<p>Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. They need to adapt to life in the cloud, and this session will explore how to get there. Issues addressed include:</p><div class="hung_list"><ul><li>How an old-world SOC differs from one in the cloud</li><li>Changes you need to make with your SOC</li><li>How to make that transition without dropping the ball in either world</li><li>Skills that need to be picked up in the new cloud-based SOC</li><li>Examples of cloud detection and response</li></ul></div>

Adapting the SOC to a Cloud Environment

<p>Jake Williams (aka MalwareJake) is a seasoned security researcher with decades of experience in the technology and security. Jake is a former startup founder, former senior SANS instructor and course author, and an intelligence community and military veteran. He loves forensics, incident response, cyber threat intelligence, and offensive methodologies. Today, Jake is an IANS faculty member, an independent security consultant, and is performing security-focused research to benefit the broader community. He has had the honor of twice winning the DoD Cyber Crime Center (DC3) annual digital forensics challenge. You may also know Jake from one of his many conference talks, webcasts, media appearances, or his postings&nbsp;about cybersecurity.</p>

<p>Come join us as we welcome you to the Forum.</p>

IANS Welcome & State of the Industry

<p>Your Red Team does one thing, your Blue Team does the other, and they don&rsquo;t talk. Companies struggle to get them on the same page and achieve the true value of these exercises. What to do? This session will explore:</p><div class="hung_list"><ul><li>The most valuable KPIs to use for these activities</li><li>How to use automation testing to test the effectiveness of a response during an exercise</li><li>How to leverage balanced scorecards for direct tracking of capabilities</li></ul></div>

Bringing Red/Blue/Purple Teaming into Balance

<p>Tim is A Principal Consultant and Founder at Red Siege, an 
information security company focused on adversary emulation and 
penetration testing. He also serves as the MSISE Program Director, 
Course Author, and Principal Instructor at the SANS Institute.</p>

<p>Fortune 1000 organizations have a complex legacy of platforms, software and networks, and there&rsquo;s no single playbook to move it all to a new platform because each piece of infrastructure is so different. But there are ways to achieve success. This
    session will show you how by addressing:</p><div class="hung_list"><ul><li>The proper sequence of events?</li><li>Problems to expect in different industries and from different data types</li><li>Regulatory considerations</li><li>Tools of note</li><li>How Hashicorp and the Shared Responsibility Model can help</li></ul></div>

Achieving Cloud Migration

<p>Dave is the Founder and Principal Consultant with Voodoo Security, an 
information security consulting firm with broad expertise. He is also a 
Senior Instructor, Analyst, and Course Author for the SANS Institute and
 a VMware vExpert with extensive experience designing and configuring 
secure virtualized infrastructures. In addition, Dave has served as 
Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group 
and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of
 organizations in the areas of security, regulatory compliance, network 
architecture, and engineering. He has also worked as a security 
architect, analyst, and manager for several Fortune 500 companies.
</p>

Morning Roundtable How-To Sessions

<p>IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
                                                    </p>

Tabletop Break

Tabletop Break 2

<p>Companies still struggle to secure personal devices on the company network. They need examples and case studies of how others have successfully (and unsuccessfully) done it. This session explores:</p><div class="hung_list"><ul><li>How to develop a threat model for all types of personal devices</li><li>How to you approach data protections on devices without traditional security controls</li><li>Who owns the endpoint? Does it matter anymore?</li><li>The differences between iOS vs. Android</li><li>Is ZeroTrust enabling secure BYOD procedures or preventing it?</li></ul></div>

Mobile Device Management: Case Studies of Success and Failure

<p>Ken is the President and Principal Consultant of KRvW Associates, 
LLC, an independent information security consulting company, and a 
Visiting Scientist at Carnegie Mellon University. He has held executive 
and senior technologist positions at Tekmark,
    Para-Protect, Science Applications International Corporation (SAIC),
 the U.S. Department of Defense, Carnegie Mellon University, and Lehigh 
University. Ken is a frequent speaker at technical conferences, and has 
presented papers and training for CSI,
    ISF, USENIX, FIRST, CERT, among others.</p>

Tabletop Break 1

<p>Ransomware continues to be a significant problem for many organizations, and it has shown a ferocious ability to evolve. One reason is ransomware as a service, where people with little skill can buy ransomware-making kits online. This session explores:</p><div class="hung_list"><ul><li>Ways ransomware has evolved in the last 6-12 months</li><li>What ransomware as a service looks like and why it&rsquo;s such a problem</li><li>What vendors are doing to get ahead of the bad guys</li></ul></div>

