Stephen Cox

Vice-President and Chief Security Architect; SecureAuth
Stephen Cox is a technology veteran with nearly 20 years in the IT industry, including more than 10 years leading cybersecurity software development teams. A key player in some of the most influential IT security firms in the world, he is recognized as an expert in identity, network and endpoint threat detection, as well as an accomplished software architect.

As Vice President and Chief Security Architect at SecureAuth, Stephen is helps drive the strategy, vision and development for the company’s products and solutions. Prior to SecureAuth, Stephen worked at FireEye/Mandiant, RSA, VeriSign, Northrop Grumman and America Online. He holds a Master of Science in Software Engineering and a Bachelor of Science in Integrative Studies, both from George Mason University.

Stephen's Sessions


Tuesday, June 25
10:30 - 11:20 am
Monroe
SecureAuth Masterclass: What passwordless technology can learn from American Prohibition
During most of the 20th century passwords conjured up visions of someone requesting access to a speakeasy during American prohibition where alcohol was served. However, threatened or drunk patrons often gave up passwords easily and easy-to-guess passwords often compromised an illicit bar, unless the doorman knew and recognized the patron. Today’s cybersecurity has the same issues those early speakeasy’s did. Recent research confirms passwords are the weakest link in cybersecurity: 81% of Americans reuse passwords. “123456” and “password” are the most popular. 40% of enterprise assets are protected only by a password. Passwordless authentication protects against phishing attempts and minimizes the threat of stolen credentials, because passwords are no longer be needed. While passwordless technology is a fledgling solution currently being developed by a multiple vendors, it generally combines: • Multi-layered risk analysis that evaluates location, devices, access rights and typing sequences • Intricate yet convenient 2FA/MFA methods • Biometrics and hardware authentication keys The presentation will provide a technical overview of passwordless technology and will include a demonstration highlighting passwordless and risk-based adaptive authentication technologies. It will also include an in-depth discussion on adaptive risks checks and machine learning, and how they can be used to determine if a step up is needed – even when standards like FIDO2 and Web Authentication are implemented – in order to strengthen security and reduce user friction.

Friday, June 28
8:30 - 9:20 am
Monroe
SecureAuth Masterclass: What passwordless technology can learn from American Prohibition
During most of the 20th century passwords conjured up visions of someone requesting access to a speakeasy during American prohibition where alcohol was served. However, threatened or drunk patrons often gave up passwords easily and easy-to-guess passwords often compromised an illicit bar, unless the doorman knew and recognized the patron. Today’s cybersecurity has the same issues those early speakeasy’s did. Recent research confirms passwords are the weakest link in cybersecurity: 81% of Americans reuse passwords. “123456” and “password” are the most popular. 40% of enterprise assets are protected only by a password. Passwordless authentication protects against phishing attempts and minimizes the threat of stolen credentials, because passwords are no longer be needed. While passwordless technology is a fledgling solution currently being developed by a multiple vendors, it generally combines: • Multi-layered risk analysis that evaluates location, devices, access rights and typing sequences • Intricate yet convenient 2FA/MFA methods • Biometrics and hardware authentication keys The presentation will provide a technical overview of passwordless technology and will include a demonstration highlighting passwordless and risk-based adaptive authentication technologies. It will also include an in-depth discussion on adaptive risks checks and machine learning, and how they can be used to determine if a step up is needed – even when standards like FIDO2 and Web Authentication are implemented – in order to strengthen security and reduce user friction.

Enter your details to receive email updates from Identiverse