2019 New York Information Security Forum

DAY 1
DAY 2

DAY 1

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

8:30 AM - 8:45 AM

IANS Welcome & State of the Industry

Come join us as we welcome you to the Forum.

Shamla Naidoo

IANS Faculty

Shamla is the Head of Cloud Strategy and Innovation at Netskope and a former Managing Partner and Global CISO at IBM. She is a Board Director at both QBE and Stonebridge Acquisition Capital and a Board Member at ReferencePoint. Shamla’s experience spans 38+ years in a variety of sectors and 6 continents, making her an expert in cross-cultural collaboration and working across industries. She is recognized as a leader in applying security to enable priorities of the business. Her background also includes authoring and teaching several courses for the University of Illinois Chicago School of Law in technology, security, and privacy law. Shamla coaches professionals on leadership, board communication and how to align security with strategic business initiatives.

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

8:45 AM - 9:30 AM

Keynote Interview: From the Durban Slums to Leading Big Blue’s InfoSec Team

with and

In a Keynote Interview, IBM’s Shamla Naidoo and Phil Gardner will discuss Shamla’s remarkable story – from the slums of Durban, South Africa, to her immigration to the U.S., to being selected as IBM’s Global CISO. Shamla will share how both grit and good fortune have been instrumental in her success. She will also share practical insights on finding mentors, making decisions fearlessly, and managing a global team with decisiveness and empathy.

9:30 AM - 9:50 AM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.

9:50 AM - 10:25 AM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.

Aaron Turner

IANS Faculty

Aaron Turner is the Founder & CEO of Siriux Security, a SaaS posture management company which partners with IANS on M365 security consulting projects. He is also a member of the board and security advisor to HighSide and CTO of Integricell. Aaron is a long-serving member of the RSA Conference Program Committee, helping select educational content presented at the annual RSA Conference.

10:35 AM - 11:10 AM Morning Roundtable How-To Sessions Protect Applications and Data

Advancements in Secure Remote Access

with

The endpoint continues to grower wider and muddier as professionals access company resources from a growing array of mobile devices. This session looks at:

How VPNs are evolving
Vendors in the space and how they compare.
Tools and techniques organizations can use to bolster secure remote access

Kenneth van Wyk

IANS Faculty

Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.

Protect Applications and Data

File Security: Tools and Techniques in 2019

with

Attackers continue to find new ways to access, steal and corrupt files. This means organizations need to up their game in protecting them. To that end, this session will explore:

Advancements vendors in the space have made and what’s right for you
The latest techniques to ensure files are only being accessed by those whose jobs require it

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Manage Privacy and Risk

GDPR: Learning from EU Regulatory Enforcement Actions

with

The EU hasn’t found its posterchild for GDPR punishment yet. Companies are left guessing what they still must do and how much time they’ll have to do it. To help prepare you, this session will explore:

How to use EU enforcement actions as a guide to assess GDPR strengths and weaknesses
Preparing for the chance your company will eventually be found lacking by regulators

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

Advance Your Team

How to Recruit and Retain the Best People

with

The skills gap makes it difficult to find people who are best equipped to handle evolving threats. The best people leave after a year because there are plenty of other opportunities out there. To help address the problem, this session will look at:

Non-traditional recruiting avenues you can explore to help counteract the skills gap
How to leverage the NIST Skills Framework to this end
How to spot warning signs that someone has an eye on the door
Training and career development options to keep employees growing and interested in staying
Incentives beyond salaries for retaining people?

Ondrej Krehel

IANS Faculty

Dr. Ondrej Krehel is the Founder, CEO, and Digital Forensics Lead of LIFARS LLC, an international cybersecurity and digital forensics firm. He is also the Co-Founder and an Advisory Board Member of QuBit Conference, an events and training company dedicated to connecting the information security community. Ondrej is an accomplished speaker having lectured for FBI Training Academy and the National Executive Institute. He also serves as a member of New York Metro Infragard, as the Chapter Leader of OWASP NYC, and as a Distinguished Fellow with the Ponemon Institute.