The Changing Face of Ransomware

<p>Companies struggle with how to secure Office 365 apps that come from multiple online marketplaces, from the MS Store to MS Teams and a variety of third-party app stores. This session will explore:</p><div class="hung_list"><ul><li>How to confirm the security levels of various apps</li><li>Specific validation techniques for MS App Store, Teams Store and others</li><li>Warning signs that an app is problematic and shouldn&rsquo;t be downloaded</li><li>Advice the security team can give employees on what to watch out for</li></ul></div>

Email in the Cloud: Stress Testing Office 365 Apps

<p>John is the Owner of Black Hills Information Security (BHIS) where he
 leads the Hunt Teaming, Command &amp; Control (C2)/Data Exfiltration 
and Pivot testing development. He is also a SANS Institute Senior 
Instructor. In these roles, John has both consulted
    and taught hundreds of organizations in the areas of security, 
regulatory compliance, and penetration testing.</p>

<p>Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.</p>

Technology Spotlight Group 2

Technology Spotlight Group 2-2

<p>Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.</p>

Registration & Breakfast

<p>Companies still struggle to get developers and security on the same page. They need case studies to show them where and how DevSecOps successes have happened. To that end, this session explores:</p><div class="hung_list"><ul><li>Case studies of DevSecOps done right</li><li>How to measure your maturity for DevSecOps -- Phase 1 to Phase 5, for example</li><li>How to put the &ldquo;Shift Left&rdquo; DevSecOps workflow in place</li><li>How DevSecOps leads to more secure cloud deployments</li><li>How to use DevSecOps to improve security in IoT technology when they are at the development stage</li></ul></div>

DevSecOps Business Cases

<p>Attackers are targeting people, not systems.&nbsp;In order to protect people, it is important to be able to quantify risk and reduce the attack surface. This session will touch on how to analyze, assess, and quantify &lsquo;people risk&rsquo; based on real world data. Ashan will touch on some key trends seen in different verticals and discuss who is being attacked and how.&nbsp;Finally, he will talk about techniques to reduce risk through compensating controls.</p><p>&nbsp;</p>

Lunch & Sponsor Keynote: Protecting Your Enterprise with People-Centric Analytics

 Ashan Willy leads Proofpoint’s field technical services worldwide. He is responsible for the strategy and direction of Proofpoint’s technical go to market and support and service functions associated with the portfolio. Ashan is active with Proofpoint’s global customer base, industry partners, industry peers as he strives to protect people &amp; the information they create from a dynamic threat landscape. Prior to Proofpoint, he has more than 20 years of leadership experience in engineering, product management, worldwide strategy &amp; planning in global markets at companies like Webex, Juniper, Polycom and Cisco. Ashan holds a Master’s of Business Administration from Pepperdine University in California and a Bachelor of Science in Electrical Engineering from McMaster University in Ontario, Canada.

Lunch & Sponsor Keynote Address

Technology Spotlight Group 2-1

<p>Companies don&rsquo;t understand how blockchain works inside their security vendor offerings. This session will arm attendees with a stronger foundation by exploring:</p><div class="hung_list"><ul><li>The use cases around how blockchain enhances security</li><li>Blockchain-related products that are actually viable</li><li>How blockchain increase the efficacy of things like vulnerability management and SIEM</li><li>What CISOs should tell their exec stakeholders about blockchain</li></ul></div>

Blockchain: What Your Vendors Have and How to Use It

<p>Join Phil Gardner and Jeff Schilling, CISO of Epsilon/Conversant, for an interview on what it&rsquo;s like to be a CISO in today&rsquo;s fast-changing environment. Topics for their discussion will include:</p><div class="hung_list"><ul><li>Tell us your story. How did you get your CISO job?</li><li>Give us some examples of how your InfoSec team supports your business.</li><li>Share a mistake that you&rsquo;ve made. What did you learn?</li><li>How do you stay organized?</li></ul></div>

