2019 Philadelphia
Information Security Forum

#IANSPhiladelphia #IANSEvents

October 16 - 17, 2019
Philadelphia Marriott Downtown, 1201 Market Street, Philadelphia, PA

The IANS 2019 Philadelphia Information Security Forum delivers an immersive curriculum with 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers. Attend the two-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise security leaders. Network with peers to benchmark your information security practices and engage with IANS Faculty during interactive sessions.

Let your colleagues know you're coming!

This event has ended.

Check out our other upcoming events!

View All Events

DAY 1

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
8:30 AM - 8:45 AM

IANS Welcome and Perspective

Come join us as we welcome you to the Forum.
nick-mankovich-new

Nick Mankovich

Becton Dickinson, Vice President and CISO Emeritus

Nick is a Vice President and CISO Emeritus at Becton Dickinson – formerly the BD Chief Information Security Officer (CISO) bearing ultimate responsibility for the adequate protection of BD information asset confidentiality, integrity and availability.

Prior to his 3+ years at BD, he founded and operated CyberRisk Consulting LLC - a privacy, product security and enterprise security risk management consultancy.

From 1995-2015, Nick held positions at Philips Electronics, including as Corporate Research Department Head specializing in IT-based innovation. He then became a Healthcare Strategy Senior Director and moved on to create and manage both the Healthcare Product Security program and the Healthcare Privacy Office (8 years). During his final three years at Philips he was asked to transform Information Security at Philips as their first global CISO.

While at Philips and beyond, Nick worked on international standards – most notably with ISO-IEC Joint Working Group 7, responsible for establishing safety, effectiveness and security in connected healthcare technology.

Prior to 1995, Nick spent thirteen years in the UCLA School of Medicine, where he became Associate Professor of Radiological Sciences. During that time, he also had a 3-year appointment as a Visiting Professor in the School of Computer Sciences and Engineering at the University of New South Wales in Sydney.  Nick was engaged in hospital-wide digital initiatives including creating one of the first Radiological Picture Archiving and Communications Systems. In the 1980s he was one of the first to realize surgical planning-based digital imaging and 3D printing via stereolithography.  He has over 100 publications and holds 6 patents. 

Phil Gardner

Founder & Chief Executive Officer

Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.

8:45 AM - 9:30 AM

Keynote Interview: Reflections from a CISO Emeritus – A Discussion with BD’s Nick Mankovich

with Nick Mankovich and Phil Gardner

Join IANS' CEO Phil Gardner and BD’s CISO Emeritus Nick Mankovich for a keynote discussion where Nick will share some of the management lessons he’s drawn from a distinguished, decades-long security career. Nick is a believer that clear risk governance is the foundation of any corporate security program. We’ll explore how to implement this during our talk and discuss the benefits and the trade-off’s that come with being clear on “who-owns-what” in a corporate setting.

9:30 AM - 9:50 AM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
9:50 AM - 10:25 AM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

10:35 AM - 11:10 AM Morning Roundtable How-To Sessions Improve Infrastructure and Ops

Advances in Network Visibility

with Dave Shackleford

Network security and monitoring remains essential in light of increasing volumes of data and an ever-expanding threat landscape, but comprehensive network visibility is hard, and organizations need better guidance. This session aims to provide that by looking at:

  • What organizations are missing and which vendors and techniques can help

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Protect Applications and Data

Advancements in Secure Remote Access

with Aaron Turner

The endpoint continues to grower wider and muddier as professionals access company resources from a growing array of mobile devices. This session looks at:

  • How VPNs are evolving
  • Vendors in the space and how they compare
  • Tools and techniques organizations can use to bolster secure remote access
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Detect, Respond and Recover

Phishing and Social Engineering: New Solutions to an Old Problem

with Dave Kennedy

Phishing is an old social engineering technique and organizations have certainly tried to make employees aware of email links they shouldn’t open. But phishing remains a highly successful technique for the bad guys. So what do we keep doing wrong? This session explores:

  • New phishing security tools that may help
  • What organizations can do to enhance security awareness among employees
ken-van-wyk

Ken Van Wyk

IANS Faculty

Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.

