011
- Standard: X9F4 – Cryptographic Protocols and Application Security / X9.125 Cloud
- Article: "Amazon GovCloud lurches toward private vs. public cloud", SearchCloudComputing.com, August 2011
- Standard: Distributed Management Task Force, Cloud Audit Data Federation
- Standard: "Information Supplement: PCI DSS Virtualization Guidelines v2.0", Virtualization Special Interests Group (SIG), Payment Card Industry (PCI) Security Standards Council (SSC), June 2011
- Reference: "Expert cites new hack tactic in Michaels data breach", Reuters, June 2011
- White Paper: 5 Mistakes Auditing Virtual Environments (You Don't Want to Make), HyTrust/K3DES, June 2011
- Standard: Study Group Report on Cloud Computing, ISO/IEC JTC 1 SC38 SGCC, January 2011
- White Paper: PCI DSS Compliance, AT&T Wireless Services/K3DES, March 2011
- White Paper: PCI-Compliant Cloud Reference Architecture, HyTrust/Cisco/Savvis/VMware, November 2010
- Standard: Consensus Assessments Initiative Questionnaire, Cloud Security Alliance, October, 2010
- Reference: VMware working to boost security compliance features in vCloud Director, Security AU News, September 2010
- Reference: "Especialista fala sobre forense computacional no Consegi", CONSEGI Noticias, August 2010
- White Paper: Remote Communications and the Latest Threats, BlackHat Conference, NCP Secure Communications, July 2010
- Reference: "Experts say research into Nigerian 419 scam e-mails could lead to improved anti-phishing technologies, most messages not actually from Africa", Kansas State University Press Release, April 2010
- White Paper:Virtualization and the Sarbanes-Oxley Act, HyTrust, April 2010
- Video: "State of Cybercrime", ArcSight, October 2009
- Standard: "Protection of Sensitive Data from Device to Acquirer", ASC X9 Committee — ANSI (American National Standards Institute) accredited standards developing organization, September 2009
- White Paper: "Defeat Cyber Threats & Risks", ArcSight, July 2009
- White Paper: NERC Cybersecurity Solutions for CIP-002 to CIP-009, ArcSight, June 2009
- Article: "How to Identify the Source of Threats", Channel World India, May 2009
- "Internet security problems have an upside for Silicon Valley" (contributor), Mercury News, May 2009
- Article: "Identifying the source of corporate threats", ComputerWorld, April 2009
- Article: "Identifying the source of corporate threats", CIO, April 2009
- Article: "Identifying the source of corporate threats", Insider Threat, Network World, April 2009
- White Paper: "Addressing Basel II Requirements", ArcSight, March 2009
- White Paper: "Healthcare Security Oversight for HIPAA Audit and Compliance", ArcSight, February 2009
- White Paper: "Addressing Red Flag Requirements – Using SIEM to Implement Compliance Monitoring", ArcSight, November 2008
- Standard: Symmetric Key Services Markup Language, OASIS Encryption Key Management Infrastructure Technical Committee, July 2008
- Article: "GLBA Compliance: Tips for Building a Successful Program", BankInfoSecurity, July 2008
- Article: "On the tracks of medical data: Electronic records pressure", SC Magazine, June 2008
- Article: "Log management as a tool against insider threats", Insider Threat, Network World, May 2008
- Paper: "Urgent/Confidential–An Appeal for Your Serious and Religious Assistance: The Linguistic Anthropology of 'African' Scam Letters"
- US Patent: Mobile Device Authentication, November 2006
- Reference: "Firewalls are not enough", Chain Store Age, December 2005
- White Paper: "A Comparative Analysis of x86 Operating System Security", Intel Corporation, 2001
- Hardening Guide: "Securing Linux: Step-by-Step", SANS Institute, 2000
- Electronic Poetry Review (EPR), 1996 to present.
- Research assistance to Sanford Schram, "Postmodern Policy Analysis: Discourse and identity in welfare policy", 1993.
- Ottenheimer, Davi and Jeremy Allaire. "The Public Domain: International Human Rights Newsletter", St. Paul, Minnesota, 1992.
- Ottenheimer, Harriet, Afan Ottenheimer and Davi Ottenheimer. "Shintiri: The secret language of the Comoro Islands." Papers from the 1985 Mid-America Linguistics Conference, Manhattan, KS: Department of Speech, Kansas State University, 181-188, 1986. (Re-published in the "Workbook/Reader for Anthropology of Language", 2005)
VMworld Conference 2011 LV: Penetration Testing the Cloud
- "Excellent! Similar sessions needed,there's a lot to cover!"
- "Need more like this."
- "Great material, a lot too look into after session."
- "The instructor exceeded my expectations. His knowledge of the subject was deep and his passion for it also showed. Great stuff!"
- "Excellent material. Speaker researched and developed the information exceptionally well. Extremely well presented."
- "This had to be one of the best sessions I have had at VMworld."
- "Very useful and applicable to my current situation."
- "This guy was an awesome speaker."
- "Great speaker – good use of real world examples / humor. Kept crowd engaged"
- "Great speaker. Good insights. Need more speakers with this kind of technical content."
- "OVERALL AVERAGE: 4.63"
VMworld Conference 2010 SF: Compliance in the Cloud
- "Davi's talk on compliance is a disguise; it's a fantastic talk on (security) quality & managing risk from an audit perspective #VMworld" — @Beaker (Christopher Hoff)
- "Great session, incredibly valuable. The speaker did a very impressive job."
- "This was one of the better classes."
- "OVERALL AVERAGE: 4.23- highest score in [cloud] track!!!"
- The Webcast was excellent and I would like to direct several colleagues to sign up and watch it. One of the best I have seen in a long time.
- Best presentation of the day!
- Excellent info.
- Good content.
- Great material.
- Very relevant.
- Best yet. Tells the story. Very effective.
- Excellent and engaging – delivered exchanged info in highly engaging and funny manner.
- Excellent, engaging speaker. One of the best I've heard.
- Great speaker.