Gearing up for the New York Metro Forum, Part One – Sessions Overview

IANS’ 12^th annual NY Metro Information Security Forum is coming up next week, May 2-3, 2011 and we’re excited to announce some of the highlights. This year’s Forum will feature nine Faculty members – a few old and a few new – and five tracks from which participants can choose based on their role and responsibility within their organization. The tracks are:

• Information Assurance/Information Protection
• Security Organization/Security Leadership
• Security Operations
• Risk, Compliance & Privacy
• Application Security

Aaron Turner, long-time IANS’ Faculty and overall industry expert, will be facilitating sessions on information protection and mobile device management. Aaron’s “Information Protection in the Age of Wikileaks” roundtable will walk participants through various scenarios on how security organizations can leverage the attention Wikileaks has brought to data security in order to drive improvements in processes and technology. “How Mobility & Consumerization of IT Will Change Everything – Again,” will focus on what security organizations can do to best protect themselves as BYOD becomes the norm. Presented for the first time at an IANS Forum, “Data Control Effectiveness” is based on requests from IANS’ clients for help sorting through the noise of marketing materials and sales pitches from the security vendor community.

Aaron’s IFT, “Mobile Device Management: Haven’t We Seen This Movie Before?” is always one of the most heavily attended and will incorporate some of the new data Aaron is collecting (with the help of an IANS client survey); Aaron’s premise, “You cannot effectively manage that which you have not measured” plays heavily into this talk, as Aaron strongly advocates organizations get a firm grasp on what is happening with the data in/out/about their organization.

Diana Kelley, founder of and analyst at SecurityCurve, will co-present with Aaron at the NY Metro Forum. This is the first time Diana will be participating at an IANS Forum, but Diana’s work with our Enterprise Clients has already earned rave reviews so we expect the combination of their efforts to result in many new ideas and applications for participants!

Always entertaining and shrewd, Marcus Ranum is taking a new approach to his sessions at IANS’ Forums this year. Since IANS’ focuses on facilitating interactive discussion that drive collective insights, Marcus will lead scenario-based role-plays on “Building a Proactive Security Process” and “Security 2.0: The Proactive Security Organization.” In these sessions, participants will play the part of executives and managers – some IT, some other LoBs – of a fictional company wrestling with real-life organizational challenges. These sessions, rolled out at an earlier 2011 IANS Forum, unveiled both best and worst practices that attendees were able to take back and implement immediately at their own companies.

Marcus’s IFT, “In Search of the ‘Physical Laws’ of Computer Security” presents a highly charged opinion of why information security must change in order to be effective. Marcus, consistently recognized as one of computer security’s innovators and creative thinkers, urges security professionals to pay attention to detail and design rather than turn computer security into an intellectual discourse.

Any of you who know Dave Shackleford know he is high energy and high intensity all the time! Dave (or “Shack” to those who know him well) is a SANS instructor in addition to running his own security consultancy and participating as IANS Faculty and therefore leads his roundtables with a keen focus on participatory learning. Participants will come away from Dave’s sessions on “Data Security Aggregation and Evolution,” “Next Generation Security Operations,” “The Changing Role of Security Operations,” and his IFT on “Leveraging the Cloud Securely” with actionable and tangible insights. A former QSA, pen tester, CSO, CTO, and network architect, Dave’s sessions are a perfect fit for those who want to “get their hands dirty” by digging into the “how” and “why” security teams are evolving, what protections and controls can be put in place to better secure an organization, which tools and measurements really work and which ones are CYA, and how to best think about the risks and rewards of new technologies like cloud computing and virtualization. Come prepared to talk at these sessions because it’s very hard to hide at a Dave Shackleford roundtable discussion….

Legal expert Randy Sabett, a practicing attorney with SNR Denton and an IANS Faculty member, brings a legal perspective to safeguarding your enterprise and the information contained therein. Formerly a cryptographic engineer, Randy also intimately understands the challenges placed on the end user by introducing new technologies, processes, and people into an organization. In his interactive session on “Strategy 2.0: Anticipating Legislation, Mitigating Risk,” Randy walks participants through the implications of the new and always changing Cyber Security legislation coming out of Capitol Hill. In his roundtable on “Legal and Security Implications in the Cloud,” Randy puts legal context around moving data outside the company firewall. In “Who’s There? The Authentication Explosion and its Legal Ramifications,” participants will discuss best practices for providing multi-tiered user authentication across employees and platforms.

In his new IFT, developed entirely on the feedback and direction of attendees at past IANS Forums, Randy will be leading discussion on “Privacy and Security: Achieving Balance in an Ever-Changing World of Social Networks, Terrorism & Cyberattacks.” Privacy and security are inextricably linked yet often oppose each other. Come hear Randy’s thoughts on how to maintain privacy (in legal terms) and simultaneously provide products and services to your organization that do not introduce vulnerabilities.

The 5^th track at our NY Forum will be lead by Josh Corman, Research Director of the 451 Group's Enterprise Security Practice. Josh will be facilitating three roundtable discussions on Application Security: “Mapping the AppSec Battlefield,” “Building & Buying Better Software,” and “Defining & Measuring Successful AppSec and OpsDev.” To each of these sessions attendees should come prepared to share their experiences, but will also learn from Josh’s many years in the industry and interactions with enterprise security teams how to map the assets, challenges, landmines, and best practices for secure development.

In his IFT, Josh will present his highly-rated “Metrics are Bunk!? – The Zombie Apocalypse, Baseball & Security Metrics” talk which tackles the age-old questions of what to measure, how to measure, and how to use what you’ve measured to effectively protect your organization.

 If you think this is a lot to take in – just wait until the Forum! We have more! Tomorrow we will be providing details on the keynote presentations and CISO track. Hopefully you are getting excited for the Forum next week! If you haven’t registered yet, hurray – space if filling up! Register now: http://www.iansresearch.com/forums/splash.html?forum_id=57#p=main

Katherine Teitler is the Director of Research at IANS. In this role, Katherine develops the Forum Curriculum by working with the IANS Faculty and Steering Committee to create a compelling, relevant event for all levels or information security professionals.