Presentations and Publications

Presentations | Sample Feedback | Publications


October 2020

  • “AI Auditing”, ISACA SF Fall Conference
  • “Preparing for Data Decentralization and Verifiable Credentials”, ISACA SF Fall Conference
  • Episode 100: Ethics/Discrimination of AI”, Hacker Valley Studio

September 2020

August 2020

  • “Privacy in an Internet Era”, Southeastern Association of Law Schools (SEALS)

July 2020

June 2020

May 2020

April 2020

March 2020

  • POSTPONED // “The Catcher in the AI: Hackers on ‘The Other Side'”, Sleuthfest
  • POSTPONED // “Regulating Technology: Issues and Ethics”, Panelist, Roger Mudd Center for Ethics, Washington and Lee University

February 2020

December 2019

  • POSTPONED // “Dr. Frankenstein Got Wheels: Are we Creating Monsters or Meaningful Mobility?”, Future of AI in Automotive, VDI Wissensforum
  • POSTPONED // “Hype meets reality, opportunities meet ethics: Do we need a morality framework for AI enabled cars and what is really possible?”, Future of AI in Automotive, VDI Wissensforum
  • “Whose AIs Are On Your Data: How Web De-Centralization May Be the Civil Rights Battle of Our Time”, Hackers Next Door

November 2019

  • “Advances in Network Visibility”, IANS Boston
  • “IOT: Who Owns Device Risk Management”, IANS Boston
  • “Getting Control of Container Security”, IANS Boston
  • “Breaking a Failed Vulnerability Management Cycle”, IANS Boston
  • “Vendor Optimization: Thinning the Herd”, IANS Boston

October 2019

  • Keynote: “An Introduction to Solid”, ISACA SF Fall Conference
  • “Auditing AI and Things”, ISACA SF Fall Conference

September 2019

August 2019

June 2019

  • “Getting Control of Container Security”, IANS LA
  • “Prioritizing Privilege Management”, IANS LA
  • “Cutting Through the AI/ML Vendor Hype”, IANS LA

May 2019

  • “How to Recruit and Retain the Best People”, IANS NYC
  • “Vendor Optimization: Thinning the Herd”, IANS NYC
  • “Getting Control of Container Security”, IANS NYC
  • “Breaking a Failed Vulnerability Management Cycle”, IANS NYC
  • “Case Study: How One Company Uses AI/ML”, IANS NYC

April 2019

March 2019

January 2019

November 2018

  • Cybercrime 2020: Revisiting the Future of Online Crime and Investigations“, Georgetown Law and the U.S. Department of Justice
  • “A Practical Guide to Endpoint Protection and UEBA”, IANS Boston
  • “Encryption: The Good, The Bad and The Ugly”, IANS Boston
  • “Securing Hybrid Clouds in a Post-CASB World”, IANS Boston
  • “Advantages and Risks of Containerization”, IANS Boston

October 2018

September 2018

August 2018

July 2018

June 2018

May 2018

  • Security in a World of Intelligent Machines,” Private Event – Invited Lecturer
  • “A Practical Guide to Endpoint Protection and UEBA,” IANS LA
  • “Securing Hybrid Clouds in a Post-CASB World,” IANS LA
  • “Moving to the Cloud: What Works, What Doesn’t and What to Do About It,” IANS LA
  • “Prioritizing Privilege Management,” IANS LA
  • “Machines at Work: Engineering Safety in a Big Data World,” IANS DC

April 2018

  • “Machines at Work: Engineering Safety in a Big Data World,” IANS Seattle

March 2018

  • “Making Cloud Simpler With Security Built-in Instead of Bolt-on,” Ziff-Davis Webinar
  • “Managing Your Mobile Risk Future,” IANS NYC
  • “Encryption – The Good, the Bad and the Ugly,” IANS NYC
  • “Prioritizing Privilege Management,” IANS NYC
  • “Identity: One Cloud Control to Rule Them All,” IANS NYC

January 2018

November 2017

  • “Managing Cloud Security Design and Implementation in a Ransomware World,” MongoDB Europe

October 2017

  • “Safe Shipping With Big Data: Don’t Make It an Oar Deal”, ISACA-SF
  • “Hunting The Unknown With AI”, ISACA-SF
  • “Mission Possible: A DevSecOps Odyssey”, WhiteHat Security Webinar

September 2017

  • “CISO Roundtable on Emerging Issues: Artificial Intelligence,” IANS Philly
  • “Implementing Big Data and SIEM,” IANS Philly
  • “Cloud Access Security Brokers,” IANS Philly
  • “Managing Cloud Security Design and Implementation,” IANS Philly

August 2017

July 2017

June 2017

  • “Managing Cloud Security Design and Implementation in a Ransomware World,” MongoDB World

May 2017

  • “DevSecOps – Security at the Speed of Innovation,” IANS Austin
  • “Effective Threat-Hunting Tactics and Toolkits,” IANS SF
  • “IDAM in the Cloud: A Strategy Session,” IANS SF
  • “Managing Cloud Security Design and Implementation,” IANS SF