Advance Your Team

How to Recruit and Retain the Best People

with Ken Van Wyk

The skills gap makes it difficult to find people who are best equipped to handle evolving threats. The best people leave after a year because there are plenty of other opportunities out there. To help address the problem, this session will look at:

  • Non-traditional recruiting avenues you can explore to help counteract the skills gap
  • How to leverage the NIST Skills Framework to this end
  • How to spot warning signs that someone has an eye on the door
  • Training and career development options to keep employees growing and interested in staying
  • Incentives beyond salaries for retaining people?
11:20 AM - 11:55 AM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Chris Deardruff

Chris Deardruff

Tempered Networks, VP of Sales

Chris Deardurff is the VP of Sales at Tempered Networks, where he is responsible for the North American sales organization. This includes our Channel Sales, Solution Architects, Inside Sales, and Outside Field Sales teams. Chris brings over 25 years of experience in IT networking and security sales leadership. Prior to joining Tempered, Chris led the North American sales organization at Gigamon and the Americas’ sales organization at F5 Networks. Chris holds a B.S. in Computer Science from DePaul University.

12:00 PM - 12:50 PM

Lunch & Sponsor Keynote: Why Firewalls Are Not Enough for Stopping Cyber Threats

with Chris Deardruff Cyber threats are jumping from network to network, nation to nation and wreaking havoc because organizations are attaching billions of insecure devices to the internet. Firewalls cannot protect these devices from lateral movement and all of the new attack vectors. So organizations are increasing risk and wasting money adding more firewalls internally, adding more trained people and more manual processes to plug holes then telling their customers to patch. Adapting 90s era network security to fix the flaws of TCP/IP in the digital era is a doomed approach.
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

1:00 PM - 2:15 PM Afternoon Roundtable Workshop Sessions Secure the Cloud

Choosing a Cloud Provider

with Dave Shackleford

There are too many vendors, an over-saturated market and confusion over the security requirements that truly matter vs. the vendor fluff. In this session, you’ll learn how cut through the confusion and address:

  • What the cloud provider landscape look like
  • When to go with a big player as opposed to smaller players
  • Questions you should ask internally before looking at potential providers
  • The right (or wrong) questions to ask prospective cloud providers
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Improve Infrastructure and Ops

Bringing Red/Blue/Purple Teaming into Balance

with Dave Kennedy

Your Red Team does one thing, your Blue Team does the other, and they don’t talk. Companies struggle to get them on the same page and achieve the true value of these exercises. What to do? This session will explore:

  • The most valuable KPIs to use for these activities
  • How to use automation testing to test the effectiveness of a response during an exercise
  • How to leverage balanced scorecards for direct tracking of capabilities

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Improve Infrastructure and Ops

IoT: Who Owns Device Risk Management

with Aaron Turner

There’s no clear consensus on who is responsible for managing risks associated with IoT devices in an organization. This session is designed to clear up that confusion. Attendees will learn:

  • Where all the IOT devices are
  • The breakdown of who should be in charge of security risks related to IOT
  • How to assemble a respoacnsibility tree for who does what if an IOT-related compromise happens
ken-van-wyk

Ken Van Wyk

IANS Faculty

Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.

Detect, Respond and Recover

Insider Threats

with Ken Van Wyk

Companies are usually unaware that a malicious insider is up to no good in their networks until it’s too late. They need help knowing how to identify early red flags. To that end, this session will explore:

  • Early red flags to look for
  • Security controls you can put in place to detect and prevent insider threat activity
  • Top insider threat monitoring solutions, their strengths and weaknesses
  • Detection tool essentials
2:25 PM - 3:00 PM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
3:00 PM - 3:20 PM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
3:20 PM - 3:55 PM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

4:05 PM - 4:40 PM Afternoon Roundtable How-To Sessions Protect Applications and Data

Getting Control of Container Security

with Dave Shackleford

Fortune 1000 problem: Companies spin up containers quickly, then set them loose with no security due diligence. It’s a process problem as much as a technology issue. Questions to address:

  • How can a company create a more deliberate process to determine when containers are necessary?
  • What is some specific automation or orchestration tools? (Docker Swarm, Kubernates)
  • How does one optimize such tools as AppArmor and SELinuxbecause to prevents a misconfiguration or bug at the container daemon level?
  • What is Docker Notary and how can it add a layer of trust?
  • What are some of the more recent attacks to exploit unsecured containers?
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Detect, Respond and Recover

