2019 Minneapolis
Information Security Forum

#IANSMinneapolis #IANSEvents

April 24 - 25, 2019
Hyatt Regency Minneapolis, 1300 Nicollet Mall, Minneapolis, MN

The IANS 2019 Minneapolis Information Security Forum delivers an immersive curriculum with 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers. Attend the two-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise security leaders. Network with peers to benchmark your information security practices and engage with IANS Faculty during interactive sessions.

Let your colleagues know you're coming!

This event has ended.

Check out our other upcoming events!

View All Events

DAY 1

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
8:30 AM - 8:45 AM

IANS Welcome & State of the Industry

Come join us as we welcome you to the Forum.
Robert Booker

Robert Booker

UnitedHealth Group, SVP and CISO

Robert has served as CISO of UHG since July of 2008. His responsibilities are focused on information risk management in support of UHG’s worldwide focus on clinical care resources, information and technology to serve the health care environment and industry. He works closely with the UHG Executive Leadership Team in updating the Board of Directors on the company’s continued focus on cyber defense. Robert also collaborates actively with other health industry leaders, regulators, risk underwriters, health provider partners and customers.

Robert presently serves on the Board of Directors of the Health Information Trust Alliance (HITRUST) and has been instrumental in establishing a common security framework for the health industry, the information sharing and analysis organization (ISAO) for the health industry, and CyberRx – a cyber- exercise program for the industry.

He is an alumnus of the first FBI CISO Academy.

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

8:45 AM - 9:30 AM

Keynote Interview: A Discussion with Robert Booker

with Robert Booker and Phil Gardner

Join Robert Booker, CISO of UnitedHealth Group, and Phil Gardner for an interview on what it’s like to be a CISO in today’s fast-changing environment. Topics for their discussion will include:

  • Tell us your story. How did you get your CISO job?
  • Give us some examples of how your InfoSec team supports your business.
  • Share a mistake that you’ve made. What did you learn?
  • How do you stay organized?
9:30 AM - 9:50 AM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
9:50 AM - 10:25 AM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.

Aaron Turner

IANS Faculty

Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.

10:35 AM - 11:10 AM Morning Roundtable How-To Sessions Protect Applications and Data

Advancements in Secure Remote Access

with Aaron Turner

The endpoint continues to grower wider and muddier as professionals access company resources from a growing array of mobile devices. This session looks at:

  • How VPNs are evolving
  • Vendors in the space and how they compare
  • Tools and techniques organizations can use to bolster secure remote access
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

Protect Applications and Data

File Security: Tools and Techniques in 2019

with Dave Shackleford

Attackers continue to find new ways to access, steal and corrupt files. This means organizations need to up their game in protecting them. To that end, this session will explore:

  • Advancements vendors in the space have made and what’s right for you
  • The latest techniques to ensure files are only being accessed by those whose jobs require it
bill-dean

Bill Dean

IANS Faculty

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.

Protect Applications and Data

Hybrid Web App Pen Testing

with Bill Dean

Companies do not know whether to do manual or automated web app pen testing, or to go with the hybrid approach. To help find answers, this session will explore:

  • How the hybrid approach marks an improvement over the traditional approach
  • The limits of an automation-only approach
  • What you need in a toolkit -- examples: PortSwigger’s Burp Suite Pro (commercial), OWASP Zed Attack Proxy (open source)
  • The ideal testing methodology?
josh-more

Josh More

IANS Faculty

Josh has more than eighteen years of experience in security, IT, development and system and network administration. Currently, he runs Eyra Security, a security and business improvement consulting firm based in Minneapolis, MN. Josh holds several security and technical certifications and has served in a leadership position on several security-focused groups. He has written several books on I.T. and Information Security, with the aim of applying to I.T. lessons learned from outside the core discipline, such as Agile/Lean Principles, Natural History, Psychology, Economics and Complexity Science. Josh specializes in the overlap between security and business practices, including vendor/customer management, technology transitions, and security as competitive advantage.