Keynote Interview: A Discussion with Jeff Schilling

<p>Jeff Schilling is the CISO of Epsilon/Conversant, leading&nbsp;a team of 80+ Information Security Professionals, providing cyber security and compliance services for the industry leading, data-driven marketing company with over 60 global offices and approximately 9,000 employees. &nbsp;&nbsp;He is a retired US Army Colonel with over 24 years of military experience in IT service management, product management and many CIO-type roles.&nbsp; In his last two capstone assignments in the military, Jeff ran the global cyber security operations centers at the Department of Defense and US Army enterprise level.&nbsp; Jeff’s previous role before joining Epsilon/Conversant was as the Chief Security Officer for a market leading cloud security company.&nbsp;&nbsp; Previous to that role, he was the Global Director of Incident Response and Forensic for a Gartner quadrant leading Manage Security Service Provider.&nbsp;&nbsp;</p><div></div>

Keynote: A Discussion with Jeff Schilling

<p>Companies do not know whether to do manual or automated web app pen testing, or to go with the hybrid approach. To help find answers, this session will explore:</p><div class="hung_list"><ul><li>How the hybrid approach marks an improvement over the traditional approach</li><li>The limits of an automation-only approach</li><li>What you need in a toolkit -- examples: PortSwigger&rsquo;s Burp Suite Pro (commercial), OWASP Zed Attack Proxy (open source)</li><li>The ideal testing methodology</li></ul></div>

Hybrid Web App Pen Testing

<p>Come network with your peers! Hors d'eouvres and cocktails will be served!</p>

Networking Reception

Technology Spotlight Group 1

Technology Spotlight Group 1-2

<p>Organizations want their SIEM to alert them in real time, but that&rsquo;s not happening. Instead, their SIEM only helps determine how a breach occurred after the fact. Practitioners have heard that UEBA and SOAR can be used to overcome the limits of their current SIEM set up, but they seek concrete answers about how it all works and what kind of training and investments are required. In this session, attendees will learn:</p><div class="hung_list"><ul><li>The specific actions they must take in order to fully understand where their SIEM is hitting the wall</li><li>A list of ways to tell if their MSSP is properly goaled/resourced/qualified to correlate and alert in real time</li><li>A clearer understanding of the small and well-defined situations AI/ML is best suited for</li></ul></div>

How to Fill SIEM Gaps with UEBA/SOAR

<p>Mike is the Chief Strategy Officer and GM of Techstrong. Formerly Mike served as President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.</p>

<p>Fortune 1000 problem: Companies spin up containers quickly, then set them loose with no security due diligence. It&rsquo;s a process problem as much as a technology issue.
Questions to address:</p>
<div class="hung_list">
<ul>
    <li>How can a company create a more deliberate process to determine when containers are necessary?</li>
    <li>What is some specific automation or orchestration tools? (Docker Swarm, Kubernates)</li>
    <li>How does one optimize such tools as AppArmor and SELinuxbecause to prevents a misconfiguration or bug at the container daemon level?</li>
    <li>What is Docker Notary and how can it add a layer of trust?</li>
    <li>What are some of the more recent attacks to exploit unsecured containers?</li>
</ul>
</div>

Getting Control of Container Security 

Afternoon Roundtable Workshop Sessions

<p>There are too many security vendors that have expanded offerings in a way that has created a lot of overlap and complexity within Fortune 1000 companies&rsquo; environments. This session will explore:</p><div class="hung_list"><ul><li>How to do an assessment and logically start pruning your stack</li><li>How one tool can replace several others without loss of functionality or controls coverage</li><li>The most important questions to ask your existing and prospective vendors in order to determine where the overlap exists</li><li>Specific examples of what you can kill?</li><li>Integrations between products that currently exist but are not being leveraged</li></ul></div>

Vendor Optimization: Thinning the Herd

Technology Spotlight Group 1-1

DAY 1

2019 Dallas Forum DAY 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.

Technology Spotlight Sessions Group 2

Technology Spotlight Sessions Group 2-1

<p>Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that&rsquo;s right. This session will explore:</p><div class="hung_list"><ul><li>Particular tools you should be using to create more automation</li><li>How to use automation to move through the flaw finding and patching process more quickly</li><li>Which companies have taken this to the next level</li><li>What they did to move past the struggle most still find themselves in</li><li>What the Vulnerability Management Process Workflow is and how will it help</li><li>How can organizations can ensure data within their SQL Server, DB2 and Oracle databases are secure?</li><li>Besides Shodan, some other tools that will cast a wider net for vulnerabilities</li></ul></div>

