.en-dash:after { content: '–'; } .em-dash:after { content: '—'; }

2019 Los Angeles
Information Security Forum

#IANSLA #IANSEvents

June 27, 2019
Omni Los Angeles Hotel at California Plaza, 251 S Olive St, Los Angeles, CA

The IANS 2019 Los Angeles Information Security Forum delivers an immersive curriculum with 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers. Attend the one-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise security leaders. Network with peers to benchmark your information security practices and engage with IANS Faculty during interactive sessions.

Let your colleagues know you're coming!

This event has ended.

Check out our other upcoming events!

View All Events
*Receive 1 CPE credit for every hour of attendance at our events.
CPE credits will be awarded for attending the event.

Day 1

8:00 AM - 8:45 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
8:45 AM - 9:00 AM

IANS Welcome & State of the Industry

Come join us as we welcome you to the Forum.
Darrell Jones

Darrell Jones

Ares Management LLP., Senior Vice President and Chief Information Security Officer

Mr. Jones is a Principal and Chief Information Security Officer in the Ares Technology and Information Security Department. Prior to joining Ares in 2018, Mr. Jones was an Information Security Officer at Herbalife Nutrition, where he lead the program to ensure the security of Herbalifes' data. Mr. Jones holds a B.A. from Texas A&M University in History and an M.S. and M.B.A. from Regis University in Information Technology.

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

9:00 AM - 9:30 AM

Keynote Interview: A Discussion with Darrell Jones

with Darrell Jones and Phil Gardner

Join Phil Gardner and Darrell Jones, CISO of Ares Management, for an interview on what it’s like to be a CISO in today’s fast-changing environment. Topics for their discussion will include:

  • Tell us your story. How did you get your CISO job?
  • Give us some examples of how your InfoSec team supports your business.
  • Share a mistake that you’ve made. What did you learn?
  • How do you stay organized?
9:30 AM - 9:50 AM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
9:50 AM - 10:25 AM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
davi-ottenheimer

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

10:35 AM - 11:20 AM Morning Roundtable How-To Sessions Protect Applications and Data

Getting Control of Container Security

with Davi Ottenheimer

Fortune 1000 problem: Companies spin up containers quickly, then set them loose with no security due diligence. It’s a process problem as much as a technology issue. Questions to address:

  • How can a company create a more deliberate process to determine when containers are necessary?
  • What is some specific automation or orchestration tools? (Docker Swarm, Kubernates). This part is the end.
  • How does one optimize such tools as AppArmor and SELinuxbecause to prevents a misconfiguration or bug at the container daemon level?
  • What is Docker Notary and how can it add a layer of trust?
  • What are some of the more recent attacks to exploit unsecured containers?
11:30 AM - 12:05 PM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Mike McNerney

Mike McNerney

NETSCOUT Threat Intelligence, Product Manager

Michael McNerney currently leads the cyber threat intelligence business at Arbor Networks: the Security Business Unit of NETSCOUT.Previously, he was the Co-founder and CEO of Efflux Systems, a cybersecurity startup focusedon advancednetwork analytics (acquiredby Arbor Networksin 2017).

Mike has also served as a Cyber Policy Advisor in the Office of the Secretary of Defense, where he drafted and negotiated key pieces of federal legislation through the congressional process and worked with defense industry, internet service providers and tech companies to develop cybersecurity programs.Prior to that position, Mike worked in the U.S. State Department, where he pioneered rule of law and economicdevelopment programs in the Middle East and Afghanistan.

Mike is a veteran officer of the US Air Force, an affiliate at the Stanford Center for International Security and Cooperation, a fellow at the Truman National Security Project, a lecturer of political science at California State University, and the co-founder of Technology for Global Security.

 

12:05 PM - 1:00 PM

Lunch & Sponsor Keynote: Information Availability and Elections

with Mike McNerney

Most people are focused on misinformation in elections but the denial of information can be as dangerous. For candidates and businesses, getting your message out is critical. In cybersecurity, DDoS is the weapon of choice against information availability and these attacks have never been more dynamic.