Detect, Respond and Recover

Phishing and Social Engineering: New Solutions to an Old Problem

with Josh More

Phishing is an old social engineering technique and organizations have certainly tried to make employees aware of email links they shouldn’t open. But phishing remains a highly successful technique for the bad guys. So what do we keep doing wrong? This session explores:

  • New phishing security tools that may help
  • What organizations can do to enhance security awareness among employees
mike-rothman

Mike Rothman

IANS Faculty

Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.

Detect, Respond and Recover

The Changing Face of Ransomware

with Mike Rothman

Ransomware continues to be a significant problem for many organizations, and it has shown a ferocious ability to evolve. One reason is ransomware as a service, where people with little skill can buy ransomware-making kits online. This session explores:

  • Ways ransomware has evolved in the last 6-12 months
  • What ransomware as a service looks like and why it’s such a problem
  • What vendors are doing to get ahead of the bad guys
11:15 AM - 11:50 AM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Matt Bing

Matt Bing

NETSCOUT, Principle Security Research Analyst

Matthew Bing received his master’s in computer science from Grand Valley State University in 2000 where he studied intrusion detection and large-scale logging infrastructures. He then moved to Ann Arbor to work as a security engineer at Anzen Computing (which was later acquired by NFR Security). At NFR, Matt developed and implemented intrusion detection systems as a member of the Rapid Response Team. Matt joined the University of Michigan in 2004 where he led the design, rollout, and implementation of an IT security incident management program across campus. Over the years, Matt led the response to many incidents, including several high profile cases.

11:50 AM - 12:50 PM

Lunch & Sponsor Keynote: The World of Internet-scale Threats

with Matt Bing The largest DDoS attack on record, the evolution of IoT botnets, the inclusion of worms across the crime landscape, supply chain attacks by APT – the past year has been a busy one on the threat landscape. This talk covers the findings captured in the recent NETSCOUT Threat Intelligence Report, going behind the scenes to discuss the significance and import of each of them.

Aaron Turner

IANS Faculty

Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.

Afternoon Roundtable Workshop Sessions Improve Infrastructure and Ops

Cutting Through the AI/ML Vendor Hype

with Aaron Turner

Vendors hype the benefits of AI/ML too broadly when it’s really meant for small, well-defined situations. This session will address the following:

  • When we say AI/ML is for small or well-defined situations, what are examples of those?
  • What are specific examples of where AI/ML works, and where it doesn’t?
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

Secure the Cloud

Choosing a Cloud Provider

with Dave Shackleford

There are too many vendors, an over-saturated market and confusion over the security requirements that truly matter vs. the vendor fluff. In this session, you’ll learn how cut through the confusion and address:

  • What the cloud provider landscape look like
  • When to go with a big player as opposed to smaller players
  • Questions you should ask internally before looking at potential providers
  • The right (or wrong) questions to ask prospective cloud providers
josh-more

Josh More

IANS Faculty

Josh has more than eighteen years of experience in security, IT, development and system and network administration. Currently, he runs Eyra Security, a security and business improvement consulting firm based in Minneapolis, MN. Josh holds several security and technical certifications and has served in a leadership position on several security-focused groups. He has written several books on I.T. and Information Security, with the aim of applying to I.T. lessons learned from outside the core discipline, such as Agile/Lean Principles, Natural History, Psychology, Economics and Complexity Science. Josh specializes in the overlap between security and business practices, including vendor/customer management, technology transitions, and security as competitive advantage.

Protect Applications and Data

Blockchain: What Your Vendors Have and How to Use It

with Josh More

Companies don’t understand how blockchain works inside their security vendor offerings. This session will arm attendees with a stronger foundation by exploring:

  • The use cases around how blockchain enhances security
  • Blockchain-related products that are actually viable
  • How blockchain increase the efficacy of things like vulnerability management and SIEM
  • What CISOs should tell their exec stakeholders about blockchain
bill-dean

Bill Dean

IANS Faculty

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.

Detect, Respond and Recover

New Threat Hunting Techniques

with Bill Dean

Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. This session explores the latest techniques in that area, and how to:

  • Position hunt teams to directly increase the overall maturity (and ROI) of their monitoring and detection capabilities, and
  • Detect abnormal patterns of behavior.
ken-van-wyk

Ken Van Wyk

IANS Faculty

Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.

