Opening Keynote: Friday Oct 31 - 2:00 PM

Billy Rios & John Walton
Microsoft Pen Testers (Blue Hats)


The browser is our window to your secrets… and we’ve got mischievous eyes. As organizations push to increase the “richness” of online user experiences, they are also unwittingly increasing attack surface for organizations and their users. Join two of the best looking security researchers in the world as we dissect the current state of client side and web application security. We’ll dive into the gory details and demonstrate the impact of client side vulnerabilities, blended threats, and targeted attacks. We’ll cover everything from benign application vulnerabilities that gave college hopefuls a sneak peak on their admissions status, all the way to vulnerabilities used to steal your data and compromise your machine.

Billy Rios is a Security Engineer with Microsoft where he is helping to secure software used by millions of people across the world. Before joining Microsoft, Billy was a penetration tester for both VeriSign and Ernst and Young. As a penetration tester, Billy was hired by numerous organizations within the Fortune 500 to assess the effectiveness of their organization's security posture. Billy made his living by outsmarting security teams, bypassing security measures, and demonstrating the business risk of security exposures to executives and organizational decision makers. Before his life as a penetration tester, Billy worked as an Information Assurance Analyst for the Defense Information Systems Agency (DISA). While at DISA, Billy helped protect Department of Defense (DoD) information systems by performing network intrusion detection, vulnerability analysis, incident handling, and formal incident reporting on security related events involving DoD information systems. Before attacking and defending information systems, Billy was an active duty Officer in the United States Marine Corps. Billy has spoken at numerous security conferences including: Blackhat briefings, Bluehat, RSA and Hack in the Box. Billy holds a Bachelors degree in Business Administration, Master of Science degree in Information Systems, and is currently pursuing his Master of Business Administration.

John Walton is a Lead Security Engineer with Microsoft, where he spends his time code auditing, penetration testing and managing the Microsoft Online security team. Prior to joining Microsoft, John started a security consulting company, Penetration Technologies, specializing in application and infrastructure security and worked as Lead Security Engineer at Avaya. While at Avaya John built the Avaya Product Security Support Team, hacked every piece of Voice over IP (VoIP) equipment imaginable and helped develop VoIP encryption and security technology. Admittedly John is a self proclaimed computer security nut who rarely ponders anything else. He hold a Bachelors degree in Computer Science and is a Certified Information Systems Security Professional. While not working on security at Microsoft John spends his time security consulting for major financial and government institutions and occasionally finds time to sleep.