How to Fill SIEM Gaps with UEBA/SOAR

with Dave Kennedy

Organizations want their SIEM to alert them in real time, but that’s not happening. Instead, their SIEM only helps determine how a breach occurred after the fact. Practitioners have heard that UEBA and SOAR can be used to overcome the limits of their current SIEM set up, but they seek concrete answers about how it all works and what kind of training and investments are required. In this session, attendees will learn:

  • The specific actions they must take in order to fully understand where their SIEM is hitting the wall
  • A list of ways to tell if their MSSP is properly goaled/resourced/qualified to correlate and alert in real time
  • A clearer understanding of the small and well-defined situations AI/ML is best suited for

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Secure the Cloud

Email in the Cloud: Stress Testing Office 365 Apps

with Aaron Turner

Companies struggle with how to secure Office 365 apps that come from multiple online marketplaces, from the MS Store to MS Teams and a variety of third-party app stores. This session will explore:

  • How to confirm the security levels of various apps
  • Specific validation techniques for MS App Store, Teams Store and others
  • Warning signs that an app is problematic and shouldn’t be downloaded
  • Advice the security team can give employees on what to watch out for
ken-van-wyk

Ken Van Wyk

IANS Faculty

Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.

Improve Infrastructure and Ops

Mobile Device Management: Case Studies of Success and Failure

with Ken Van Wyk

Companies still struggle to secure personal devices on the company network. They need examples and case studies of how others have successfully (and unsuccessfully) done it. This session explores:

  • How to develop a threat model for all types of personal devices
  • How to you approach data protections on devices without traditional security controls
  • Who owns the endpoint? Does it matter anymore?
  • The differences between iOS vs. Android
  • Is ZeroTrust enabling secure BYOD procedures or preventing it?
4:45 PM - 5:45 PM

Networking Reception

Come network with your peers! Hors d'eouvres and cocktails will be served!

DAY 2

8:00 AM - 9:00 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

9:00 AM - 9:30 AM

IANS Faculty Keynote: Bug Bounty Best Practices – Pay Now or Pay Later

with George Gerchow In light of all the recent data breaches, including Capital One, bug bounty programs have surfaced to show extreme value… but with what risks? In this talk, IANS Faculty member George Gerchow will look at the following:
  • Real-world scenarios on how to best implement a bug bounty program
  • How to drive better security hygiene into the CICD pipeline and SDLC
  • Using bounties to go beyond pen testing
  • Lessons learned on what not to do
9:40 AM - 10:15 AM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
10:25 AM - 11:00 AM

Technology Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
11:00 AM - 11:20 AM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

11:20 AM - 12:50 PM Morning Roundtable How-To Sessions Detect, Respond and Recover

Breaking a Failed Vulnerability Management Cycle

with Dave Shackleford

Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right. This session will explore:

  • Particular tools you should be using to create more automation
  • How to use automation to move through the flaw finding and patching process more quickly
  • Which companies have taken this to the next level
  • What they did to move past the struggle most still find themselves in
  • What the Vulnerability Management Process Workflow is and how will it help
  • How can organizations can ensure data within their SQL Server, DB2 and Oracle databases are secure?
  • Besides Shodan, some other tools that will cast a wider net for vulnerabilities

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Protect Applications and Data

Prioritizing Privilege Management

with Aaron Turner

As IT infrastructure gets more complex and infrastructure-as-a-service (IaaS) becomes a reality, one of the few controls we have left is privileged user management (PUM). But it’s difficult to get it right. To advance in the right direction, this session will explore:

  • How to link privileged access management to change management
  • How to identify what is happening with the use of these credentials
  • How to Identify the appropriate tools to use for privileged access management
  • How to handle insider threats related to privilege abuse/misuse
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Detect, Respond and Recover

Deception and Honeypots

with Dave Kennedy

Companies struggle enough with basic security tasks and don’t truly know if deception/honeypots are worth trying or if they would provide the adequate ROI. To help them reach a better place, this session will explore:

  • What level of operational maturity one must have for honeypots/deception to make sense?
  • How to find balance when it comes to how many doors to leave open for snoopers and would-be thieves
  • The latest honeypot/deception technologies worth deploying
  • The management/technology overhang associated with them?
  • Buying versus building
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Secure the Cloud