Feb 2017

November 2016

October 2016

August 2016

June 2016

February 2016

January 2016

  • “Making Bones About It: Autonomous Drone Discovery of Forgotten Graves,” SF DataKind Meetup

December 2015

  • “Warning, Slippery Road Ahead: Preserving Privacy With Self-Driving Cars,” International VDI Conference – Automotive Big Data
  • “Five Steps to Safer Mobile Collaboration,” Ziff-Davis Webinar on behalf of Dropbox

November 2015

  • “Auditing Big Data: The Ethics of Machine Learning”, SF ISACA Fall Conference
  • “Securing the Internet of Things”, SF ISACA Fall Conference

August 2015

  • “Building Secure Clouds”, VMworld

July 2015

  • “Compliance and Big Data: Can They Coexist?”, IANS Webinar

May 2015

  • “Securing the OpenStack for Fun and Profit,” Cloud Security World 2015

April 2015

November 2014

  • “Practical Cloud Deployments and Secure OpenStack Strategies”, Fast and Secure Conference
  • “New Security Models for IoT”, IoT Expo
  • “Auditing Social Media”, ISACA Edu Panel
  • “Panel: Securing Mobile and BYOD”, ACSC Annual Conference

October 2014

  • “Babar-ians at the Gate: Data Protection at Massive Scale”, IANS Keynote
  • “Auditing an Internet of Things”, ISACA-SF 2014
  • “Auditor Tales from the Trenches of Big Data,” ISACA-SF 2014
  • “Realities of Securing Big Data,” 2014 CS Graduate Student Course, St. Polten
  • “7 Simple Ways to Deal With Serious Risks and Elephantine Security Challenges,” BlackHat EU 2014

September 2014

  • “Regulatory Compliant Cloud Computing and Content Distribution Networks,” IX Taller Internacional, Comision de Regulacion de Comunicaciones, Columbia
  • “Trusted IT: How EMC, VMware, Pivotal and RSA Together Redefine Security,” RSA Summit 2014
  • “The Pizza Box Zombie Mall Bank Accounts of Despair: Why CISOs Love Metaphors,” Yahoo Security Summit 2014

August 2014

  • “Babar-ians at the Gate: Data Protection at Massive Scale,” Blackhat USA 2014
  • “Role of Regulation in Protection – Continuous Diagnostic Monitoring (CDM), PCI, and more,” Blackhat Executive Summit 2014
  • “The Insider Threat and the Cloud: Harsh Reality in the Wake of Recent Security Breaches,” VMworld 2014
  • “Security Analytics: Challenges Opportunities, and New Directions,” UW CSE MSR Summer Institute

July 2014

  • “Cloud Trust Redefined: Eight Essential Steps in a Strong Defense,” RSA Conference Asia Pacific & Japan 2014
  • “How to Hadoop Without the Worry: Protecting Big Data at Scale,” RSA Conference Asia Pacific & Japan 2014
  • “Certificate Management in the Cloud,” BrightTALK Panel 2014

June 2014

May 2014

  • “Baby Got Risk: I like Big Data and I Can Not Lie,” BSidesNOLA
  • “Delivering Big Data, Security at Scale,” SOURCE Dublin
  • “Embracing a Zero Trust Security Model,” Cyphort Meetup
  • “Protecting Big Data at Scale,” CONFidence 2014

April 2014

March 2014

February 2014

January 2014

  • “Data Whales and Troll Tears: Beat the Odds in InfoSec,” ShmooCon

December 2013

November 2013

September 2013

  • “Auditing Big Data for Privacy, Security and Compliance,” ISACA-SF
  • “#HeavyD: Stopping Malicious Attacks Against Data Mining and Machine Learning,” ISACA-SF
  • “Active Defense 2013,” ISACA-SF

August 2013

June 2013

May 2013

  • “Big Data Security: Emerging Threats and How to Predict Them,” SOURCE Dublin

March 2013

  • “Is it Whack to Hack Back a Persistent Attack?” Panel with Trend Micro and CrowdStrike, 2013 RSA Conference, San Francisco
  • “Big Data, Pirates and Bourbon: Secure All the Things,” b:Secure Conference, Mexico City

February 2013

January 2013

  • “Big Data Risk,” Panel with Symantec, NetApp and Astute at ViaWest

December 2012

  • “Defending the Virtual Environment,” Hands-on Workshop, CONSEGI
  • Cyberfall: Active Defense 2012,” CONSEGI
  • “Hybrid Cloud Identity Management,” GigaOM Pro Webinar with Ping Identity

November 2012

October 2012

September 2012

August 2012

  • “Top 5 Considerations for Website Vulnerability Assessments,” Ziff Davis/Symantec Webinar
  • “Mind The Gap: Making PCI Compliance Reality Through Predictive Network Modeling and Visualization,” RedSeal Networks Webinar
  • “vSphere Hardening to Achieve Regulatory Compliance: Better, Faster, Stronger,” VMworld US 2012
  • “Securing a Virtualized PCI Environment Using vShield and vCenter Configuration Manager,” VMworld US 2012
  • “Securing the Virtual Environment: Defending the Enterprise Against Attack,” VMworld US 2012
  • “Encrypt Your Cloud,” RSA China 2012
  • “Message in a Bottle: Finding Hope in a Sea of Security Breach Data,” RSA China 2012
  • Encryption for Clouds,” RSA Europe 2012 Podcast