Advance Your Team

How to Recruit and Retain the Best People

with Ken Van Wyk

The skills gap makes it difficult to find people who are best equipped to handle evolving threats. The best people leave after a year because there are plenty of other opportunities out there. To help address the problem, this session will look at:

  • Non-traditional recruiting avenues you can explore to help counteract the skills gap
  • How to leverage the NIST Skills Framework to this end
  • How to spot warning signs that someone has an eye on the door
  • Training and career development options to keep employees growing and interested in staying
  • Incentives beyond salaries for retaining people?
2:25 PM - 3:00 PM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
3:00 PM - 3:20 PM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
3:20 PM - 3:55 PM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
ken-van-wyk

Ken Van Wyk

IANS Faculty

Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.

4:05 PM - 4:40 PM Afternoon Roundtable Workshop Sessions Improve Infrastructure and Ops

Mobile Device Management: Case Studies of Success and Failure

with Ken Van Wyk

Companies still struggle to secure personal devices on the company network. They need examples and case studies of how others have successfully (and unsuccessfully) done it. This session explores:

  • How to develop a threat model for all types of personal devices
  • How to you approach data protections on devices without traditional security controls
  • Who owns the endpoint? Does it matter anymore?
  • The differences between iOS vs. Android
  • Is ZeroTrust enabling secure BYOD procedures or preventing it?
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

Protect Applications and Data

Getting Control of Container Security

with Dave Shackleford

Fortune 1000 problem: Companies spin up containers quickly, then set them loose with no security due diligence. It’s a process problem as much as a technology issue. Questions to address:

  • How can a company create a more deliberate process to determine when containers are necessary?
  • What is some specific automation or orchestration tools? (Docker Swarm, Kubernates). This part is the end.
  • How does one optimize such tools as AppArmor and SELinuxbecause to prevents a misconfiguration or bug at the container daemon level?
  • What is Docker Notary and how can it add a layer of trust?
  • What are some of the more recent attacks to exploit unsecured containers?
josh-more

Josh More

IANS Faculty

Josh has more than eighteen years of experience in security, IT, development and system and network administration. Currently, he runs Eyra Security, a security and business improvement consulting firm based in Minneapolis, MN. Josh holds several security and technical certifications and has served in a leadership position on several security-focused groups. He has written several books on I.T. and Information Security, with the aim of applying to I.T. lessons learned from outside the core discipline, such as Agile/Lean Principles, Natural History, Psychology, Economics and Complexity Science. Josh specializes in the overlap between security and business practices, including vendor/customer management, technology transitions, and security as competitive advantage.

Improve Infrastructure and Ops

DevSecOps Business Cases

with Josh More

Companies still struggle to get developers and security on the same page. They need case studies to show them where and how DevSecOps successes have happened. To that end, this session explores:

  • Case studies of DevSecOps done right
  • How to measure your maturity for DevSecOps -- Phase 1 to Phase 5, for example
  • How to put the “Shift Left” DevSecOps workflow in place
  • How DevSecOps leads to more secure cloud deployments
  • How to use DevSecOps to improve security in IoT technology when they are at the development stage

Aaron Turner

IANS Faculty

Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.

Detect, Respond and Recover

How to Fill SIEM Gaps with UEBA/SOAR

with Aaron Turner

Organizations want their SIEM to alert them in real time, but that’s not happening. Instead, their SIEM only helps determine how a breach occurred after the fact. Practitioners have heard that UEBA and SOAR can be used to overcome the limits of their current SIEM set up, but they seek concrete answers about how it all works and what kind of training and investments are required. In this session, attendees will learn:

  • The specific actions they must take in order to fully understand where their SIEM is hitting the wall,
  • A list of ways to tell if their MSSP is properly goaled/resourced/qualified to correlate and alert in real time, and
  • A clearer understanding of the small and well-defined situations AI/ML is best suited for.
bill-dean

Bill Dean

IANS Faculty

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.

