IANS Faculty Presence at RSA 2019

Check out the IANS Faculty members who will be speaking at RSA this year! Their sessions topics include but are not limited to IoT, DevSecOps, ML, Cloud Migration, Cloud Security Architecture, Mobile Security, and Threat Modeling.

Shannon Lietz

Release Your Inner DevSecOp

March 5, 2019 | 3:40 PM – 4:30 PM


Your Ideal Victim Is My Hero

March 6, 2019 | 1:30 PM – 2:20 PM


Three Things the Security Industry Isn’t Talking About (but Should Be)

March 7, 2019 | 4:00 PM – 4:25 PM

Jennifer Minella

2028 Future State: Long Live the Firewall?

March 5, 2019 | 1:00 PM – 1:50 PM
Moscone West 3001

Rich Mogull

Rich Mogull

Lift and Shift, Don’t Lift and Pray: Pragmatic Cloud Migration Strategies

March 5, 2019 | 2:20 PM – 3:10 PM


Gathering:
Disaster Recovery Breakfast:
Is that you Caesar?

March 7, 2019 | 8:00 AM – 11:00 AM
Metreon

Davi Ottenheimer

Davi Ottenheimer

Top 10 Security Disasters in ML: How Laurel and Yanny Replaced Alice and Bob

March 8, 2019 | 9:50 AM – 10:40 AM

Marcus Ranum

Marcus Ranum

2028 Future State: Long Live the Firewall?

March 5, 2019 | 1:00 PM – 1:50 PM
Moscone West 3001

Mike Rothman

Mike Rothman

Gathering:
Disaster Recovery Breakfast:
Is that you Caesar?

March 7, 2019 | 8:00 AM – 11:00 AM
Metreon

Richard Seiersen

Richard Seiersen

Judge:
RSAC Innovation Sandbox Contest

March 4, 2019 | 1:30 PM – 4:30 PM
Marriott Marquis (Yerba Buena Ballroom)


The Metrics Manifesto

March 5, 2019 | 1:00 PM – 1:50 PM


Gathering:
CISO Manifesto: The Future of Security Metrics (Private Dinner)

March 3, 2019 | 6:00 PM – 9:00 PM
Four Seasons Private Den

Dave Shackleford

Dave Shackleford

A Cloud Security Architecture Workshop

Mar 5, 2019 | 1:00 PM – 1:50 PM

Adam Shostack

Adam Shostack

2028 Future State: Long Live the Firewall?

March 5, 2019 | 1:00 PM – 1:50 PM
Moscone West 3001


How to Measure Ecosystem Impacts

March 7, 2019 | 1:30 PM – 2:20 PM
Moscone West 2011


Threat Modeling in 2019

March 8, 2019 | 8:30 AM – 9:20 AM
Moscone South 205

James Tarala

James Tarala

Developing Key Performance Indicators for Security

March 8, 2019 | 9:50 AM – 10:40 AM


SANS: Critical Security Controls: Planning, Implementing and Auditing

March 3, 2019 | 9:00 AM – 5:00 PM


SANS: Critical Security Controls: Planning, Implementing and Auditing

March 4, 2019 | 9:00 AM – 5:00 PM

Kelli Tarala

Kelli Tarala

SANS: Critical Security Controls: Planning, Implementing and Auditing

March 3, 2019 | 9:00 AM – 5:00 PM


SANS: Critical Security Controls: Planning, Implementing and Auditing

March 4, 2019 | 9:00 AM – 5:00 PM

Aaron Turner

Aaron Turner

Anatomy of an Enterprise Mobile Security Incident

March 6, 2019 | 1:30 PM – 2:20 PM


Using High-Entropy Encryption for Enterprise Collaboration

March 7, 2019 | 1:30 PM – 2:20 PM


Anatomy of an Enterprise Mobile Security Incident (Repeat)

March 8, 2019 | 8:30 AM – 9:20 AM

Meet up with other IANS Faculty:

raffy-marty
Raffael Marty

Mike Saurbaugh
Mike Saurbaugh

Sunday, March 3, 2019

9:00 AM – 5:00 PM

SANS: Critical Security Controls: Planning, Implementing and Auditing

with James Tarala and Kelli Tarala
6:00 PM – 9:00 PM

Gathering: CISO Manifesto: The Future of Security Metrics – Private Dinner

with Richard Seiersen | Four Seasons Private Den

Monday, March 4, 2019

9:00 AM – 5:00 PM

SANS: Critical Security Controls: Planning, Implementing and Auditing

with James Tarala and Kelli Tarala
1:30 PM – 4:30 PM

Judge – RSAC Innovation Sandbox Contest

with Richard Seiersen | Marriott Marquis (Yerba Buena Ballroom)


Wednesday, March 6, 2019




 

Faculty Bios

Faculty Directory

Josh Corman

IANS Faculty

Joshua Corman is a Founder of I am The Cavalry (dot org) and Director of the Cyber Statecraft Initiative for the Atlantic Council. Corman previously served as CTO for Sonatype, Director of Security Intelligence for Akamai, and in senior research & strategy roles for The 451 Group and IBM Internet Security Systems. He co-founded @RuggedSoftware and @IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He also serving as an adjunct faculty for Carnegie Mellon’s Heinz College and on the 2016 HHS Cybersecurity Task Force.