Multi-Cloud Deployments: People, Process, Technology

with George Gerchow

The process to align controls, capabilities and governance is a mess, with misaligned team reporting structures and central management that fails to span environments. This session will explore:

  • How to compare/contrast controls between multiple PaaS/IaaS environments
  • How to evolve Identity and Access Management for multi-cloud deployments
  • Which controls lend themselves to centralization and multiple cloud environments
  • How to adapt governance, risk assessment and critical security processes for multi-cloud deployments
12:50 PM - 1:40 PM

Lunch & Keynote Address

More information coming soon.
1:50 PM - 2:25 PM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
2:35 PM - 3:10 PM

Technology Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
ken-van-wyk

Ken Van Wyk

IANS Faculty

Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.

3:20 PM - 4:20 PM Afternoon Roundtable How-To Sessions Advance Your Team

Case Study: Building a Better Security Culture

with Ken Van Wyk

Companies struggle to find a successful recipe for their security culture and need a concrete example of what another company has done to get it right. This session will offer:

  • A case study for a company that has succeeded in growing a true security culture
  • Three things you can do to change that trajectory and actually make your program effective
  • Ways to expand the team with non-traditional security staff (i.e. ambassadors/champions)

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Improve Infrastructure and Ops

Vendor Optimization: Thinning the Herd

with Aaron Turner

There are too many security vendors that have expanded offerings in a way that has created a lot of overlap and complexity within Fortune 1000 companies’ environments. This session will explore:

  • How to do an assessment and logically start pruning your stack
  • How one tool can replace several others without loss of functionality or controls coverage
  • The most important questions to ask your existing and prospective vendors in order to determine where the overlap exists
  • Specific examples of what you can kill?
  • Integrations between products that currently exist but are not being leveraged
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Detect, Respond and Recover

New Threat Hunting Techniques

with Dave Kennedy

Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. This session explores the latest techniques in that area, and how to:

  • Position hunt teams to directly increase the overall maturity (and ROI) of their monitoring and detection capabilities
  • Detect abnormal patterns of behavior
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Secure the Cloud

Adapting the SOC to a Cloud Environment

with George Gerchow

Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. They need to adapt to life in the cloud, and this session will explore how to get there. Issues addressed include:

  • How an old-world SOC differs from one in the cloud
  • Changes you need to make with your SOC
  • How to make that transition without dropping the ball in either world
  • Skills that need to be picked up in the new cloud-based SOC
  • Examples of cloud detection and response
4:20 PM - 4:35 PM

Closing Ceremonies

Come network with your peers! Hors d'oeuvres and cocktails will be served!

2019 Philadelphia Speakers

Chris Deardruff

Chris Deardruff

Tempered Networks, VP of Sales

Chris Deardurff is the VP of Sales at Tempered Networks, where he is responsible for the North American sales organization. This includes our Channel Sales, Solution Architects, Inside Sales, and Outside Field Sales teams. Chris brings over 25 years of experience in IT networking and security sales leadership. Prior to joining Tempered, Chris led the North American sales organization at Gigamon and the Americas’ sales organization at F5 Networks. Chris holds a B.S. in Computer Science from DePaul University.

Presentations
  • Lunch & Sponsor Keynote: Why Firewalls Are Not Enough for Stopping Cyber ThreatsDAY 112:00 PM - 12:50 PM
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Presentations
  • IANS Faculty Keynote: Bug Bounty Best Practices – Pay Now or Pay LaterDAY 29:00 AM - 9:30 AM
  • Multi-Cloud Deployments: People, Process, TechnologyDAY 211:20 AM - 12:50 PM
  • Adapting the SOC to a Cloud EnvironmentDAY 23:20 PM - 4:20 PM
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Presentations
  • Phishing and Social Engineering: New Solutions to an Old ProblemDAY 110:35 AM - 11:10 AM
  • Bringing Red/Blue/Purple Teaming into BalanceDAY 11:00 PM - 2:15 PM
  • How to Fill SIEM Gaps with UEBA/SOARDAY 14:05 PM - 4:40 PM
  • Deception and HoneypotsDAY 211:20 AM - 12:50 PM
  • New Threat Hunting TechniquesDAY 23:20 PM - 4:20 PM
nick-mankovich-new

Nick Mankovich

Becton Dickinson, Vice President and CISO Emeritus

Nick is a Vice President and CISO Emeritus at Becton Dickinson – formerly the BD Chief Information Security Officer (CISO) bearing ultimate responsibility for the adequate protection of BD information asset confidentiality, integrity and availability.