1:10 PM - 1:45 PM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
davi-ottenheimer

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

1:55 PM - 3:10 PM Afternoon Roundtable Workshop Sessions Protect Applications and Data

Prioritizing Privilege Management

with Davi Ottenheimer

As IT infrastructure gets more complex and infrastructure-as-a-service (IaaS) becomes a reality, one of the few controls we have left is privileged user management (PUM). But it’s difficult to get it right. To advance in the right direction, this session will explore:

  • How to link privileged access management to change management
  • How to identify what is happening with the use of these credentials
  • How to Identify the appropriate tools to use for privileged access management
  • How to handle insider threats related to privilege abuse/misuse
3:10 PM - 3:30 PM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
3:30 PM - 4:05 PM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
davi-ottenheimer

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

4:15 PM - 5:15 PM Afternoon Roundtable How-To Sessions Secure the Cloud

Cutting Through the AI/ML Vendor Hype

with Davi Ottenheimer

Vendors hype the benefits of AI/ML too broadly when it’s really meant for small, well-defined situations. This session will address the following:

  • When we say AI/ML is for small or well-defined situations, what are examples of those?
  • What are specific examples of where AI/ML works, and where it doesn’t?
5:15 PM - 6:15 PM

Networking Reception

Come network with your peers! Hors d'eouvres and cocktails will be served!
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Improve Infrastructure and Ops

DevSecOps Business Cases

with George Gerchow

Companies still struggle to get developers and security on the same page. They need case studies to show them where and how DevSecOps successes have happened. To that end, this session explores:

  • Case studies of DevSecOps done right
  • How to measure your maturity for DevSecOps -- Phase 1 to Phase 5, for example
  • How to put the “Shift Left” DevSecOps workflow in place
  • How DevSecOps leads to more secure cloud deployments
  • How to use DevSecOps to improve security in IoT technology when they are at the development stage
jake-williams

Jake Williams

IANS Faculty

Jake Williams, the CTO and Co-Founder of BreachQuest and Rendition Infosec, has two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding BreachQuest and Rendition Infosec, Williams worked with various government agencies in information security. Williams is an IANS Faculty Member and works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.

Detect, Respond and Recover

The Changing Face of Ransomware

with Jake Williams

Ransomware continues to be a significant problem for many organizations, and it has shown a ferocious ability to evolve. One reason is ransomware as a service, where people with little skill can buy ransomware-making kits online. This session explores:

  • Ways ransomware has evolved in the last 6-12 months
  • What ransomware as a service looks like and why it’s such a problem
  • What vendors are doing to get ahead of the bad guys.
jake-williams

Jake Williams

IANS Faculty

Jake Williams, the CTO and Co-Founder of BreachQuest and Rendition Infosec, has two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding BreachQuest and Rendition Infosec, Williams worked with various government agencies in information security. Williams is an IANS Faculty Member and works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.

Detect, Respond and Recover

Deception and Honeypots

with Jake Williams

Companies struggle enough with basic security tasks and don’t truly know if deception/honeypots are worth trying or if they would provide the adequate ROI. To help them reach a better place, this session will explore:

  • What level of operational maturity one must have for honeypots/deception to make sense?
  • How to find balance when it comes to how many doors to leave open for snoopers and would-be thieves
  • The latest honeypot/deception technologies worth deploying
  • The management/technology overhang associated with them?
  • Buying versus building
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Secure the Cloud

Adapting the SOC to a Cloud Environment

with George Gerchow

Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. They need to adapt to life in the cloud, and this session will explore how to get there. Issues addressed include:

  • How an old-world SOC differs from one in the cloud
  • Changes you need to make with your SOC
  • How to make that transition without dropping the ball in either world
  • Skills that need to be picked up in the new cloud-based SOC
  • Examples of cloud detection and response
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Manage Privacy and Risk

Building a Better Privacy Program

with George Gerchow

The existing and forecasted data privacy/protection legislation is taxing the current privacy model inside large organizations. This session will explore how the CISO and CPO can mature their orgs to meet the new level of regulation. Topics to be explored:

  • How these regulations are changing the privacy function inside organizations
  • Key areas where you need to mature your privacy function
  • What new skills are required?
  • What changes are needed in people, processes and tech
  • How to clarify what GDPR is really requiring when it comes to having a CPO
  • What responsibilities fall under security vs. privacy?
jake-williams

Jake Williams

IANS Faculty

Jake Williams, the CTO and Co-Founder of BreachQuest and Rendition Infosec, has two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding BreachQuest and Rendition Infosec, Williams worked with various government agencies in information security. Williams is an IANS Faculty Member and works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.

