2019 Houston Information Security Forum

8:00 AM - 8:45 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

8:45 AM - 9:00 AM

IANS Welcome & State of the Industry

Come join us as we welcome you to the Forum.

9:00 AM - 9:30 AM

Keynote Interview

More info coming soon.

9:30 AM - 9:50 AM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.

9:50 AM - 10:25 AM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.

Teri Radichel

IANS Faculty

Teri Radichel was on the original team that helped Capital One, the first major US Bank to use AWS, move production workloads to the cloud. She then architected a SAAS IOT solution for firewalls connecting to the cloud for a security vendor. She also led a cloud team of 30 people and delivered a secure CI/CD pipeline based on her white paper, Balancing Security and Innovation with Event Driven Automation. Now she focuses on training, penetration testing, and cloud security assessments. She also enjoys security research and writing. You can find her articles in publications like Dark Reading, Infosecurity Magazine, and her cloud security blog. Teri has presented on cloud security at conferences like RSA, AWS re:Invent, Countermeasure IT, SANS Networking, SANS Cloud Summit, and BSides. She is an AWS Hero and runs the Seattle AWS Architects and Engineers meetup which has almost 3,000 members. She received the 2017 SANS Differences Makers Award and was on the initial SANS cloud security curriculum advisory board. She now offers training through IANS Summits and other venues. Cybersecurity certifications: GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN

10:35 AM - 11:20 AM Morning Roundtable How-To Sessions Secure the Cloud

Achieving Cloud Migration

with

Fortune 1000 organizations have a complex legacy of platforms, software and networks, and there’s no single playbook to move it all to a new platform because each piece of infrastructure is so different. But there are ways to achieve success. This session will show you how by addressing:

The proper sequence of events?
Problems to expect in different industries and from different data types
Regulatory considerations
Tools of note
How Hashicorp and the Shared Responsibility Model can help

Ken Van Wyk

IANS Faculty

Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.

Improve Infrastructure and Ops

Mobile Device Management: Case Studies of Success and Failure

with

Fortune 1000 organizations have a complex legacy of platforms, software and networks, and there’s no single playbook to move it all to a new platform because each piece of infrastructure is so different. But there are ways to achieve success. This session will show you how by addressing:

The proper sequence of events?
Problems to expect in different industries and from different data types
Regulatory considerations
Tools of note
How Hashicorp and the Shared Responsibility Model can help

Bill Dean

IANS Faculty

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.

Improve Infrastructure and Ops

Advances in Network Visibility

with

Network security and monitoring remains essential in light of increasing volumes of data and an ever-expanding threat landscape, but comprehensive network visibility is hard, and organizations need better guidance. This session aims to provide that by looking at:

What organizations are missing and which vendors and techniques can help

11:30 AM - 12:05 PM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.

12:05 PM - 1:00 PM

Lunch & Faculty Keynote

More info coming soon.

1:05 PM - 1:40 PM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.

Teri Radichel

IANS Faculty

Teri Radichel was on the original team that helped Capital One, the first major US Bank to use AWS, move production workloads to the cloud. She then architected a SAAS IOT solution for firewalls connecting to the cloud for a security vendor. She also led a cloud team of 30 people and delivered a secure CI/CD pipeline based on her white paper, Balancing Security and Innovation with Event Driven Automation. Now she focuses on training, penetration testing, and cloud security assessments. She also enjoys security research and writing. You can find her articles in publications like Dark Reading, Infosecurity Magazine, and her cloud security blog. Teri has presented on cloud security at conferences like RSA, AWS re:Invent, Countermeasure IT, SANS Networking, SANS Cloud Summit, and BSides. She is an AWS Hero and runs the Seattle AWS Architects and Engineers meetup which has almost 3,000 members. She received the 2017 SANS Differences Makers Award and was on the initial SANS cloud security curriculum advisory board. She now offers training through IANS Summits and other venues. Cybersecurity certifications: GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN

1:50 PM - 3:05 PM Afternoon Roundtable Workshop Sessions Detect, Respond and Recover

Cryptojacking & Cryptocurrency Mining: Defensive Measures

with

Cryptojacking malware and crypto mining are eating AWS resources, tying up CPU capacity and costing money. This session will help you fight back by exploring:

How to tell if cryptomining malware is in the system
How to get the malware out of your systems
How to keep it out
The most prolific cryptocurrency-based attacks targeting companies
How this malware differs from others, such as worms, ransomware and Trojans

Ken Van Wyk

IANS Faculty

Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.

Detect, Respond and Recover

Insider Threats

with

Companies are usually unaware that a malicious insider is up to no good in their networks until it’s too late. They need help knowing how to identify early red flags. To that end, this session will explore:

Early red flags to look for
Security controls you can put in place to detect and prevent insider threat activity
Top insider threat monitoring solutions, their strengths and weaknesses
Detection tool essentials

Bill Dean

IANS Faculty

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.

Improve Infrastructure and Ops

Bringing Red/Blue/Purple Teaming into Balance

with

Your Red Team does one thing, your Blue Team does the other, and they don’t talk. Companies struggle to get them on the same page and achieve the true value of these exercises. What to do? This session will explore:

The most valuable KPIs to use for these activities
How to use automation testing to test the effectiveness of a response during an exercise
How to leverage balanced scorecards for direct tracking of capabilities

3:05 PM - 3:25 PM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.

3:25 PM - 4:00 PM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.

Teri Radichel

IANS Faculty

Teri Radichel was on the original team that helped Capital One, the first major US Bank to use AWS, move production workloads to the cloud. She then architected a SAAS IOT solution for firewalls connecting to the cloud for a security vendor. She also led a cloud team of 30 people and delivered a secure CI/CD pipeline based on her white paper, Balancing Security and Innovation with Event Driven Automation. Now she focuses on training, penetration testing, and cloud security assessments. She also enjoys security research and writing. You can find her articles in publications like Dark Reading, Infosecurity Magazine, and her cloud security blog. Teri has presented on cloud security at conferences like RSA, AWS re:Invent, Countermeasure IT, SANS Networking, SANS Cloud Summit, and BSides. She is an AWS Hero and runs the Seattle AWS Architects and Engineers meetup which has almost 3,000 members. She received the 2017 SANS Differences Makers Award and was on the initial SANS cloud security curriculum advisory board. She now offers training through IANS Summits and other venues. Cybersecurity certifications: GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN

1:50 PM - 3:05 PM Afternoon Roundtable How-To Sessions Secure the Cloud

Adapting the SOC to a Cloud Environment

with

Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. They need to adapt to life in the cloud, and this session will explore how to get there. Issues addressed include:

How an old-world SOC differs from one in the cloud
Changes you need to make with your SOC
How to make that transition without dropping the ball in either world
Skills that need to be picked up in the new cloud-based SOC
Examples of cloud detection and response

Bill Dean

IANS Faculty

Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.

Detect, Respond and Recover

New Threat Hunting Techniques

with

Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. This session explores the latest techniques in that area, and how to:

Position hunt teams to directly increase the overall maturity (and ROI) of their monitoring and detection capabilities
Detect abnormal patterns of behavior

Ken Van Wyk

IANS Faculty

Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.

Advance Your Team

Case Study: Building a Better Security Culture

with

Companies struggle to find a successful recipe for their security culture and need a concrete example of what another company has done to get it right. This session will offer:

A case study for a company that has succeeded in growing a true security culture
Three things you can do to change that trajectory and actually make your program effective
Ways to expand the team with non-traditional security staff (i.e. ambassadors/champions)

5:10 PM - 6:00 PM

Networking Reception

Come network with your peers! Hors d'eouvres and cocktails will be served!