Day 1
Registration & Breakfast
Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.IANS Welcome and Perspective
Come join us as we welcome you to the Forum.
Major General Stephen Clark
Major General, United States Air Force (Retired)
Stephen recently retired from the Air Force after 32 years of dedicated service. He now serves on the Board of Directors of the Jack and Jill Late Stage Cancer Foundation (JAJF.org) treating the families not the cancer, as well as Education Services of America (ESA), dba EdSouth/Services, a non-profit financial holding company focused on expanding educational opportunities and financial literacy. Stephen also owns his own consulting company (Stephen Clark Consulting LLC) focused on corporate leadership, crisis leadership, strategic planning, national security and public speaking.
Prior to his retirement Stephen was the Director of Programs for the United States Air Force overseeing the development, justification, and consolidation of the Air Forces five year financial plan totaling over $750B in resources and manpower. Previously, he served as the Director of Plans, Programs, Requirements, and Manpower for the United States Special Operations Command where he oversaw the development and consolidation of the Special Operations five year plan integrating the plans of USSOCOM’s five component commands. Stephen also served as the Deputy Commanding General of the Joint Special Operations Command where he helped lead global operations in support of regional commanders. Stephen has commanded at the Squadron, Group and Wing level. During his command of the 27th Special Operations Wing he was responsible for over 4000 Airmen, Civilians and their families, $15B worth of infrastructure and aircraft, a multi year construction program worth $1.5B, the operations of a military base, airfield, training range, and the execution of over 5000 combat hours. He has accumulated years of deployments to combat operations in Bosnia, Somalia, Haiti, Afghanistan and Iraq and participating in some of the nations most time sensitive operations.
Clark earned his bachelor’s degree in Political Science from the University of Tennessee, Masters in Public Administration from Troy State, Masters in National Security from the Naval War College, and was a Defense Fellow at Harvards Weatherhead Center for International Relations. Stephen is a command pilot with over 3300 hours primarily in the AC-130H/U gunship. Stephen is a member of the National Association of Corporate Directors and the Great Falls Rotary Club. He is an avid cyclist, skier, and enjoys fly fishing. Stephen and his wife Cynthia have two grown daughters Shelby and Sydney, and reside in Herndon, Virginia.
Leadership…A Human Endeavor: Observations from 32 Years in the Air Force and Joint Special Operations Community
with Major General Stephen ClarkAfter an extensive career in military leadership positions, Major General Stephen Clark knows there's a compelling distinction between a quality manager and a high-performing leader. At their extremes, people are compelled to follow managers because they have to, while they willingly follow leaders because they want to.
As such, highly effective leaders understand that true leadership is a human endeavor and requires understanding the aspirations, motivations and abilities of individuals and the development of an empathetic relationship. At the core of servant leadership is the belief that if we take care of our people, they will take care of the business. Key to building relationships is the ability to clearly communicate the vision, values and limitations that we expect our businesses to operate within through actions, words and behavior. Making the transition from manager to leader is a journey of experience, learning, failure and introspection…along with a heavy dose of courage and humility.
Tabletop Break
IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.Technology Group 1
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Teri Radichel
IANS Faculty
Teri Radichel was on the original team that helped Capital One, the first major US Bank to use AWS, move production workloads to the cloud. She then architected a SAAS IOT solution for firewalls connecting to the cloud for a security vendor. She also led a cloud team of 30 people and delivered a secure CI/CD pipeline based on her white paper, Balancing Security and Innovation with Event Driven Automation. Now she focuses on training, penetration testing, and cloud security assessments. She also enjoys security research and writing. You can find her articles in publications like Dark Reading, Infosecurity Magazine, and her cloud security blog. Teri has presented on cloud security at conferences like RSA, AWS re:Invent, Countermeasure IT, SANS Networking, SANS Cloud Summit, and BSides. She is an AWS Hero and runs the Seattle AWS Architects and Engineers meetup which has almost 3,000 members. She received the 2017 SANS Differences Makers Award and was on the initial SANS cloud security curriculum advisory board. She now offers training through IANS Summits and other venues. Cybersecurity certifications: GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN
Achieving Cloud Migration
with Teri RadichelFortune 1000 organizations have a complex legacy of platforms, software and networks, and there’s no single playbook to move it all to a new platform because each piece of infrastructure is so different. But there are ways to achieve success. This session will show you how by addressing:
- The proper sequence of events?