Improve Infrastructure and Ops

Advances in Network Visibility

with Bill Dean

Network security and monitoring remains essential in light of increasing volumes of data and an ever-expanding threat landscape, but comprehensive network visibility is hard, and organizations need better guidance. This session aims to provide that by looking at:

  • What organizations are missing and which vendors and techniques can help
4:45 PM - 5:45 PM

Networking Reception

Come network with your peers! Hors d'eouvres and cocktails will be served!

DAY 2

8:00 AM - 9:00 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

Aaron Turner

IANS Faculty

Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.

9:00 AM - 9:30 AM

IANS Faculty Keynote: 30 Years of IAM - Successes and Failures

with Aaron Turner IANS Faculty member Aaron Turner has been working on IAM challenges for a long time. Join him as he walks through three decades of first-hand experiences. Whether the lessons learned are from catastrophic failures or un-mitigated successes, they're valuable lessons that can be applied today.
9:40 AM - 10:15 AM

Technology Spotlight Sessions Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
10:25 AM - 11:00 AM

Technology Spotlight Sessions Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
11:00 AM - 11:20 AM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

11:20 AM - 12:50 PM Morning Roundtable How-To Sessions Detect, Respond and Recover

Breaking a Failed Vulnerability Management Cycle

with Dave Shackleford

Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right. This session will explore:

  • Particular tools you should be using to create more automation
  • How to use automation to move through the flaw finding and patching process more quickly
  • Which companies have taken this to the next level
  • What they did to move past the struggle most still find themselves in
  • What the Vulnerability Management Process Workflow is and how will it help
  • How can organizations can ensure data within their SQL Server, DB2 and Oracle databases are secure?
  • Besides Shodan, some other tools that will cast a wider net for vulnerabilities
josh-more

Josh More

IANS Faculty

Josh has more than eighteen years of experience in security, IT, development and system and network administration. Currently, he runs Eyra Security, a security and business improvement consulting firm based in Minneapolis, MN. Josh holds several security and technical certifications and has served in a leadership position on several security-focused groups. He has written several books on I.T. and Information Security, with the aim of applying to I.T. lessons learned from outside the core discipline, such as Agile/Lean Principles, Natural History, Psychology, Economics and Complexity Science. Josh specializes in the overlap between security and business practices, including vendor/customer management, technology transitions, and security as competitive advantage.

Manage Privacy and Risk

Building a Business-Oriented Risk Assessment

with Josh More

IT and security teams set risk assessment parameters too narrowly and fail to capture the needs and risks of the entire business. This session will help get your organization on track and address:

  • The best way to determine the most important security risks are within the enterprise
  • How to ensure that executive and business unit leadership input is obtained in establishing and assessing those risks
  • The strongest risk identification and assessment frameworks, and which may be best suited to small, medium or large enterprises in the private or public sectors
  • The deficiencies of ISO/IEC 27005 and NIST SP800-30
  • The best way to evaluate specific risks on a tactical level vs. identifying and ranking a large number of risks on a strategic level?
bill-dean

Bill Dean

IANS Faculty

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.

Improve Infrastructure and Ops

Bringing Red/Blue/Purple Teaming Into Balance

with Bill Dean

Your Red Team does one thing, your Blue Team does the other, and they don’t talk. Companies struggle to get them on the same page and achieve the true value of these exercises. What to do? This session will explore:

  • The most valuable KPIs to use for these activities
  • How to use automation testing to test the effectiveness of a response during an exercise
  • How to leverage balanced scorecards for direct tracking of capabilities

Aaron Turner

IANS Faculty

Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.

Protect Applications and Data

Prioritizing Privilege Management

with Aaron Turner

As IT infrastructure gets more complex and infrastructure-as-a-service (IaaS) becomes a reality, one of the few controls we have left is privileged user management (PUM). But it’s difficult to get it right. To advance in the right direction, this session will explore:

  • How to link privileged access management to change management
  • How to identify what is happening with the use of these credentials
  • How to Identify the appropriate tools to use for privileged access management
  • How to handle insider threats related to privilege abuse/misuse
mike-rothman

Mike Rothman

IANS Faculty

Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.