Breaking a Failed Vulnerability Management Cycle

<p>Companies struggle enough with basic security tasks and don&rsquo;t truly know if deception/honeypots are worth trying or if they would provide the adequate ROI. To help them reach a better place, this session will explore:</p><div class="hung_list"><ul><li>What level of operational maturity one must have for honeypots/deception to make sense?</li><li>How to find balance when it comes to how many doors to leave open for snoopers and would-be thieves</li><li>The latest honeypot/deception technologies worth deploying</li><li>The management/technology overhang associated with them?</li><li>Buying versus building</li></ul></div>

Deception and Honeypots

Technology Spotlight Sessions Group 2-2

Technology Spotlight Sessions Group 1

Technology Spotlight Sessions Group 1-2

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

<p>Securing the cloud is fundamentally different from how it&rsquo;s done on-premises, yet there are very few guidebooks or clear methods to ensure adequate protection. This session will take you to the next level by exploring:</p><div class="hung_list"><ul><li>The Securosis/IANS Cloud Security Maturity Model</li><li>The difference between being a cloud native and a cloud tourist</li><li>Best practices to set up a secure cloud environment</li><li>How serverless functions enable continuous cloud security</li><li>How to implement guardrails around your Cloud</li></ul></div>

The Cloud Security Maturity Roadmap

<p>Companies struggle to find a successful recipe for their security culture and need a concrete example of what another company has done to get it right. This session will offer:</p><div class="hung_list"><ul><li>A case study for a company that has succeeded in growing a true security culture</li><li>Three things you can do to change that trajectory and actually make your program effective</li><li>Ways to expand the team with non-traditional security staff (i.e. ambassadors/champions)</li></ul></div>

Case Study: Building a Better Security Culture

Closing Ceremonies

Incident response is one of those things that doesn't matter until it does. While it's easy to justify building an initial IR capability, it's often difficult to understand whether your IR team is mature, how mature they are, and what you need to do to mature the capability. In this talk, Jake will cover actionable steps you can take to quickly and effectively mature your incident response program.

IANS Faculty Keynote: Maturing Your Incident Response Team

IANS Faculty Keynote

<p>Cryptojacking malware and crypto mining are eating AWS resources, tying up CPU capacity and costing money. This session will help you fight back by exploring:</p><div class="hung_list"><ul><li>How to tell if cryptomining malware is in the system</li><li>How to get the malware out of your systems</li><li>How to keep it out</li><li>The most prolific cryptocurrency-based attacks targeting companies</li><li>How this malware differs from others, such as worms, ransomware and Trojans</li></ul></div>

Cryptojacking & Cryptocurrency Mining: Defensive Measures

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.

Technology Spotlight Sessions Group 1-1

<p>It&rsquo;s difficult to choose and implement security tools that scale in an environment where multiple platforms have different settings, features and requirements. This session will address the technical remedies, including:</p><div class="hung_list"><ul><li>Differences to accounted for between one platform and the next during tool selection</li><li>Different vendor and tool categories and how do they compare</li><li>Pros and cons of multi-cloud access brokers?</li></ul></div>

Security Tools for a Multi-Platform Cloud Environment

Afternoon Roundtable How-To Sessions

<p>Companies are usually unaware that a malicious insider is up to no good in their networks until it&rsquo;s too late. They need help knowing how to identify early red flags. To that end, this session will explore:</p><div class="hung_list"><ul><li>Early red flags to look for</li><li>Security controls you can put in place to detect and prevent insider threat activity</li><li>Top insider threat monitoring solutions, their strengths and weaknesses</li><li>Detection tool essentials</li></ul></div>

Insider Threats

Lunch & Keynote Address

<p>Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It&rsquo;s time to get proactive &ndash; and that&rsquo;s where threat hunting comes into play. This session explores the latest techniques in that area, and how to:</p><div class="hung_list"><ul><li>Position hunt teams to directly increase the overall maturity (and ROI) of their monitoring and detection capabilities</li><li>Detect abnormal patterns of behavior</li></ul></div>

New Threat Hunting Techniques

DAY 2

2019 Dallas Forum DAY 2

Default Calendar

Attendee Contact

Sponsor Contact

The IANS 2019 Dallas Information Security Forum delivers an immersive curriculum with 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers.
Attend the two-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise security leaders.
Network with peers to benchmark your information security practices and engage with IANS Faculty during interactive sessions.