- Problems to expect in different industries and from different data types
- Regulatory considerations
- Tools of note
- How Hashicorp and the Shared Responsibility Model can help
Ken Van Wyk
IANS Faculty
Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.
DevSecOps Business Cases
with Ken Van WykCompanies still struggle to get developers and security on the same page. They need case studies to show them where and how DevSecOps successes have happened. To that end, this session explores:
- Case studies of DevSecOps done right
- How to measure your maturity for DevSecOps -- Phase 1 to Phase 5, for example
- How to put the “Shift Left” DevSecOps workflow in place
- How DevSecOps leads to more secure cloud deployments
- How to use DevSecOps to improve security in IoT technology when they are at the development stage
Bill Dean
IANS Faculty
Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.
Advances in Network Visibility
with Bill DeanNetwork security and monitoring remains essential in light of increasing volumes of data and an ever-expanding threat landscape, but comprehensive network visibility is hard, and organizations need better guidance. This session aims to provide that by looking at:
- What organizations are missing and which vendors and techniques can help
Technology Group 2
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Riley Bruce
Code42, Technical Product Marketing Manager
Riley is Technical Product Marketing Manager at Code42 where he enjoys educating Security and IT teams through engaging technical content and presentation. Previously, Riley served in both customer support and customer education roles at Code42. In his spare time, he enjoys photography, travel and relaxing at the lake in northern Wisconsin with his pug Mimi.
Lunch & Sponsor Keynote: Departing Employees = Departing Data
with Riley Bruce Last year, 40 million people changed jobs and 60% of them admitted to taking data when they left. 90% of these inside threats go undetected for months. By the time organizations find out, the damage is already done. Riley Bruce, Technical Product Manager at Code42 will discuss market drivers behind the business need for real time detection and response for a growing inside threat: departing employees.InfraGard Houston Introduction
Join Tomas Ortiz from the InfraGard Houston Chapter for a short briefing on the organization's mission and purpose.Technology Group 2
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Teri Radichel
IANS Faculty
Teri Radichel was on the original team that helped Capital One, the first major US Bank to use AWS, move production workloads to the cloud. She then architected a SAAS IOT solution for firewalls connecting to the cloud for a security vendor. She also led a cloud team of 30 people and delivered a secure CI/CD pipeline based on her white paper, Balancing Security and Innovation with Event Driven Automation. Now she focuses on training, penetration testing, and cloud security assessments. She also enjoys security research and writing. You can find her articles in publications like Dark Reading, Infosecurity Magazine, and her cloud security blog. Teri has presented on cloud security at conferences like RSA, AWS re:Invent, Countermeasure IT, SANS Networking, SANS Cloud Summit, and BSides. She is an AWS Hero and runs the Seattle AWS Architects and Engineers meetup which has almost 3,000 members. She received the 2017 SANS Differences Makers Award and was on the initial SANS cloud security curriculum advisory board. She now offers training through IANS Summits and other venues. Cybersecurity certifications: GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN
Cryptojacking & Cryptocurrency Mining: Defensive Measures
with Teri RadichelCryptojacking malware and crypto mining are eating AWS resources, tying up CPU capacity and costing money. This session will help you fight back by exploring:
- How to tell if cryptomining malware is in the system
- How to get the malware out of your systems
- How to keep it out
- The most prolific cryptocurrency-based attacks targeting companies
- How this malware differs from others, such as worms, ransomware and Trojans
Teri Radichel
IANS Faculty