Shannon Lietz

IANS Faculty

Shannon Lietz is an award-winning security innovator and leader experienced in developing emerging security programs for Fortune 500 companies, including Intuit, ServiceNow, Sony, Sempra, Savvis, Cable & Wireless, 99 Cents Only, Exodus, and Bank of America, among others internationally. She received the Scott Cook Innovation Award in 2014 for developing and cultivating a world-class cloud security program for protecting sensitive data in AWS. Lietz is currently the Director of DevSecOps at Intuit responsible for driving the company’s Cloud Security Strategy and Program in support of corporate innovation. She has previous experience as a Master Security Architect, an Entrepreneur, and often volunteers to educate on security topics. Lietz is a passionate DevSecOps and Rugged Evangelist.

Raffael Marty

IANS Faculty

Raffael Marty is chief research and intelligence officer at Forcepoint. He brings more than 20 years of cybersecurity industry experience across engineering, analytics, research, and strategy to the company. Marty leads Forcepoint X-Labs, a specialized group that is dedicated to behavior-based security research and developing predictive intelligence to differentiate Forcepoint's human-centric product portfolio.

Prior to Forcepoint, Marty ran security analytics for Sophos, a leading endpoint and network security company, launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. Additionally, Marty held key roles at IBM Research, ArcSight and Splunk and is an expert on established best practices and emerging innovative trends in the big data and security analytics space. Marty is one of the industry's most respected authorities on security data analytics, big data and visualization. He is the author of Applied Security Visualization and is a frequent speaker at global academic and industry events.

Marty holds a master's degree in computer science from ETH Zurich, Switzerland and is a student of the Japanese tradition of Zen meditation.

Jennifer Minella

IANS Faculty

Jennifer has more than 15 years of experience working in various areas of the technology industry. She has received many awards including Tech Woman of the Year 2014 NCTA, Top Ten Power Players: Women in Security 2014 SC Magazine, and Top Influencers in Security 2015. In addition to being an author of the (ISC)2 Official CISSP Courseware, Jennifer is also a cover co-author of "Low Tech Hacking". Jennifer is the VP of Engineering and Consulting CISO with Carolina Advanced Digital, Inc. Jennifer also consults for a variety of government agencies, educational institutions and Fortune 100 and 500 corporations. In her free time, she enjoys painting, reading, and competitive ballroom and swing dancing.

Rich Mogull

IANS Faculty

Rich Mogull has 20 years of experience in information security, physical security and risk management. He specializes in cloud security, application security, security automation, security management and data security. Prior to founding Securosis, Rich was a Research VP at Gartner on the security team where he also served as Research Co-Chair for the Gartner Security Summit. Rich has worked as an Independent Consultant, Web Application Developer, Software Development Manager at the University of Colorado, and Systems and Network Administrator. Rich is the Security Editor of TidBITS, a monthly columnist for Dark Reading. He is a frequent industry speaker at events including the RSA Security Conference and DEFCON, and has spoken on every continent except Antarctica. A University of Colorado graduate with a degree in history, Rich's interests outside of information security include martial arts and triathlons.

Davi Ottenheimer

IANS Faculty

Davi Ottenheimer is a security executive, board member and founder who has led global teams in developing and managing secure systems for more than twenty years. Currently he is working on product security at mongoDB making big data secure, IoT safe and AI trusted. Davi is also a recognized strategist and author specializing in cyber defense ethics and safely navigating the cultural disruptions of emerging technology. He co-authored in 2012 a cloud security book “Securing the Virtual Environment: How to Defend the Enterprise Against Attack” and is author of the upcoming book "Realities of Securing Big Data". Davi is a frequent top-rated public speaker and in 2018 he established the Excellence in Humanitarian Service Award at the RSA Conference; inaugural award was for building and managing resilient encryption systems that were instrumental to ending South African Apartheid. While serving as a Dedicated Paranoid at Yahoo! and responsible for managing security for hundreds of millions of mobile, broadband and digital home products, he invented an ephemeral authentication system for IoT that is in ubiquitous use today. An expert in governance, assessments, audit and compliance leadership Davi was a qualified PCI DSS and PA-DSS assessor (QSA and PA-QSA) for 7 years, and former Board Member for the Payment Card Industry Security Alliance and the Silicon Valley chapters of ISACA and OWASP. He received his postgraduate academic Master of Science degree in International History from the London School of Economics.

Marcus Ranum

IANS Faculty

Marcus has more than 25 years of experience within Information Security and is a world-renowned expert on security system design and implementation. Currently, Marcus is an independent consultant and technology advisor to start-ups and large enterprises. He is recognized as an innovator in firewall technology and the implementer of the first commercial firewall product. Marcus has designed a number of security products including DEC SEAL, TIS firewall toolkit, Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. Marcus holds several industry awards including ISSA fellowship. In his spare time Marcus likes to be playing strategy games, taking photos, making soap, woodworking, or forging swords.

