One Day Left to get an iPad Pro with Smart Keyboard, HP ProBook, or $350 Off with OnDemand & vLive!

SANS 2016

Orlando, FL | Sat, Mar 12 - Mon, Mar 21, 2016
This event is over,
but there are more training opportunities.

PKI Trust Models: Whom do you trust?

  • Blaine Hein - Master's Degree Candidate
  • Tuesday, March 15th, 8:15pm - 8:55pm

The media has given PKI a lot of attention recently. Secure web server exploits and signed malware erode trust in PKI. Despite this negative media attention, little detailed discussion occurs regarding PKI Trust proliferation. PKI is an integral part of our daily lives even though, for the most part, we never notice it. Europe is several years ahead of North America in the ubiquitous deployment of PKI to its citizens, but North America has begun to catch up. This paper covers four major areas including the definition of trust and trust models, implementation of trust, auditing of trust, and managing trust. The paper provides proof of concept tools to allow administrators to understand their current level of PKI trust and techniques manage trust.

Speaker Bio: Mr Blaine Hein is a Principal Scientist and Project Manager working for the NATO Communications and Information Agency. He has over 23 years of experience working in the areas of INFOSEC, Information Assurance, and Cyber Defence. Mr Hein started his IT Security career working for the Communications Security Establishment Canada as an INFOSEC engineer in 1992. His responsibilities included fibre optic distribution systems, cryptographic engineering and evaluation, international standards, and computer and network vulnerability education programs. Since moving to NATO he has been involved with the development of Information Assurance policy and in November 2006 Blaine deployed the first interim NATO PKI capability. From 1990 to 1992 he worked in both the telecommunications and aerospace engineering fields.

Mr Hein completed a Bachelor of Computer Engineering from the University of Manitoba in Winnipeg, Canada in 1990. Blaine is a candidate in the Master of Science Degree Program of SANS Technology Institute, and holds several GIAC Certifications.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
  • Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Saturday, March 12
Session Speaker Time Type
GSE Lab Examination Saturday, March 12th, 8:00am - 5:30pm Special Events
Sunday, March 13
Session Speaker Time Type
GSE Lab Examination Sunday, March 13th, 8:00am - 5:30pm Special Events
Securing Your Kids Lance Spitzner Sunday, March 13th, 7:00pm - 8:00pm SANS@Night
Monday, March 14
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Monday, March 14th, 8:15am - 8:45am Special Events
Women in Technology Meet and Greet Monday, March 14th, 6:00pm - 7:00pm Special Events
Analyzing the Ukrainian Power Grid Cyber-Attacks Jake Williams Monday, March 14th, 7:15pm - 9:15pm Keynote
Tuesday, March 15
Session Speaker Time Type
SSL & TLS Nuts, Bolts, and Best Practices Brian McHenry, Security Solutions Architect Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
Applying the Cyber Kill Chain to Enterprise Defense George Ressopoulos, Senior Security Consultant Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
Navigating Today's Threat Landscape Matt Hickey, Director, Sales Engineering Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
Improving the Threat Intelligence Management Process Trevor Welsh, Director of Sales Engineering Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
How to Become a SANS Instructor Eric Conrad Tuesday, March 15th, 12:30pm - 1:15pm Special Events
SANS Technology Institute Lunch and Learn Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
The PC-Malware Zoo: We Promise You Won't Like It Speaker: Paul Schofield, Director of Customer Experience Tuesday, March 15th, 12:30pm - 1:15pm Lunch and Learn
GIAC Program Reception Presented by Jeff Frisk Tuesday, March 15th, 6:15pm - 7:15pm Special Events
Using an Open Source Threat Model for Prioritized Defense James Tarala Tuesday, March 15th, 7:15pm - 8:15pm SANS@Night
Data Theft in the 21st Century Mike Poor Tuesday, March 15th, 7:15pm - 8:15pm SANS@Night
Making Awareness Stick Lance Spitzner Tuesday, March 15th, 7:15pm - 8:15pm SANS@Night
Next Gen Patch Management for Microsoft Windows - A Call for Improved Tools Jason Simsay - Master's Degree Candidate Tuesday, March 15th, 7:15pm - 7:55pm Master's Degree Presentation
The Current State of Cyber Security Justin Searle Tuesday, March 15th, 7:15pm - 8:15pm Special Events
Making Deception a Thing for Things Dr. Johannes Ullrich Tuesday, March 15th, 8:15pm - 9:15pm SANS@Night
Windows Exploratory Surgery with Process Hacker Jason Fossen Tuesday, March 15th, 8:15pm - 9:15pm SANS@Night
PKI Trust Models: Whom do you trust? Blaine Hein - Master's Degree Candidate Tuesday, March 15th, 8:15pm - 8:55pm Master's Degree Presentation
Wednesday, March 16
Session Speaker Time Type
Vendor Solutions Expo Wednesday, March 16th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Wednesday, March 16th, 5:30pm - 7:30pm Vendor Event
Smartphone and Network Forensics Goes Together Like Peas and Carrots Heather Mahalik and Phil Hagen Wednesday, March 16th, 7:15pm - 8:15pm SANS@Night
The Crazy New World of Cyber Investigations: Law, Ethics and Evidence Ben Wright Wednesday, March 16th, 7:15pm - 8:15pm SANS@Night
Enforcing Application Security Michael Matthee - Master's Degree Candidate Wednesday, March 16th, 7:15pm - 7:55pm Master's Degree Presentation
The 14 Absolute Truths of Security Keith Palmgren Wednesday, March 16th, 8:15pm - 9:15pm SANS@Night
Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show True Risk Beau Bullock Wednesday, March 16th, 8:15pm - 9:15pm SANS@Night
Intrusion Detection with PowerShell Michael Weeks - Master's Degree Candidate Wednesday, March 16th, 8:15pm - 8:55pm Master's Degree Presentation
Thursday, March 17
Session Speaker Time Type
Automating the Hunt for Attackers Dan Mitchell, Solutions Engineer Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Beyond Who is: See Threats Coming Steve Butt, Technical Sales Engineer Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Flipping the Economics of Attacks Etay Nir, Malware and Threat Intelligence CE Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Using Splunk to visualize Vulnerability data Jeff Leggett, Director, Cloud Services, API, and Integrations for Qualys Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Inventive and Productive Ways to Engage Employees on Cyber Skills Development Aaron Cohen, Director of Product Management Thursday, March 17th, 12:30pm - 1:15pm Lunch and Learn
Malware Analysis for Incident Responders: Getting Started Lenny Zeltser Thursday, March 17th, 7:15pm - 9:15pm SANS@Night
Card Fraud 101 G. Mark Hardy Thursday, March 17th, 7:15pm - 8:15pm SANS@Night
Custom Digital Forensics Tools in Python Evan Dygert Thursday, March 17th, 7:15pm - 8:15pm SANS@Night
Exploits of Yesteryear Are Never Truly Gone Marsha Miller - Master's Degree Candidate Thursday, March 17th, 7:15pm - 7:55pm Master's Degree Presentation
Debunking the Complex Password Myth Keith Palmgren Thursday, March 17th, 8:15pm - 9:15pm SANS@Night
Uncovering Indicators of Compromise (IoC) Using PowerShell, Event Logs, and Nagios Dallas Haselhorst - Master's Degree Candidate Thursday, March 17th, 8:15pm - 8:55pm Master's Degree Presentation