Teri Radichel was on the original team that helped Capital One, the first major US Bank to use AWS, move production workloads to the cloud. She then architected a SAAS IOT solution for firewalls connecting to the cloud for a security vendor. She also led a cloud team of 30 people and delivered a secure CI/CD pipeline based on her white paper, Balancing Security and Innovation with Event Driven Automation. Now she focuses on training, penetration testing, and cloud security assessments. She also enjoys security research and writing. You can find her articles in publications like Dark Reading, Infosecurity Magazine, and her cloud security blog. Teri has presented on cloud security at conferences like RSA, AWS re:Invent, Countermeasure IT, SANS Networking, SANS Cloud Summit, and BSides. She is an AWS Hero and runs the Seattle AWS Architects and Engineers meetup which has almost 3,000 members. She received the 2017 SANS Differences Makers Award and was on the initial SANS cloud security curriculum advisory board. She now offers training through IANS Summits and other venues. Cybersecurity certifications: GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN
Adapting the SOC to a Cloud Environment
with Teri RadichelSecurity Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. They need to adapt to life in the cloud, and this session will explore how to get there. Issues addressed include:
- How an old-world SOC differs from one in the cloud
- Changes you need to make with your SOC
- How to make that transition without dropping the ball in either world
- Skills that need to be picked up in the new cloud-based SOC
- Examples of cloud detection and response
Ken Van Wyk
IANS Faculty
Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.
Insider Threats
with Ken Van WykCompanies are usually unaware that a malicious insider is up to no good in their networks until it’s too late. They need help knowing how to identify early red flags. To that end, this session will explore:
- Early red flags to look for
- Security controls you can put in place to detect and prevent insider threat activity
- Top insider threat monitoring solutions, their strengths and weaknesses
- Detection tool essentials
Bill Dean
IANS Faculty
Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.
Bringing Red/Blue/Purple Teaming into Balance
with Bill DeanYour Red Team does one thing, your Blue Team does the other, and they don’t talk. Companies struggle to get them on the same page and achieve the true value of these exercises. What to do? This session will explore:
- The most valuable KPIs to use for these activities
- How to use automation testing to test the effectiveness of a response during an exercise
- How to leverage balanced scorecards for direct tracking of capabilities
Bill Dean
IANS Faculty
Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.
New Threat Hunting Techniques
with Bill DeanAttackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. This session explores the latest techniques in that area, and how to:
- Position hunt teams to directly increase the overall maturity (and ROI) of their monitoring and detection capabilities
- Detect abnormal patterns of behavior
Ken Van Wyk
IANS Faculty
Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.
Case Study: Building a Better Security Culture
with Ken Van WykCompanies struggle to find a successful recipe for their security culture and need a concrete example of what another company has done to get it right. This session will offer:
- A case study for a company that has succeeded in growing a true security culture
- Three things you can do to change that trajectory and actually make your program effective
- Ways to expand the team with non-traditional security staff (i.e. ambassadors/champions)
Tabletop Break
IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.Technology Group 1
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.Networking Reception
Come network with your peers! Hors d'eouvres and cocktails will be served!2019 Houston Speakers
Riley Bruce
Code42, Technical Product Marketing Manager
Riley is Technical Product Marketing Manager at Code42 where he enjoys educating Security and IT teams through engaging technical content and presentation. Previously, Riley served in both customer support and customer education roles at Code42. In his spare time, he enjoys photography, travel and relaxing at the lake in northern Wisconsin with his pug Mimi.
Presentations
- Lunch & Sponsor Keynote: Departing Employees = Departing DataDay 112:05 PM - 1:00 PM
Major General Stephen Clark
Major General, United States Air Force (Retired)
Stephen recently retired from the Air Force after 32 years of dedicated service. He now serves on the Board of Directors of the Jack and Jill Late Stage Cancer Foundation (JAJF.org) treating the families not the cancer, as well as Education Services of America (ESA), dba EdSouth/Services, a non-profit financial holding company focused on expanding educational opportunities and financial literacy. Stephen also owns his own consulting company (Stephen Clark Consulting LLC) focused on corporate leadership, crisis leadership, strategic planning, national security and public speaking.
