Symposium Replays

Led by IANS Faculty experts, our symposiums are half-day virtual and in-person deep dives of technical and operational information security topics. Symposiums are free of vendor presence and are open to IANS Decision Support clients and invited guests. These recordings represent the most popular symposium topics that we’ve produced this year.


Advancing Cloud Security: A Roadmap

with Mike Rothman, IANS Faculty

In this Virtual Symposium, Mike Rothman begins with an overview of the IANS/Securosis Cloud Security Maturity Model and then explores fresh guidance to improve SecOps and DevOps in the cloud, including:

  • How to build an automation framework for SecOps in the cloud
  • How to build a library of design patterns that development teams can use to develop stronger code in the cloud
  • How to know when you’ve reached the point where you don’t have to be involved because everything is being built into code and infrastructure


Effectively Leveraging MITRE ATT&CK

with Dave Kennedy, IANS Faculty

In this Virtual Symposium, Dave Kennedy begins with an overview of how the MITRE ATT&CK framework works and then delves into several key areas, including:

  • Its applications for purple teaming, threat modeling/hunting, tool selection, and vulnerability management
  • Sigma, Caldera and Red Canary – where they fit in
  • Commercial tools for attack simulation
  • Making MITRE ATT&CK part of your daily process


Security Learns to Sprint: DevSecOps

with Tanya Janca, IANS Faculty

In this Virtual Symposium, Tanya Janca argues that DevOps could be the best thing to happen to application security since OWASP – if developers and operations teams are enabled to make security a part of their everyday work. Tanya explains how to build security into each of "The Three Ways":

  • Automating and/or improving efficiency of all security activities to ensure we don’t slow down developers
  • Speeding up feedback loops for security related activities so that we fix the bugs faster and sooner
  • Providing continuous learning opportunities in relation to security, for both teams


Zero Trust Principles in Action

with Wolfgang Goerlich, IANS Faculty

In this Virtual Symposium, Wolfgang Goerlich breaks down Zero Trust principles into the basic components and addresses:

  • Establishing the need for Zero Trust and examining the risks that organizations face
  • How the landscape is changing for things like SIEM, SOAR, UEBA, SOAP and authentication protocols
  • Zero Trust and people, the risks it addresses, the journey to implement it, and metrics to measure success and drive the program forward
  • How to apply Zero Trust principles when managing IoT and other devices, including printers and those used for medical and manufacturing purposes

Tanya Janca

IANS Faculty

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Achievements & Noteworthy Contributions

  • Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday
  • 2019 Hacker of the Year - CSWY Awards
  • CISO for 2015 Canadian General Election
  • 13.5 year’s service to the Canadian Public (Government)
  • Public Speaking Award - Algonquin College
  • Spoken and keynoted at security conferences, meetups and training events the world over
  • Currently authoring first book; Alice and Bob Learn Application Security

Certifications & Credentials

  • BA, Business Management – Malone University
  • CISSP – (ISC)2
  • Qualified Security Assessor (QSA) – PCI Security Standards Council
  • ISO/IEC 27001 Certified – ISO
  • GSEC – GIAC
  • Certificate Professional (OSCP) & Certified Expert (OSCE) – Offensive Security
  • Global Information Assurance Gold Certification
  • Microsoft Certified Solutions Expert (MCSE) – Microsoft

Hobbies & Fun Facts

Tanya is also a musician, has released 5 solo albums, plays guitar and drums and will sing karaoke any chance she gets.

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Achievements & Noteworthy Contributions

  • Former organizer of annual BSides and Converge conferences in Detroit
  • Former Senior VP of Strategic Security Programs at CBI, an information security solutions firm
  • Former VP of Consulting Services at VioPoint Inc., an information security consulting firm

Certifications & Credentials

  • CISSP - (ISC)2
  • Certified Information Systems Auditor (CISA) - ISACA

Jake Williams

IANS Faculty

Jake is the Founder, President, and Principal Analyst of Rendition Infosec, an information security consultancy. He also sits on the Vulnerability Review Board at Peerlyst, a startup social networking platform exclusively for security professionals. Jake is a prolific speaker and instructor on a variety of information security topics such as reverse engineering malware, memory forensics, threat intelligence, and advanced exploit development.

Achievements & Noteworthy Contributions

  • Two-Time Winner of the Annual DC3 Forensics Challenge
  • Speaker at information security conferences such as Black Hat, DEF CON, ShmooCon, RSA, and DC3
  • Designated a Master Computer Network Exploitation (CNE) Operator by the NSA
  • Former Vulnerability Analyst at US Department of Defense
  • Former Senior Systems Engineer at Dell Services

Certifications & Credentials

  • MSIA, Information Assurance –Capitol College
  • GSE, GSNA, GCFE, GREM, GCWN, GCIA, GCIH, GPEN, GCFA, GXPN, GSEC –GIAC

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Achievements & Noteworthy Contributions

  • Founding Member of the Penetration Testing Execution Standard (PTES)
  • Co-Author of Metasploit: The Penetration Testers Guide (2011)
  • Guest appearances on Fox News, CNN, CNBC, MSNBC, Huffington Post, Bloomberg, BBC, and other high-profile media outlets
  • Presenter at information security conferences such as Black Hat, RSA, DEF CON, ShmooCon, INFOSEC World, ISACA, ISSA, United Security Summit, INFOSEC Summit, Hack3rCon, BSides, and DerbyCon, which he co-created and expanded into DerbyCon Communities

Certifications & Credentials

  • BA, Business Management – Malone University
  • CISSP – (ISC)2
  • Qualified Security Assessor (QSA) – PCI Security Standards Council
  • ISO/IEC 27001 Certified – ISO
  • GSEC - GIAC
  • Certificate Professional (OSCP) & Certified Expert (OSCE) – Offensive Security
  • Global Information Assurance Gold Certification
  • Microsoft Certified Solutions Expert (MCSE) – Microsoft

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Achievements & Noteworthy Contributions

  • Author of The Pragmatic CSO, which details how technical security practitioners can thrive as a CISO
  • Spearheaded META Group’s initial foray into information security research
  • Founded and acted as President of Security Incite, an information security analyst firm
  • Founded SHYM Technology, a pioneer in the PKI software market
  • Held Marketing and Strategy positions at CipherTrust, TruSecure, and eIQ Networks

Certifications & Credentials

  • BS, Operations Research and Industrial Engineering – Cornell University

Hobbies & Fun Facts

Mike has been to 23 of the past 24 RSA Conferences. Of the 1000+ talks Mike has given over the years, he is most proud of the mindfulness talk he gave at RSA in 2014 (Google "Rothman RSA Neurohacking”).

 

Want to know more? Let us know how we can help you.

Success! Thanks for filling out our form! Loading animation

* Required Fields