Onsite Questions

Sponsorship Questions

Registration Questions

General Information

Housing & Travel Questions

<p>Guardicore is the segmentation company disrupting the legacy firewall market. Our software-only approach is decoupled from the physical network, providing a faster alternative to firewalls. Built for the agile enterprise, Guardicore offers greater security
    and visibility in the cloud, data-center and endpoint. For more information, please visit <a href="https://www.guardicore.com/" target="_blank">www.guardicore.com</a> or go to <a href="https://twitter.com/guardicore" target="_blank">Twitter</a> or
    <a href="https://www.linkedin.com/company/guardicore/" target="_blank">LinkedIn</a>.</p>

Guardicore

<p>Proofpoint is a leading cybersecurity company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including more than half of the Fortune 1000, rely on Proofpoint to mitigate their most critical security and compliance risks across email, the cloud, social media, and the web. No one protects people, the data they create, and the digital channels they use more effectively than Proofpoint.</p>

Proofpoint

Platinum Sponsors

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed. Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions, and cloud VMs.

Aqua Security

<p>Contrast Security enables applications to automatically detect and fix vulnerabilities, identify attacks, and defend themselves. Contrast employs security instrumentation to strengthen applications before they deploy, protect in production and provide visibility throughout the application lifecycle. More information can be found at <a href="https://www.contrastsecurity.com" target="_blank">www.contrastsecurity.com</a> or by following Contrast on Twitter at @ContrastSec.</p>

Contrast Security

<p>CyCognito
was founded by offensive security experts whose deep understanding of attacker
techniques led them to create a totally new approach to risk assessment. Our
mission is to help organizations identify and eliminate critical security risks
that are often unknown to them — the attackers’ paths of least resistance. The CyCognito
platform is an external attack surface management solution that fills a
fundamental security gap that has widened dramatically as organizations adopt
fluid IT ecosystems that span on-premises, cloud, partner and subsidiary
environments. CyCognito addresses this gap with a category-defining, attack
surface security platform that automates offensive cybersecurity operations to
provide reconnaissance capabilities superior to those of attackers.</p>

CyCognito

<p>Deep Instinct is the first company to apply deep learning to cybersecurity. Deep learning is inspired by the brain’s ability to learn. Once a brain learns to identify an object, its identification becomes second nature. Similarly, as Deep Instinct’s artificial neural network brain learns to detect any type of cyber threat, its prediction capabilities become instinctive. As a result, any kind of malware, known and new, first-seen malware, zero-days, ransomware and APT attacks are predicted and prevented in real-time with unmatched accuracy.</p>

Deep Instinct

<p>Expanse helps organizations discover, track, and monitor their internet-exposed attack surface. Our outside-in approach can find previously unknown security exposures, and provides global visibility into communication between your assets and those that may be risky or out of policy.</p>

Expanse

<p>ZeroFox, the leader in external cybersecurity, provides enterprises external threat intelligence and protection to disrupt threats to brands, people, assets and data across the public attack surface in one, comprehensive platform. With complete global coverage across the surface, deep and dark web and an artificial intelligence-based analysis engine, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox Platform technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Instagram, Pastebin, YouTube, mobile app stores, domains, cloud-based email and more.</p>

ZeroFox

Gold Sponsors

<p>eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. </p>
<p>Protecting more than $6 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements.</p>

eSentire

<p>GuidePoint Security is an elite team of top certified cybersecurity experts. We help organizations minimize cyber gaps and vulnerabilities, understand the evolving threat landscape and optimize resources designed to create a safer, more secure cybersecurity ecosystem. Learn more at <a href="https://www.guidepointsecurity.com" target="blank">www.guidepointsecurity.com</a>.</p>

GuidePoint Security

<p>Kenna Security is a leader in cyber risk management. The Kenna Security platform, powered by Cyber Risk Context Technology, tracks and predicts real-world exploitations, enabling organizations to work cross-functionally to mitigate cyber risk. Kenna counts among its customers many Fortune 100 companies, and serves nearly every major vertical. Kenna Security is headquartered in San Francisco.</p>