Secure the Cloud

The Cloud Security Maturity Roadmap

with Mike Rothman

Securing the cloud is fundamentally different from how it’s done on-premises, yet there are very few guidebooks or clear methods to ensure adequate protection. This session will take you to the next level by exploring:

  • The Securosis/IANS Cloud Security Maturity Model
  • The difference between being a cloud native and a cloud tourist
  • Best practices to set up a secure cloud environment
  • How serverless functions enable continuous cloud security
  • How to implement guardrails around your Cloud
Jessica Stanford

Jessica Stanford

Hysolate, Global VP of Marketing

As Global VP of Marketing, Jessica brings more than a decade of experience to Hysolate. With her in-depth product knowledge, market expertise and passion for cybersecurity, she has a long track record of driving strategic and revenue growth, leading product launches such as RSA’s Authentication Manager and CyberArk’s Privileged Threat Analytics. Most recently, she served as Director of Product Marketing at Cybereason where she was responsible for the full portfolio of product and service offerings. A proud buckeye, Jessica earned her BSBA from The Ohio State University and her MBA from Brandeis University.

12:50 PM - 1:50 PM

Lunch & Sponsor Keynote: Getting off the Hamster Wheel

with Jessica Stanford The patterns of behavior between cyberattackers and security professionals are so predictable. The cybersecurity hero is on an unyielding hamster wheel, constantly identifying and blocking the latest threats, but it’s a losing battle. The cyber attacker has an asymmetric advantage. The only way for security professionals to overcome their disadvantage is to break the mold, get off the hamster wheel, and rewrite the rules of cyber combat.
2:00 PM - 2:35 PM

Technology Spotlight Sessions Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
2:45 PM - 3:20 PM

Technology Spotlight Sessions Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

3:30 PM - 4:30 PM Afternoon Roundtable How-To Sessions Secure the Cloud

Adapting the SOC to a Cloud Environment

with Dave Shackleford

Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. They need to adapt to life in the cloud, and this session will explore how to get there. Issues addressed include:

  • How an old-world SOC differs from one in the cloud
  • Changes you need to make with your SOC
  • How to make that transition without dropping the ball in either world
  • Skills that need to be picked up in the new cloud-based SOC
  • Examples of cloud detection and response
bill-dean

Bill Dean

IANS Faculty

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.

Detect, Respond and Recover

Insider Threats

with Bill Dean

Companies are usually unaware that a malicious insider is up to no good in their networks until it’s too late. They need help knowing how to identify early red flags. To that end, this session will explore:

  • Early red flags to look for
  • Security controls you can put in place to detect and prevent insider threat activity
  • Top insider threat monitoring solutions, their strengths and weaknesses
  • Detection tool essentials
mike-rothman

Mike Rothman

IANS Faculty

Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.

Secure the Cloud

Security Tools for a Multi-Platform Cloud Environment

with Mike Rothman

It’s difficult to choose and implement security tools that scale in an environment where multiple platforms have different settings, features and requirements. This session will address the technical remedies, including:

  • Differences to accounted for between one platform and the next during tool selection
  • Different vendor and tool categories and how do they compare
  • Pros and cons of multi-cloud access brokers?

Aaron Turner

IANS Faculty

Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.

Improve Infrastructure and Ops

IoT: Who Owns Device Risk Management

with Aaron Turner

There’s no clear consensus on who is responsible for managing risks associated with IoT devices in an organization. This session is designed to clear up that confusion. Attendees will learn:

  • Where all the IOT devices are
  • The breakdown of who should be in charge of security risks related to IOT
  • How to assemble a responsibility tree for who does what if an IOT-related compromise happens
ken-van-wyk

Ken Van Wyk

IANS Faculty

Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.