Prior to his retirement Stephen was the Director of Programs for the United States Air Force overseeing the development, justification, and consolidation of the Air Forces five year financial plan totaling over $750B in resources and manpower. Previously, he served as the Director of Plans, Programs, Requirements, and Manpower for the United States Special Operations Command where he oversaw the development and consolidation of the Special Operations five year plan integrating the plans of USSOCOM’s five component commands. Stephen also served as the Deputy Commanding General of the Joint Special Operations Command where he helped lead global operations in support of regional commanders. Stephen has commanded at the Squadron, Group and Wing level. During his command of the 27th Special Operations Wing he was responsible for over 4000 Airmen, Civilians and their families, $15B worth of infrastructure and aircraft, a multi year construction program worth $1.5B, the operations of a military base, airfield, training range, and the execution of over 5000 combat hours. He has accumulated years of deployments to combat operations in Bosnia, Somalia, Haiti, Afghanistan and Iraq and participating in some of the nations most time sensitive operations.
Clark earned his bachelor’s degree in Political Science from the University of Tennessee, Masters in Public Administration from Troy State, Masters in National Security from the Naval War College, and was a Defense Fellow at Harvards Weatherhead Center for International Relations. Stephen is a command pilot with over 3300 hours primarily in the AC-130H/U gunship. Stephen is a member of the National Association of Corporate Directors and the Great Falls Rotary Club. He is an avid cyclist, skier, and enjoys fly fishing. Stephen and his wife Cynthia have two grown daughters Shelby and Sydney, and reside in Herndon, Virginia.
Presentations
- Leadership…A Human Endeavor: Observations from 32 Years in the Air Force and Joint Special Operations CommunityDay 18:45 AM - 9:30 AM
Bill Dean
IANS Faculty
Bill is a Senior Manager in LBMC’s Information Security Services division and is responsible for incident response, digital forensics, electronic discovery and overall litigation support. Bill has more than 20 years of information technology experience with a specialty in information security and digital forensics for the past 10 years. Prior to LBMC, he served as the Director of Security Assessments and Digital Forensics for Sword & Shield Enterprise Security Inc. Bill was also the founder of Forensic Discoveries, before merging with Sword & Shield Enterprise Security and served as a senior security analyst responsible for information security for a large healthcare organization. In these roles, he was responsible for digital forensics to support litigation, incident response services, penetration testing, and overall security defense posture. Bill's roles have included delivering penetration testing and incident response services to companies around the world. Additionally, he consults with organizations of all sizes in security topics related to endpoint protection, vulnerability assessments, network forensics, incident response and overall hardening and monitoring of infrastructures. Lastly, Bill conducts digital forensic investigations and electronic discovery services to support litigation efforts. In these roles, he has been qualified as an expert witness in Federal Courts and Tennessee State Courts. Bill is a frequent speaker and published author on the topics of computer security, digital forensics and electronic discovery for numerous legal and technical associations. Additionally, Bill is a Certified Computer Examiner (CCE), GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN) and GIAC Certified Forensic Analyst (GCFA). He is also an active member of the International Society for Forensic Computer Examiners and InfraGard Board member. Bill holds an A.S. in Computer Science from Walters State Community College and a BS in Information Technology from Information Technology.
