Voodoo Security has published a wide variety of papers and articles, and our consultants have also spoken at numerous industry conferences. The following list includes links to some of the work we’ve done and talks we’ve given.
Papers and Articles
“An introduction to Virtualization Security”
Dave Shackleford
“Virtual Certainty: Virtualization Security” [PDF]
Feature article: Information Security magazine, March 2011
“Security in Virtualization: IDS/IPS Implementation Strategy”
Tech Tip: Searchsecurity.com, March 2011
“Choosing Smartphone Encryption Software”
Tech Tip: Searchsecurity.com, June 2010
“Laptop Lockdown” [PDF]
Feature article: Information Security Magazine, June 2010
“5 Steps for Developing Strong Change Management Program Best Practices”
Feature article: Information Security Magazine, May 2008
SANS Analyst Program: The Log Management Industry 2005- An Untapped Market
(with Stephen Northcutt, Jerry Shenk, and Leonard Ong)
SANS Analyst Program: The Log Management Industry 2006- An Untapped Market
(with Stephen Northcutt, Jerry Shenk, and Leonard Ong)
SANS Analyst Program: Penetration Testing: Assessing Your Overall Security Before Attackers Do
(with Stephen Northcutt, Jerry Shenk, Tim Rosenberg, Raul Siles, and Steve Mancini)
SANS Analyst Program: Using Security Information Management Systems for PCI Compliance
SANS Analyst Program: Regulations and Standards: Where Encryption Applies
SANS Analyst Program: Leveraging Event and Log Data for Security and Compliance
SANS Analyst Program: Monitoring Security and Performance on Converged Traffic Networks
SANS Analyst Program: Real-time Adaptive Security (Sourcefire)
Conference Presentations
“A Brief History of Hacking”
With: Andrew Hay
Security B-Sides San Francisco 2011, February 15, 2011
“State of the Scape: The Modern Threat landscape and Our Ability to React Intelligently”
With: Will Gragido, Josh Corman, Marc Eisenbarth, HD Moore, Alex Hutton, Caleb Sima
Security B-Sides San Francisco 2011, February 15, 2011
“Testing Exfiltration: Recreating Outbound Evil”
With: Rick Hayes
Security B-Sides Atlanta 2010, October 8, 2010
“Happy Little Clouds: Governing, Auditing, and Assessing Cloud Environments”
Keynote: Dave Shackleford
SANS Virtualization and Cloud Computing Summit 2010
“PCI: Compromising Controls and Compromising Security”
With: Jack Daniel, Alex Hutton, Josh Corman, Martin McKeay, James Arlen, Anton Chuvakin
DEFCON 2010, Las Vegas, NV
“Securing the Virtual Data Center (on Earth and on Clouds)”
With: Alessandro Perilli, Dave Shackleford, Michael Berman, Christofer Hoff
Virtualization Congress 2009 (at Citrix Synergy)
“Defending & Deconstructing Virtualization Security Best Practices”
With: Chris Farrow, Chris Hoff, Rob Randell
RSA 2009, San Francisco, April 22, 2009
“Securing Virtualization: CIS Consensus Benchmark”
With: Chris Farrow and Dennis Moreau
RSA 2008, San Francisco, April 4-7, 2008