Advance Your Team

Case Study: Building a Better Security Culture

with Ken Van Wyk

Companies struggle to find a successful recipe for their security culture and need a concrete example of what another company has done to get it right. This session will offer:

  • A case study for a company that has succeeded in growing a true security culture
  • Three things you can do to change that trajectory and actually make your program effective
  • Ways to expand the team with non-traditional security staff (i.e. ambassadors/champions)
4:35 PM - 4:45 PM

Closing Ceremonies

2019 Minneapolis Speakers

Matt Bing

Matt Bing

NETSCOUT, Principle Security Research Analyst

Matthew Bing received his master’s in computer science from Grand Valley State University in 2000 where he studied intrusion detection and large-scale logging infrastructures. He then moved to Ann Arbor to work as a security engineer at Anzen Computing (which was later acquired by NFR Security). At NFR, Matt developed and implemented intrusion detection systems as a member of the Rapid Response Team. Matt joined the University of Michigan in 2004 where he led the design, rollout, and implementation of an IT security incident management program across campus. Over the years, Matt led the response to many incidents, including several high profile cases.

Presentations
  • Lunch & Sponsor Keynote: The World of Internet-scale ThreatsDAY 111:50 AM - 12:50 PM
Robert Booker

Robert Booker

UnitedHealth Group, SVP and CISO

Robert has served as CISO of UHG since July of 2008. His responsibilities are focused on information risk management in support of UHG’s worldwide focus on clinical care resources, information and technology to serve the health care environment and industry. He works closely with the UHG Executive Leadership Team in updating the Board of Directors on the company’s continued focus on cyber defense. Robert also collaborates actively with other health industry leaders, regulators, risk underwriters, health provider partners and customers.

Robert presently serves on the Board of Directors of the Health Information Trust Alliance (HITRUST) and has been instrumental in establishing a common security framework for the health industry, the information sharing and analysis organization (ISAO) for the health industry, and CyberRx – a cyber- exercise program for the industry.

He is an alumnus of the first FBI CISO Academy.

Presentations
  • Keynote Interview: A Discussion with Robert BookerDAY 18:45 AM - 9:30 AM
bill-dean

Bill Dean

IANS Faculty

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.

Presentations
  • Hybrid Web App Pen TestingDAY 110:35 AM - 11:10 AM
  • New Threat Hunting TechniquesDAY 11:00 PM - 2:15 PM
  • Advances in Network VisibilityDAY 14:05 PM - 4:40 PM
  • Bringing Red/Blue/Purple Teaming Into BalanceDAY 211:20 AM - 12:50 PM
  • Insider ThreatsDAY 23:30 PM - 4:30 PM
josh-more

Josh More

IANS Faculty

Josh has more than eighteen years of experience in security, IT, development and system and network administration. Currently, he runs Eyra Security, a security and business improvement consulting firm based in Minneapolis, MN. Josh holds several security and technical certifications and has served in a leadership position on several security-focused groups. He has written several books on I.T. and Information Security, with the aim of applying to I.T. lessons learned from outside the core discipline, such as Agile/Lean Principles, Natural History, Psychology, Economics and Complexity Science. Josh specializes in the overlap between security and business practices, including vendor/customer management, technology transitions, and security as competitive advantage.

Presentations
  • Phishing and Social Engineering: New Solutions to an Old ProblemDAY 110:35 AM - 11:10 AM
  • Blockchain: What Your Vendors Have and How to Use ItDAY 11:00 PM - 2:15 PM
  • DevSecOps Business CasesDAY 14:05 PM - 4:40 PM
  • Building a Business-Oriented Risk AssessmentDAY 211:20 AM - 12:50 PM
mike-rothman

Mike Rothman

IANS Faculty

Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.

Presentations
  • The Changing Face of RansomwareDAY 110:35 AM - 11:10 AM
  • The Cloud Security Maturity RoadmapDAY 211:20 AM - 12:50 PM
  • Security Tools for a Multi-Platform Cloud EnvironmentDAY 23:30 PM - 4:30 PM
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).

Presentations
  • File Security: Tools and Techniques in 2019DAY 110:35 AM - 11:10 AM
  • Choosing a Cloud ProviderDAY 11:00 PM - 2:15 PM
  • Getting Control of Container SecurityDAY 14:05 PM - 4:40 PM
  • Breaking a Failed Vulnerability Management CycleDAY 211:20 AM - 12:50 PM
  • Adapting the SOC to a Cloud EnvironmentDAY 23:30 PM - 4:30 PM
Jessica Stanford

Jessica Stanford

Hysolate, Global VP of Marketing

As Global VP of Marketing, Jessica brings more than a decade of experience to Hysolate. With her in-depth product knowledge, market expertise and passion for cybersecurity, she has a long track record of driving strategic and revenue growth, leading product launches such as RSA’s Authentication Manager and CyberArk’s Privileged Threat Analytics. Most recently, she served as Director of Product Marketing at Cybereason where she was responsible for the full portfolio of product and service offerings. A proud buckeye, Jessica earned her BSBA from The Ohio State University and her MBA from Brandeis University.