Presentations
- Advances in Network VisibilityDay 110:35 AM - 11:20 AM
- Bringing Red/Blue/Purple Teaming into BalanceDay 11:50 PM - 3:05 PM
- New Threat Hunting TechniquesDay 11:50 PM - 3:05 PM
Teri Radichel
IANS Faculty
Teri Radichel was on the original team that helped Capital One, the first major US Bank to use AWS, move production workloads to the cloud. She then architected a SAAS IOT solution for firewalls connecting to the cloud for a security vendor. She also led a cloud team of 30 people and delivered a secure CI/CD pipeline based on her white paper, Balancing Security and Innovation with Event Driven Automation. Now she focuses on training, penetration testing, and cloud security assessments. She also enjoys security research and writing. You can find her articles in publications like Dark Reading, Infosecurity Magazine, and her cloud security blog. Teri has presented on cloud security at conferences like RSA, AWS re:Invent, Countermeasure IT, SANS Networking, SANS Cloud Summit, and BSides. She is an AWS Hero and runs the Seattle AWS Architects and Engineers meetup which has almost 3,000 members. She received the 2017 SANS Differences Makers Award and was on the initial SANS cloud security curriculum advisory board. She now offers training through IANS Summits and other venues. Cybersecurity certifications: GSEC, GCIH, GCIA, GCPM, GCCC, GREM, GPEN, GXPN
Presentations
- Achieving Cloud MigrationDay 110:35 AM - 11:20 AM
- Adapting the SOC to a Cloud EnvironmentDay 11:50 PM - 3:05 PM
- Cryptojacking & Cryptocurrency Mining: Defensive MeasuresDay 11:50 PM - 3:05 PM
Ken Van Wyk
IANS Faculty
Kenneth R. van Wyk is an internationally recognized information security expert and author of three popular books, Enterprise Software Security, Secure Coding, and Incident Response. In addition to providing consulting and training services through his company, KRvW Associates, LLC, he currently holds the following positions: Member of the Board of Directors for SecAppDev (http://www.secappdev.org), and monthly columnist for Computerworld (http://www.Computerworld.com). Ken is also the project leader of the Open Web Application Security Project (OWASP) iGoat project and is a Lehigh University distinguished engineering alumnus. Ken has 25 years experience as an IT Security practitioner in the commercial, academic, and military sectors. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. At Carnegie Mellon University’s Software Engineering Institute, Ken was one of the founders of the Computer Emergency Response Team (CERT®). He holds a mechanical engineering degree from Lehigh University and is a frequent speaker at technical conferences, and has presented tutorials and technical sessions CSI, ISF, USENIX, FIRST, AusCERT, and others. Ken is a dual citizen of the EU (England) and the USA, and holds a current U.S. Department of Defense TOP SECRET clearance.
Presentations
- DevSecOps Business CasesDay 110:35 AM - 11:20 AM
- Insider ThreatsDay 11:50 PM - 3:05 PM
- Case Study: Building a Better Security CultureDay 11:50 PM - 3:05 PM
Platinum Sponsors
Code42
Code42 is the leader in data loss protection, visibility and recovery solutions. Native to the cloud, the Code42 Next-Gen Data Loss Protection solution rapidly detects insider threats, satisfies regulatory compliance requirements and speeds incident response — all without lengthy deployments, complex policy management or blocks on user collaboration. Security, IT and compliance professionals can protect endpoint and cloud data from loss, leak and theft while maintaining an open and collaborative culture for employees.
Founded in 2001, more than 50,000 organizations worldwide, including the most recognized brands in business and education, rely on Code42 to safeguard their ideas. The company is headquartered in Minneapolis, Minnesota, and backed by Accel Partners, JMI Equity, NEA and Split Rock Partners. For more information, visit code42.com, read Code42’s blog or follow the company on Twitter.
Gold Sponsors
Contrast Security
Contrast Security enables applications to automatically detect and fix vulnerabilities, identify attacks, and defend themselves. Contrast employs security instrumentation to strengthen applications before they deploy, protect in production and provide visibility throughout the application lifecycle. More information can be found at www.contrastsecurity.com or by following Contrast on Twitter at @ContrastSec.
Silver Sponsors
Menlo Security
SentinelOne
SentinelOne was founded in 2013 by an elite team of cyber security and defense experts who developed a fundamentally new, groundbreaking approach to endpoint protection.
SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity. SentinelOne unifies prevention, detection, response, remediation and forensics in a single platform powered by artificial intelligence. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated integrated response and to adapt their defenses against the most advanced cyberattacks. SentinelOne has offices in Mountain View, Tel Aviv, and Tokyo. The company is recognized by Gartner as a Visionary for Endpoint Protection and has enterprise customers in North America, Europe, and Japan.
To learn more, please visit our website at www.sentinelone.com.
Tenable Inc.
Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies.
XM Cyber
ZeroFOX
ZeroFOX, the innovator of social media & digital security, protects modern organizations from dynamic security, brand and physical risks across social, mobile, web and collaboration platforms. Using targeted data collection and artificial intelligence-based analysis, ZeroFOX protects modern organizations from targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. Recognized as a Leader in Digital Risk Monitoring by Forrester, the patented ZeroFOX SaaS platform processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, HipChat, Instagram, Reddit, Pastebin, Tumblr, YouTube, VK, mobile app stores, the deep & dark web, domains and more.
Led by a team of information security and high-growth company veterans, ZeroFOX has raised nearly $100M in funding from NEA, Highland Capital, Silver Lake Waterman, Redline Capital and others, and has collected top industry awards such as Red Herring North America Top 100, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.
Marriott Marquis Houston
1777 Walker St, Houston, TX 77010
Room Rate:
$225per night plus tax
Onsite Questions
Are the presentations available for viewing after the Forum?
All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.
Does IANS provide a Mobile App?
The IANS Information Security Forum App will be available 1 week prior to the event. To download the Mobile App go to the App Store or Google Play Store on your device and search IANS.
How can I promote my involvement with the event?
Please share your thoughts and excitement using our event hashtags found at the top of this page.
How can I submit my feedback on the Forum?
We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.
Is there free Wi-Fi onsite?
Free Wi-Fi will be provided throughout the Forum in conference areas.
What can I expect when I attend an IANS event?
When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.
What is the best way to stay updated before and during the Forum?
For all updates please download the IANS Mobile App or follow us on Twitter.
Where do I pick up my badge and registration material?
Your badge and registration materials will be available to pick-up at the registration desk. Registration starts at 7:30am.
Will there be opportunities to network with peers and sponsors?
There will be chances to network with your peers during the lunches, breaks and the networking reception at the end of day one.
Sponsorship Questions
Are there still sponsorship opportunities?
Please contact Eric Bartczak at sponsorships@iansresearch.com for more information.
Will there be opportunities to network with peers and sponsors?
IANS offers a Silver, Gold and Platinum level sponsorship. Please visit the Event Sponsors Page for more information.
Registration Questions
Can I earn continuing education credits for attending the forum?
Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.
What is the registration fee?
The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.
What time does the Forum begin and end?
The Forum officially begins on Day 1 at 7:30am and ends on Day 2 at 4:40pm.
What's the registration deadline?
You can register for and IANS event up to the day of the event.General Information
Cancellations
IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.
Hotel Cancellations
If you have booked a hotel room with IANS during the registration process or you have reached out to an IANS team member regarding booking a room, please note our venues have a cancellation policy of 48 hours. If you do not cancel your reservation through your online registration or in writing to IANS, you will be charged for the night(s) in which you have failed to cancel.
Terms and Conditions
This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.
Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.
IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.
Photography, Audio & Video Recording
IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.
IANS Code of Conduct
IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.
IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.
If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.
If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.
We expect participants to follow these rules at all event venues and event-related social activities.
Housing & Travel Questions
How can I book a hotel room?
All hotel requests must be made through the registration site.
How can I cancel my hotel reservation?
Most of our hotel venues have a 72 hour cancellation policy. You must cancel by contacting one of the IANS team members or through the online registration. If you fail to do so you will be charged for the night(s) in which you have failed to cancel.
Is parking provided?
IANS does not cover any parking.
What hotel accommodations are available during the Forum?
IANS provides a room block for forum events. There will be a limited number of rooms available at the discounted rate.
Will I receive a hotel confirmation number?
You will receive a hotel confirmation number 2 weeks prior to the Forum.