Kenna Security

<p>Malwarebytes business is protecting workplace productivity. We make it safe for your employees to connect from anywhere, using all the applications they need. Whether you’re a small business or a large enterprise, have an IT staff of one or a dedicated
    security team, Malwarebytes keeps your business moving. Our solutions support you with analytics-driven, multi-layer threat protection, industry-leading incident response, and endpoint security orchestration. It’s bold cybersecurity, built for
    people, by people who give a damn. We keep breaches from becoming catastrophes, avoiding operations downtime. We simplify and strengthen overall cybersecurity, so everyone—security professionals and employees alike—can focus on the important
    aspects of their work. Visit <a data-sf-ec-immutable="" target="_blank" href="http://malwarebytes.com">malwarebytes.com</a> to learn more.</p>

Malwarebytes

<p>Qualys, Inc. is a pioneer and leading provider of cloud-based security and compliance solutions that help organizations streamline and consolidate their security and compliance solutions and build security into digital transformation. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously across global IT assets.</p>

Qualys

<p>Respond Software delivers instant return on investment (ROI) to organizations in their battle against cyber-crime. With its patented intelligent decision engine, PGO®, Respond Software’s product uniquely combines the best of human expert judgement with the scale and consistency of software. Our quick-to-implement cybersecurity automation software delivers the equivalent of a virtual, best-of-breed analyst team that dramatically increases capacity and improves monitoring and triage capabilities at a fraction of the cost. Respond Software was founded in 2016 by security and software industry veterans. <a href="https://respond-software.com/" target="_blank">www.respond-software.com</a></p>

Respond

<p>RSA® Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions. With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change. For more information, visit <a href="https://www.rsa.com" target="_blank">rsa.com</a>.</p>

RSA Security

<p>Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies.</p>

Tenable Inc.

<p>Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification, and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.</p>

Varonis Systems Inc.

Silver Sponsors

Information Security Forum

This two-day Forum is designed for security practitioners to gain actionable technical solutions and leadership insights focused on current and emerging challenges. Network with peers to benchmark your information security practices and engage with IANS Faculty during interactive sessions.

<ul>
    <li>Assess and logically start pruning your stack</li>
    <li>Use one tool to replace several others without loss of functionality or controls coverage</li>
    <li>Question your existing and prospective vendors in order to determine where the overlap exists</li>
</ul>

Security Vendor Optimization

<ul>
    <li>
    Learn how Blockchain can increase the efficacy of things like vulnerability management and SIEM
    </li>
    <li>
    Understand which Blockchain products are viable (or not)</li>
    <li>
    See use cases around how Blockchain enhances security</li>
</ul>

Blockchain

<ul>
    <li>
    Use EU enforcement actions as a guide to assess GDPR strengths and weaknesses</li>
    <li>
    Prepare for what to do if your company is eventually found lacking by regulators</li>
    <li>
    Understand the ripple effects of GDPR, including the possibility of a US data security law
    </li>
</ul>

Data Security Laws That Could Follow GDPR

<ul>
    <li>
    Determine when cryptomining malware is in the system
    </li>
    <li>
    Remove the malware from your systems and keep it from returning
    </li>
    <li>
    Understand the most prolific cryptocurrency-based attacks targeting companies and how to avoid them
    </li>
</ul>

Cryptojacking/Cryptomining Malware

<ul>
    <li>
    Map all Internet-facing systems and ensure they are protected
    </li>
    <li>
    Understand how attackers exploit IOT weaknesses
    </li>
    <li>
    Learn which security vendors specialize in IOT
    </li>
</ul>

IOT Security

<ul>
    <li>
    Identify how AI/ML can be used to enhance security
    </li>
    <li>
    Identify ways in which the technology can be exploited
    </li>
    <li>
    See specific examples of where AI/ML works, and where it doesn't
    </li>
</ul>

Artificial Intelligence and Machine Learning

2019 Dallas Information Security Forum

Cityplace Conference Center

Hotel: Canopy Dallas Uptown

Professional Development

Executive Competencies

Live Online Training

Online Training Library

Compensation & Budget

Take the Survey

Reports

Survey Visualization Tool

Executive Communications

Incident Command Center

Resource Center

Events

Forums

CISO Roundtables

Symposiums

Webinars

Vendor Assessment Community

Who We Are

About Us

Our Story

Careers

Contact Us

What We Do

InfoSec-Specific Executive Development for CISOs and Aspiring Security Leaders.

Live Faculty-led instruction and interactive labs to build you and your team"s InfoSec skills.

2019 Dallas

Information Security Forum

Who Should Attend?

Contact us at:

Contact us at:

Who Should Attend?