Mike Rothman

IANS Faculty

Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.

Mike Saurbaugh

IANS Faculty

Mike is the Director of Technical Alliances with Cofense, (formerly, PhishMe). Prior to Cofense, Mike spent nearly two decades in financial services and was the head of information security for 12 years as well as having led IT operations. Mike was involved from the onset with Security Current when it launched and served as the research director leading a number of strategic projects for global security vendors and CISOs. Also, Mike is a mentor with Queen City Fintech, in Charlotte, NC, and has a security consulting LLC where he conducts independent advisory and risk assessment engagements. Mike holds a Master's of Science in Information Assurance from Walsh College and is a member of two college information security curriculum advisory committees. In his free time, he loves to spend time with his wife and two daughters, workout, drive his Jeep Wrangler, and cook for those who love great food and drinks.

Richard Seiersen

IANS Faculty

Richard is a security executive with ~20 years experience ranging from start-ups to global organizations. He is currently the SVP and CISO at Lending Club. He was most recently the CISO/VP of Trust for Twilio and formerly the VP/GM Cybersecurity and Privacy for GE Healthcare. His background is in Information Security, Digital Risk Management and Product Development with an analytics bent. His current focus is developing quantitatively informed strategies, building agile teams that scale and making digital risk measurable. Likewise, he recently co-authored a decision analysis book called "How To Measure Anything In Cybersecurity Risk" (Wiley 2016) This book targets those looking to improve risk management strategies using predictive analytics.

Dave Shackleford

IANS Faculty

Dave is Lead Faculty at IANS. He is the Founder and Principal Consultant with Voodoo Security, and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book "Virtualization Security: Protecting Virtualized Environments", leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

Adam Shostack

IANS Faculty

Adam is a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped found the CVE and many other things. He's currently helping a variety of organizations improve their security, and advising and mentoring startups as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of Threat Modeling: Designing for Security and the co-author of The New School of Information Security.

John Strand

IANS Faculty

John is the Owner of Black Hills Information Security (BHIS), and has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. John is also an instructor and course author of BlackHat's "Active Defense, Offensive Countermeasures, and Hacking Back" and the SANS Institute's "Hacker Tools, Techniques, Exploits and Incident Handling" classes. John is co-author of the" Offensive Countermeasures: The Art of Active Defense" book and is a contributor to the industry shaping Penetration Testing Execution Standard and 20 Critical Controls frameworks. He leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development at BHIS. He is a dynamic speaker at conferences worldwide. In his spare time, he co-hosts the Hack Naked TV and Security Weekly podcasts.

James Tarala

IANS Faculty

James Tarala is a principal consultant with Enclave Security based out of Venice, Florida and has spent the past 20 years providing security consultation and services to large enterprises and government agencies, both inside the US and internationally. Over the past few years, he has served as a lead technical editor for the Center for Internet Security’s Critical Security Controls and has had the privilege of assisting on the development of the Critical Security Controls and chairing task panels for the Center for Internet Security. He is also a senior analyst, author, and instructor with the SANS Institute. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures. He works regularly with organizations to assist them in their security management, governance practices, and regulatory compliance issues and regularly performs independent security assessments and assists enterprises in developing their internal security control programs.

Kelli Tarala

IANS Faculty

Kelli K. Tarala (Twitter: @KelliTarala) is a principal consultant and co-founder of Enclave Security. As a security architect and project manager with over 20 years of experience, she specializes in IT audit, governance, and information assurance strategies. Over the past few years, she has served as a one of the lead technical editors for the Center for Internet Security’s Critical Security Controls and has had the privilege of assisting on the development of the Critical Security Controls and chairing task panels for the Center for Internet Security. She is a courseware author for the SANS Institute as well as the lead author for many of the governance resources and creator of tools at AuditScripts.com. She has completed graduate work at the University of Wisconsin Madison and holds multiple professional certifications.

Aaron Turner

IANS Faculty

Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.


How can you engage with our Faculty?

We deliver what CISOs and their teams need most: unbiased, practical advice; the ability to speak with professionals who understand their challenges; and peer interaction to keep their knowledge and skills fresh and up-to-date.

  • Decision Support

    End-User Decision Support is our flagship offering delivered through an annual subscription service designed for CISOs and their teams. IANS connects you with independent experts and practitioners who have 'been there, seen it, and done it,' enabling you to accelerate your capabilities and make informed decisions.

    Learn More
  • Consulting

    We work with you to shape engagements and provision them with the right IANS Faculty experts. Your project will never be staffed with junior level consultants. Our expertise is built from hands-on experience. We staff your project with doers who recommend actions, and then help you take them.

    Learn More
  • Events

    Our events feature IANS Faculty members who offer a breadth of in-the-weeds advice and high-level guidance for the entire security team. Designed for you to engage with like-minded security professionals in a supportive environment, you’ll learn from a variety of industry approaches and use cases.

    Learn More

Success! Thanks for filling out our form!

* Required Fields