Detect, Respond and Recover

The Changing Face of Ransomware

with

Ransomware continues to be a significant problem for many organizations, and it has shown a ferocious ability to evolve. One reason is ransomware as a service, where people with little skill can buy ransomware-making kits online. This session explores:

Ways ransomware has evolved in the last 6-12 months
What ransomware as a service looks like and why it’s such a problem
What vendors are doing to get ahead of the bad guys.

11:20 AM - 11:55 AM

Technology Group 1

JP Blaho

Arbor Networks, Market Insights leader

John Paul (JP) Blaho currently leads the Market Insights group for Arbor Networks, and is a seasoned Product and Solutions professional with more than 15 years in the product and services marketing aresin IT.With eight years focused specifically on network security solutions, JP has developed a focus on understanding the buyer journey for Enterprises and identify the unique personas who engage in making complex IT security assessment and purchase decisions. Mr. Blaho has worked for leading security and services organizations such as Sungard Availability Services, Blue Coat Systems, Teradyne, and IBM Security.

JP received his BS degree from Bethany College in Bethany, West Virginia, and received his MBA from Northeastern University’s D’Amore-McKim School of Business in Boston, Massachusetts.

12:00 PM - 12:50 PM

Lunch & Sponsor Keynote: Visibility Without Borders: Building a Security Posture to Stop Attacks Closer to the Source

with

Network and Security Operations teams are hungry for data to analyze and establish security protocols. However, these same teams struggle to correlate the data they do ingest in order to draw connections between server and network or application and device.

Disparate applications, infrastructures and security platforms have exacerbated this visibility gap. Couple this data gap with network growth and limited IT resources, and you start to see the importance of automation and better data analysis. In this session, we will discuss the importance of true network and data visibility, and how it can help standardize and potentially move the defense posture out from the edge and to the source of the attack by having:

Extensive visibility from the internet through your intranet;
Continuous visibility at every premise; and
Smarter visibility based on smart data

Aaron Turner

IANS Faculty

1:00 PM - 2:15 PM Afternoon Roundtable Workshop Sessions Improve Infrastructure and Ops

Cutting Through the AI/ML Vendor Hype

with

Vendors hype the benefits of AI/ML too broadly when it’s really meant for small, well-defined situations. This session will address the following:

When we say AI/ML is for small or well-defined situations, what are examples of those?
What are specific examples of where AI/ML works, and where it doesn’t?

John Strand

IANS Faculty

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

Improve Infrastructure and Ops

Bringing Red/Blue/Purple Teaming into Balance

with

Your Red Team does one thing, your Blue Team does the other, and they don’t talk. Companies struggle to get them on the same page and achieve the true value of these exercises. What to do? This session will explore:

The most valuable KPIs to use for these activities
How to use automation testing to test the effectiveness of a response during an exercise
How to leverage balanced scorecards for direct tracking of capabilities

George Gerchow

IANS Faculty

Secure the Cloud

Choosing a Cloud Provider

with

There are too many vendors, an over-saturated market and confusion over the security requirements that truly matter vs. the vendor fluff. In this session, you’ll learn how cut through the confusion and address:

What the cloud provider landscape look like
When to go with a big player as opposed to smaller players
Questions you should ask internally before looking at potential providers
The right (or wrong) questions to ask prospective cloud providers

Davi Ottenheimer

IANS Faculty

Improve Infrastructure and Ops

Vendor Optimization: Thinning the Herd

with

There are too many security vendors that have expanded offerings in a way that has created a lot of overlap and complexity within Fortune 1000 companies’ environments. This session will explore:

How to do an assessment and logically start pruning your stack
How one tool can replace several others without loss of functionality or controls coverage
The most important questions to ask your existing and prospective vendors in order to determine where the overlap exists
Specific examples of what you can kill?
Integrations between products that currently exist but are not being leveraged

Ondrej Krehel

IANS Faculty

Protect Applications and Data

Blockchain: What Your Vendors Have and How to Use It

with

Companies don’t understand how blockchain works inside their security vendor offerings. This session will arm attendees with a stronger foundation by exploring:

The use cases around how blockchain enhances security
Blockchain-related products that are actually viable
How blockchain increase the efficacy of things like vulnerability management and SIEM
What CISOs should tell their exec stakeholders about blockchain

2:25 PM - 3:00 PM

Technology Group 2

3:00 PM - 3:20 PM

Tabletop Break

3:20 PM - 3:55 PM

Technology Group 2

Aaron Turner

IANS Faculty

4:05 PM - 4:40 PM Afternoon Roundtable How-To Sessions Detect, Respond and Recover

How to Fill SIEM Gaps with UEBA/SOAR

with

Organizations want their SIEM to alert them in real time, but that’s not happening. Instead, their SIEM only helps determine how a breach occurred after the fact. Practitioners have heard that UEBA and SOAR can be used to overcome the limits of their current SIEM set up, but they seek concrete answers about how it all works and what kind of training and investments are required. In this session, attendees will learn:

The specific actions they must take in order to fully understand where their SIEM is hitting the wall,
A list of ways to tell if their MSSP is properly goaled/resourced/qualified to correlate and alert in real time, and
A clearer understanding of the small and well-defined situations AI/ML is best suited for.

John Strand

IANS Faculty

Protect Applications and Data

Hybrid Web App Pen Testing

with

Companies do not know whether to do manual or automated web app pen testing, or to go with the hybrid approach. To help find answers, this session will explore:

How the hybrid approach marks an improvement over the traditional approach
The limits of an automation-only approach
What you need in a toolkit -- examples: PortSwigger’s Burp Suite Pro (commercial), OWASP Zed Attack Proxy (open source).
The ideal testing methodology?

George Gerchow

IANS Faculty

Improve Infrastructure and Ops

DevSecOps Business Cases

with

Companies still struggle to get developers and security on the same page. They need case studies to show them where and how DevSecOps successes have happened. To that end, this session explores:

Case studies of DevSecOps done right
How to measure your maturity for DevSecOps -- Phase 1 to Phase 5, for example
How to put the “Shift Left” DevSecOps workflow in place
How DevSecOps leads to more secure cloud deployments
How to use DevSecOps to improve security in IoT technology when they are at the development stage

Davi Ottenheimer

IANS Faculty

Protect Applications and Data

Getting Control of Container Security

with

Fortune 1000 problem: Companies spin up containers quickly, then set them loose with no security due diligence. It’s a process problem as much as a technology issue. Questions to address:

How can a company create a more deliberate process to determine when containers are necessary?
What is some specific automation or orchestration tools? (Docker Swarm, Kubernates). This part is the end.
How does one optimize such tools as AppArmor and SELinuxbecause to prevents a misconfiguration or bug at the container daemon level?
What is Docker Notary and how can it add a layer of trust?
What are some of the more recent attacks to exploit unsecured containers?

Kenneth van Wyk

IANS Faculty

Improve Infrastructure and Ops

Mobile Device Management: Case Studies of Success and Failure

with

Companies still struggle to secure personal devices on the company network. They need examples and case studies of how others have successfully (and unsuccessfully) done it. This session explores:

How to develop a threat model for all types of personal devices
How to you approach data protections on devices without traditional security controls
Who owns the endpoint? Does it matter anymore?
The differences between iOS vs. Android
Is ZeroTrust enabling secure BYOD procedures or preventing it?

4:45 PM - 5:45 PM

Networking Reception

Come network with your peers! Hors d'eouvres and cocktails will be served!