Presentations
  • Lunch & Sponsor Keynote: Getting off the Hamster WheelDAY 212:50 PM - 1:50 PM

Aaron Turner

IANS Faculty

Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.

Presentations
  • Advancements in Secure Remote AccessDAY 110:35 AM - 11:10 AM
  • Cutting Through the AI/ML Vendor HypeDAY 11:00 PM - 2:15 PM
  • How to Fill SIEM Gaps with UEBA/SOARDAY 14:05 PM - 4:40 PM
  • IANS Faculty Keynote: 30 Years of IAM - Successes and FailuresDAY 29:00 AM - 9:30 AM
  • Prioritizing Privilege ManagementDAY 211:20 AM - 12:50 PM
  • IoT: Who Owns Device Risk ManagementDAY 23:30 PM - 4:30 PM
ken-van-wyk

Ken Van Wyk

IANS Faculty

Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.

Presentations
  • How to Recruit and Retain the Best PeopleDAY 11:00 PM - 2:15 PM
  • Mobile Device Management: Case Studies of Success and FailureDAY 14:05 PM - 4:40 PM
  • Case Study: Building a Better Security CultureDAY 23:30 PM - 4:30 PM

Hyatt Regency Minneapolis - ROOMS SOLD OUT

1300 Nicollet Mall, Minneapolis, MN 55403

Onsite Questions

Are the presentations available for viewing after the Forum?

All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.

Does IANS provide a Mobile App?

The IANS Information Security Forum App will be available 1 week prior to the event. To download the Mobile App go to the App Store or Google Play Store on your device and search IANS.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.

Is there free Wi-Fi onsite?

Free Wi-Fi will be provided throughout the Forum in conference areas.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please download the IANS Mobile App or follow us on Twitter.

Where do I pick up my badge and registration material?

Your badge and registration materials will be available to pick-up at the registration desk. Registration starts at 7:30am.

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers during the lunches, breaks and the networking reception at the end of day one.

Sponsorship Questions

Are there still sponsorship opportunities?

Please contact Eric Bartczak at sponsorships@iansresearch.com for more information.

Will there be opportunities to network with peers and sponsors?

IANS offers a Silver, Gold and Platinum level sponsorship. Please visit the Event Sponsors Page for more information.

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum officially begins on Day 1 at 7:30am and ends on Day 2 at 4:40pm.

What's the registration deadline?
You can register for and IANS event up to the day of the event.

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Hotel Cancellations

If you have booked a hotel room with IANS during the registration process or you have reached out to an IANS team member regarding booking a room, please note our venues have a cancellation policy of 48 hours. If you do not cancel your reservation through your online registration or in writing to IANS, you will be charged for the night(s) in which you have failed to cancel.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

Photography, Audio & Video Recording

IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.

IANS Code of Conducts

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Housing & Travel Questions

How can I book a hotel room?

All hotel requests must be made through the registration site.

How can I cancel my hotel reservation?

Most of our hotel venues have a 72 hour cancellation policy. You must cancel by contacting one of the IANS team members or through the online registration. If you fail to do so you will be charged for the night(s) in which you have failed to cancel.

Is parking provided?

IANS does not cover any parking.

What hotel accommodations are available during the Forum?

IANS provides a room block for forum events. There will be a limited number of rooms available at the discounted rate.

Will I receive a hotel confirmation number?

You will receive a hotel confirmation number 2 weeks prior to the Forum.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for senior-level information security executives across all industries. Attendees include CISOs, CIOs, VPs and Managing Directors of Information Security, Senior Information Security Architects, and Senior Information Security Engineers.

Check out IANS other upcoming events