Detect, Respond and Recover

Insider Threats

with Jake Williams

Companies are usually unaware that a malicious insider is up to no good in their networks until it’s too late. They need help knowing how to identify early red flags. To that end, this session will explore:

  • Early red flags to look for
  • Security controls you can put in place to detect and prevent insider threat activity
  • Top insider threat monitoring solutions, their strengths and weaknesses
  • Detection tool essentials

2019 Los Angeles Speakers

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Presentations
  • DevSecOps Business CasesDay 110:35 AM - 11:20 AM
  • Adapting the SOC to a Cloud EnvironmentDay 11:55 PM - 3:10 PM
  • Building a Better Privacy ProgramDay 14:15 PM - 5:15 PM
Darrell Jones

Darrell Jones

Ares Management LLP., Senior Vice President and Chief Information Security Officer

Mr. Jones is a Principal and Chief Information Security Officer in the Ares Technology and Information Security Department. Prior to joining Ares in 2018, Mr. Jones was an Information Security Officer at Herbalife Nutrition, where he lead the program to ensure the security of Herbalifes' data. Mr. Jones holds a B.A. from Texas A&M University in History and an M.S. and M.B.A. from Regis University in Information Technology.

Presentations
  • Keynote Interview: A Discussion with Darrell JonesDay 19:00 AM - 9:30 AM
Mike McNerney

Mike McNerney

NETSCOUT Threat Intelligence, Product Manager

Michael McNerney currently leads the cyber threat intelligence business at Arbor Networks: the Security Business Unit of NETSCOUT.Previously, he was the Co-founder and CEO of Efflux Systems, a cybersecurity startup focusedon advancednetwork analytics (acquiredby Arbor Networksin 2017).

Mike has also served as a Cyber Policy Advisor in the Office of the Secretary of Defense, where he drafted and negotiated key pieces of federal legislation through the congressional process and worked with defense industry, internet service providers and tech companies to develop cybersecurity programs.Prior to that position, Mike worked in the U.S. State Department, where he pioneered rule of law and economicdevelopment programs in the Middle East and Afghanistan.

Mike is a veteran officer of the US Air Force, an affiliate at the Stanford Center for International Security and Cooperation, a fellow at the Truman National Security Project, a lecturer of political science at California State University, and the co-founder of Technology for Global Security.

 

Presentations
  • Lunch & Sponsor Keynote: Information Availability and ElectionsDay 112:05 PM - 1:00 PM
davi-ottenheimer

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

Presentations
  • Getting Control of Container SecurityDay 110:35 AM - 11:20 AM
  • Prioritizing Privilege ManagementDay 11:55 PM - 3:10 PM
  • Cutting Through the AI/ML Vendor HypeDay 14:15 PM - 5:15 PM
jake-williams

Jake Williams

IANS Faculty

Jake Williams, the CTO and Co-Founder of BreachQuest and Rendition Infosec, has two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding BreachQuest and Rendition Infosec, Williams worked with various government agencies in information security. Williams is an IANS Faculty Member and works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.

Presentations
  • The Changing Face of RansomwareDay 110:35 AM - 11:20 AM
  • Deception and HoneypotsDay 11:15 PM - 3:10 PM
  • Insider ThreatsDay 14:15 PM - 5:15 PM

Omni Los Angeles Hotel at California Plaza

251 S Olive St, Los Angeles, CA 90012

Room Rate:

$239

per night plus tax

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 6 credits through our partnership with (ISC)2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process, then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum opens at 8:30, with the Keynote kicking off at 9:00am.

What's the registration deadline?
You can register for and IANS event up to the day of the event.

Onsite Questions

Are the presentations available for viewing after the Forum?

All IANS Faculty sessions presentation decks will be available after the Forum.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located on the lobby page under Resources.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please follow us on Twitter.

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers throughout the day. Please use the direct messaging feature with the platform to connect with and chat with colleagues

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for information security practitioners across all industries. Attendees include CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Interested in Forum Sponsorship? Learn More.

Check out IANS other upcoming events