DAY 2

8:00 AM - 9:00 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

Giancarlo Profenna

Zurich Insurance, Executive and VP

Giancarlo Profenna is an Executive and VP at Zurich Insurance overseeing Global Information Security Governance. Giancarlo has spent over 18 years in the development and implementation of security, performance improvement and strategy. Early in his career, he worked for a small entrepreneurial company, developing products and services and managing the infrastructure. As a consultant with PwC, he focused on the healthcare and financial sectors. He served as the national lead for security strategy while leading security and performance improvement engagements. At Zurich, Giancarlo leads a team focused on analytics, assessment, governance and strategy. He has led multiple transformative global programs, including implementing the company’s first baseline controls assessment, building out a security inventory, and creating a KRI based approach to measure risk reduction. Giancarlo is currently involved in initiatives in Cyber Insurance, Cyber Policy development and Cyber and Information Security Strategy. Giancarlo has lived and worked abroad in Switzerland, has earned both Master’s and Bachelor’s degrees from Loyola University Chicago and holds certificates of CISSP, CISA and CISM.

9:00 AM - 9:30 AM

Using the MITRE ATT&CK to Assess Your Cyber and Information Security Defenses: A Journey

with Giancarlo Profenna will discuss an approach to using the MITRE ATT&CK framework to assess and to bolster Cyber and Information Security posture. During his keynote, Giancarlo will introduce the ATT&CK framework and articulate its value, will describe how the framework supports other frameworks (NIST & ISO) around compliance & reporting, and will provide lessons learned from applying the ATT&CK framework to assess Cyber and Information Security readiness.

9:40 AM - 10:15 AM

Technology Group 2

10:25 AM - 11:00 PM

Technology Group 2

Kenneth van Wyk

IANS Faculty

Detect, Respond and Recover

Insider Threats

with

Companies are usually unaware that a malicious insider is up to no good in their networks until it’s too late. They need help knowing how to identify early red flags. To that end, this session will explore:

Early red flags to look for
Security controls you can put in place to detect and prevent insider threat activity
Top insider threat monitoring solutions, their strengths and weaknesses
Detection tool essentials

11:00 AM - 11:20 AM

Tabletop Break

Davi Ottenheimer

IANS Faculty

11:20 AM - 12:50 PM Morning Roundtable How-To Sessions Detect, Respond and Recover

Breaking a Failed Vulnerability Management Cycle

with

Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right. This session will explore:

Particular tools you should be using to create more automation
How to use automation to move through the flaw finding and patching process more quickly
Which companies have taken this to the next level
What they did to move past the struggle most still find themselves in
What the Vulnerability Management Process Workflow is and how will it help
How can organizations can ensure data within their SQL Server, DB2 and Oracle databases are secure?
Besides Shodan, some other tools that will cast a wider net for vulnerabilities

Ondrej Krehel

IANS Faculty

Detect, Respond and Recover

Cryptojacking & Cryptocurrency Mining: Defensive Measures

with

Cryptojacking malware and crypto mining are eating AWS resources, tying up CPU capacity and costing money. This session will help you fight back by exploring:

How to tell if cryptomining malware is in the system
How to get the malware out of your systems
How to keep it out
The most prolific cryptocurrency-based attacks targeting companies
How this malware differs from others, such as worms, ransomware and Trojans

John Strand

IANS Faculty

Detect, Respond and Recover

Deception and Honeypots

with

Companies struggle enough with basic security tasks and don’t truly know if deception/honeypots are worth trying or if they would provide the adequate ROI. To help them reach a better place, this session will explore:

What level of operational maturity one must have for honeypots/deception to make sense?
How to find balance when it comes to how many doors to leave open for snoopers and would-be thieves.
The latest honeypot/deception technologies worth deploying
The management/technology overhang associated with them?
Buying versus building

George Gerchow

IANS Faculty

Secure the Cloud

Multi-cloud Deployments: People, Process, Technology

with

The process to align controls, capabilities and governance is a mess, with misaligned team reporting structures and central management that fails to span environments. This session will explore:

How to compare/contrast controls between multiple PaaS/IaaS environments
How to evolve Identity and Access Management for multi-cloud deployments
Which controls lend themselves to centralization and multiple cloud environments
How to adapt governance, risk assessment and critical security processes for multi-cloud deployments

Ron Ritchey

IANS Faculty

Ron is a seasoned technologist specializing in cyber security with over 30 years of experience in the IT industry. Currently, he is the global lead for Cyber Architecture at JP Morgan Chase. His group is responsible for designing secure solutions to support their clients and employees. He is also an active researcher and speaker in the Information Assurance (IA) field and is widely published on network security topics including co-authoring books on Software Assurance and Insider Threats.