July 2012

June 2012

May 2012

April 2012

March 2012

  • “Big Data Security, Big Challenges: Start Here”: A Chat with Dave Asprey, VP Cloud Security at Trend Micro, Structure:Data 2012
  • “Data Protection in the Cloud”, TechTarget Webcast

February 2012

January 2012

December 2011

  • “Sharpening the Axe: How to Chop Down a Cloud”, BayThreat

November 2011

October 2011

September 2011

August 2011

June 2011

May 2011

April 2011

March 2011

  • “Cloud Computing: A Multi-Disciplinary View from Technology, Business and Law”, IEEE, Riverbed, Santa Clara University School of Engineering and Leavey School of Business

February 2011

January 2011

  • “vCloud Engineering Update: Monitoring and Logs”, VMware/LogLogic Kickoff

December 2010

  • “Cloud Investigations and Forensics”, RSA Podcast
  • “All Clouds Love Logs. Yes, Logs”, BayThreat, Hacker Dojo

November 2010

October 2010

September 2010

August 2010

July 2010

June 2010

April 2010

  • “Top 10 Security Breaches”, RSA Conference Webcast
  • “Segmentation for PCI Compliance”, Crossbeam San Francisco Executive Briefing

March 2010

January 2010

September 2009

June, 2009

May 2009

April 2009

March 2009

February 2009

January 2009


2007 and earlier

  • “False Voices: the Impact of Culture on Information Security”, Central States Anthropological Society (CSAS) Meetings, April 2007
  • “False Harmony: Racial, Ethnic, and Religious Stereotypes on the Internet”, National Association for Ethnic Studies (NAES) Conference, November 2006
  • “Maintaining Your Organization’s Privacy”, Las Positas Chapter of the International Association of Administrative Professionals (IAAP), July 2006
  • “Maintaining Your Organization’s Privacy”, Annual Education Forum for the International Association of Administrative Professionals (IAAP), June 2006
  • “Manage Identities and Keys for the Retail Risk Model”, Retail Security Forum, November 2005
  • “Retailer Panel — More than One Way to Safety: Practitioners Discuss Their Methodology”, Retail Security Forum, November 2005
  • “Urgent/Confidential — An Appeal for your Serious and Religious Assistance”, Central States Anthropological Society (CSAS) Meetings, April 2004
  • “How to Build your own Information Security Assessment Practice”, Secure IT Conference, April 2004
  • “A Practical Approach to Implementing ISO/IEC 17799”, Secure IT Conference, April 2004
  • “Auditing Technology for Sarbanes-Oxley Compliance” San Jose State University, Information Systems Audit and Control Association (ISACA) Club, August 2003
  • “Should the Government Regulate Corporate Security?” Lighthouse Venture Forum breakfast discussion, June 2003
  • “Urgent/Confidential — An Appeal for your Serious and Religious Assistance”, National Association for Ethnic Studies (NAES) Conference, April 2003
  • “Secure Software Distribution”, Microsoft Certified Professional (MCP) TechMentor Summit on Security, July 2002
  • “Auditing Windows 2000”, Silicon Valley Information Systems Audit and Control Association (ISACA) Chapter Meeting, December 2002
  • “Shintiri: The Secret Language of the Comoros”, Central States Anthropological Society (CSAS), 1984


Sample Feedback

VMworld Conference 2011 LV: Penetration Testing the Cloud

  • “Excellent! Similar sessions needed,there’s a lot to cover!”
  • “Need more like this.”
  • “Great material, a lot too look into after session.”
  • “The instructor exceeded my expectations. His knowledge of the subject was deep and his passion for it also showed. Great stuff!”
  • “Excellent material. Speaker researched and developed the information exceptionally well. Extremely well presented.”
  • “This had to be one of the best sessions I have had at VMworld.”
  • “Very useful and applicable to my current situation.”
  • “This guy was an awesome speaker.”
  • “Great speaker – good use of real world examples / humor. Kept crowd engaged”
  • “Great speaker. Good insights. Need more speakers with this kind of technical content.”

VMworld Conference 2010 SF: Compliance in the Cloud

  • “Davi’s talk on compliance is a disguise; it’s a fantastic talk on (security) quality & managing risk from an audit perspective #VMworld” — @Beaker (Christopher Hoff)
  • “Great session, incredibly valuable. The speaker did a very impressive job.”
  • “This was one of the better classes.”
  • “OVERALL AVERAGE: 4.23- highest score in [cloud] track!!!”

RSA Conference 2010: Top 10 Security Breaches

  • The Webcast was excellent and I would like to direct several colleagues to sign up and watch it. One of the best I have seen in a long time.
  • Best presentation of the day!
  • Excellent info.
  • Good content.
  • Great material.
  • Very relevant.
  • Best yet. Tells the story. Very effective.
  • Excellent and engaging – delivered exchanged info in highly engaging and funny manner.
  • Excellent, engaging speaker. One of the best I’ve heard.
  • Excellent.
  • Great speaker.

the poetry of information security