The evolution of Security and Risk Management has progressed considerably since the days when a “Firewall” was considered “Security”. Today’s trends involve a greater focus on Risk Management as a corporate function that extends well beyond computers and IT, and extends into the Board Room, into business operations, and is inclusive in its needs. This talk will discuss new models of governance and oversight, new roles that have been taken up by Chief Security Officers, how the process of inclusion has raised awareness and participation in the Security and Risk Management process, and how new operational models have strengthened company’s resilience. The talk will discuss new models of governance that include stakeholders from multiple areas of the business, approaches to awareness that create higher levels of participation and success, methods to improve efficiencies in security operations, and organizational structures that include key risk management personnel in the process. Exploit or Exception? Jared DeMott N/A N/A One of my former students said to me, "...the hardest part I find about the job [bug hunting primarily via fuzzers] is identifying what my exceptions are, what causes them, and rather or not they're interesting ..." It turns out this is a bit challenging, particularly if you're new to the world of reverse engineering, debugging, low level exploit development, and such. This talk will walk through examples of fuzzers finding real bugs in software like QuickTime and exploring, technically, rather the bug is "interesting" or not.