Protect Applications and Data

Prioritizing Privilege Management

with

As IT infrastructure gets more complex and infrastructure-as-a-service (IaaS) becomes a reality, one of the few controls we have left is privileged user management (PUM). But it’s difficult to get it right. To advance in the right direction, this session will explore:

How to link privileged access management to change management
How to identify what is happening with the use of these credentials
How to Identify the appropriate tools to use for privileged access management
How to handle insider threats related to privilege abuse/misuse

Chris Calvert

Respond Software, VP Products

Respond Software, VP Product Strategy and Co-Founder

Chris has over 30 years of experience in defensive information security: 14 years in the defense and intelligence community and 17 years in the commercial industry. He has worked on the Defense Department Joint Staff and held leadership positions in both large and small companies, including IBM and HPE. He has designed, built and managed global security operations centers and incident response teams for six of the global Fortune-50. As he often says, if you have complaints about today’s security operations model, you can partially blame him. It’s from his first-hand experience in learning the limitations of the man vs. data SecOps model that Chris leads product design and strategy for Respond Software.

12:50 PM - 1:40 PM

Lunch & Sponsor Keynote: The Power of AI to Disrupt Security Ops

with

Many of today’s companies are hesitant to adopt new security technologies – particularly AI. The truth is AI is successfully disrupting many area of security operations and shifting us away from the traditional SOC and man-led threat intelligence. In this session, Chris Calvert will introduce the concept of autonomous security driven by AI, probability theory and advanced algorithms. These new technologies apply reasoning, judgement and experience to identify threats and make decisions at the scale, speed and consistency no human can match, freeing up analysts for higher level investigation and response actions.

Calvert believes that this new approach to old security issues, shifting from human-led security to machine-led security and utilizing AI, can and will be realistic for any security organization.

1:50 PM - 2:25 PM

Technology Group 1

2:35 PM - 3:10 PM

Technology Group 1

Davi Ottenheimer

IANS Faculty

3:20 PM - 4:20 PM Afternoon Roundtable How-To Sessions Improve Infrastructure and Ops

Case Study: How One Company Uses AI/ML

with

Companies have heard much about the benefits of AI/ML but have struggled to see where it’s useful in their environments. This session will explore:

How BOA or another big company are doing it.

John Strand

IANS Faculty

Detect, Respond and Recover

New Threat Hunting Techniques

with

Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. This session explores the latest techniques in that area, and how to:

Position hunt teams to directly increase the overall maturity (and ROI) of their monitoring and detection capabilities, and
Detect abnormal patterns of behavior.

George Gerchow

IANS Faculty

Secure the Cloud

Adapting the SOC to a Cloud Environment

with

Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. They need to adapt to life in the cloud, and this session will explore how to get there. Issues addressed include:

How an old-world SOC differs from one in the cloud
Changes you need to make with your SOC
How to make that transition without dropping the ball in either world
Skills that need to be picked up in the new cloud-based SOC
Examples of cloud detection and response

Ron Ritchey

IANS Faculty

Improve Infrastructure and Ops

IoT: Who Owns Device Risk Management

with

There’s no clear consensus on who is responsible for managing risks associated with IoT devices in an organization. This session is designed to clear up that confusion. Attendees will learn:

Where all the IOT devices are
The breakdown of who should be in charge of security risks related to IOT
How to assemble a responsibility tree for who does what if an IOT-related compromise happens

4:20 PM - 4:35 PM

Closing Ceremonies

Come network with your peers! Hors d'eouvres and cocktails will be served!

2019 New York Speakers

JP Blaho

Arbor Networks, Market Insights leader

JP received his BS degree from Bethany College in Bethany, West Virginia, and received his MBA from Northeastern University’s D’Amore-McKim School of Business in Boston, Massachusetts.

Presentations

Lunch & Sponsor Keynote: Visibility Without Borders: Building a Security Posture to Stop Attacks Closer to the SourceDAY 112:00 PM - 12:50 PM

Chris Calvert

Respond Software, VP Products

Respond Software, VP Product Strategy and Co-Founder

Presentations

Lunch & Sponsor Keynote: The Power of AI to Disrupt Security OpsDAY 212:50 PM - 1:40 PM

George Gerchow

IANS Faculty

Presentations

GDPR: Learning from EU Regulatory Enforcement ActionsDAY 110:35 AM - 11:10 AM
Choosing a Cloud ProviderDAY 11:00 PM - 2:15 PM
DevSecOps Business CasesDAY 14:05 PM - 4:40 PM
Multi-cloud Deployments: People, Process, TechnologyDAY 211:20 AM - 12:50 PM
Adapting the SOC to a Cloud EnvironmentDAY 23:20 PM - 4:20 PM

Ondrej Krehel

IANS Faculty

Presentations

The Changing Face of RansomwareDAY 110:35 AM - 11:10 AM
Blockchain: What Your Vendors Have and How to Use ItDAY 11:00 PM - 2:15 PM
Cryptojacking & Cryptocurrency Mining: Defensive MeasuresDAY 211:20 AM - 12:50 PM

Shamla Naidoo

IANS Faculty

Presentations

Keynote Interview: From the Durban Slums to Leading Big Blue’s InfoSec TeamDAY 18:45 AM - 9:30 AM

Davi Ottenheimer

IANS Faculty

Presentations

How to Recruit and Retain the Best PeopleDAY 110:35 AM - 11:10 AM
Vendor Optimization: Thinning the HerdDAY 11:00 PM - 2:15 PM
Getting Control of Container SecurityDAY 14:05 PM - 4:40 PM
Breaking a Failed Vulnerability Management CycleDAY 211:20 AM - 12:50 PM
Case Study: How One Company Uses AI/MLDAY 23:20 PM - 4:20 PM

Giancarlo Profenna

Zurich Insurance, Executive and VP

Presentations

Using the MITRE ATT&CK to Assess Your Cyber and Information Security Defenses: A JourneyDAY 29:00 AM - 9:30 AM

Ron Ritchey

IANS Faculty

Presentations

Prioritizing Privilege ManagementDAY 211:20 AM - 12:50 PM
IoT: Who Owns Device Risk ManagementDAY 23:20 PM - 4:20 PM

John Strand

IANS Faculty

Presentations

Bringing Red/Blue/Purple Teaming into BalanceDAY 11:00 PM - 2:15 PM
Hybrid Web App Pen TestingDAY 14:05 PM - 4:40 PM
Deception and HoneypotsDAY 211:20 AM - 12:50 PM
New Threat Hunting TechniquesDAY 23:20 PM - 4:20 PM

Aaron Turner

IANS Faculty

Presentations

Advancements in Secure Remote AccessDAY 110:35 AM - 11:10 AM
Cutting Through the AI/ML Vendor HypeDAY 11:00 PM - 2:15 PM
How to Fill SIEM Gaps with UEBA/SOARDAY 14:05 PM - 4:40 PM

Kenneth van Wyk

IANS Faculty

Presentations

File Security: Tools and Techniques in 2019DAY 110:35 AM - 11:10 AM
Mobile Device Management: Case Studies of Success and FailureDAY 14:05 PM - 4:40 PM
Insider ThreatsDAY 210:35 AM - 11:00 AM

Crowne Plaza Times Square

1605 Broadway, New York, NY

Room Rate:

^$319

per night plus tax

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 6 credits through our partnership with (ISC)2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process, then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum opens at 8:30, with the Keynote kicking off at 9:00am.

What's the registration deadline?

You can register for and IANS event up to the day of the event.

Onsite Questions

Are the presentations available for viewing after the Forum?

All IANS Faculty sessions presentation decks will be available after the Forum.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located on the lobby page under Resources.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please follow us on Twitter.

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers throughout the day. Please use the direct messaging feature with the platform to connect with and chat with colleagues

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Executive Competencies

Online Training