Prior to his 3+ years at BD, he founded and operated CyberRisk Consulting LLC - a privacy, product security and enterprise security risk management consultancy.

From 1995-2015, Nick held positions at Philips Electronics, including as Corporate Research Department Head specializing in IT-based innovation. He then became a Healthcare Strategy Senior Director and moved on to create and manage both the Healthcare Product Security program and the Healthcare Privacy Office (8 years). During his final three years at Philips he was asked to transform Information Security at Philips as their first global CISO.

While at Philips and beyond, Nick worked on international standards – most notably with ISO-IEC Joint Working Group 7, responsible for establishing safety, effectiveness and security in connected healthcare technology.

Prior to 1995, Nick spent thirteen years in the UCLA School of Medicine, where he became Associate Professor of Radiological Sciences. During that time, he also had a 3-year appointment as a Visiting Professor in the School of Computer Sciences and Engineering at the University of New South Wales in Sydney.  Nick was engaged in hospital-wide digital initiatives including creating one of the first Radiological Picture Archiving and Communications Systems. In the 1980s he was one of the first to realize surgical planning-based digital imaging and 3D printing via stereolithography.  He has over 100 publications and holds 6 patents. 

Presentations
  • Keynote Interview: Reflections from a CISO Emeritus – A Discussion with BD’s Nick MankovichDAY 18:45 AM - 9:30 AM
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Presentations
  • Advances in Network VisibilityDAY 110:35 AM - 11:10 AM
  • Choosing a Cloud ProviderDAY 11:00 PM - 2:15 PM
  • Getting Control of Container SecurityDAY 14:05 PM - 4:40 PM
  • Breaking a Failed Vulnerability Management CycleDAY 211:20 AM - 12:50 PM

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Presentations
  • Advancements in Secure Remote AccessDAY 110:35 AM - 11:10 AM
  • IoT: Who Owns Device Risk ManagementDAY 11:00 PM - 2:15 PM
  • Email in the Cloud: Stress Testing Office 365 AppsDAY 14:05 PM - 4:40 PM
  • Prioritizing Privilege ManagementDAY 211:20 AM - 12:50 PM
  • Vendor Optimization: Thinning the HerdDAY 23:20 PM - 4:20 PM
ken-van-wyk

Ken Van Wyk

IANS Faculty

Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.

Presentations
  • How to Recruit and Retain the Best PeopleDAY 110:35 AM - 11:10 AM
  • Insider ThreatsDAY 11:00 PM - 2:15 PM
  • Mobile Device Management: Case Studies of Success and FailureDAY 14:05 PM - 4:40 PM
  • Case Study: Building a Better Security CultureDAY 23:20 PM - 4:20 PM

Event: Philadelphia Marriott Downtown

1201 Market Street, Philadelphia, PA 19107

Hotel: The Notary Hotel

21 N Juniper St, Philadelphia, PA 19107

Room Rate:

$259

per night plus tax

Onsite Questions

Are the presentations available for viewing after the Forum?

All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.

Does IANS provide a Mobile App?

The IANS Information Security Forum App will be available 1 week prior to the event. To download the Mobile App go to the App Store or Google Play Store on your device and search IANS.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.

Is there free Wi-Fi onsite?

Free Wi-Fi will be provided throughout the Forum in conference areas.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please download the IANS Mobile App or follow us on Twitter.

Where do I pick up my badge and registration material?

Your badge and registration materials will be available to pick-up at the registration desk. Registration starts at 7:30am.

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers during the lunches, breaks and the networking reception at the end of day one.

Sponsorship Questions

Are there still sponsorship opportunities?

Please contact Eric Bartczak at sponsorships@iansresearch.com for more information.

Will there be opportunities to network with peers and sponsors?

IANS offers a Silver, Gold and Platinum level sponsorship. Please visit the Event Sponsors Page for more information.

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum officially begins on Day 1 at 7:30am and ends on Day 2 at 4:40pm.

What's the registration deadline?
You can register for and IANS event up to the day of the event.

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Hotel Cancellations

If you have booked a hotel room with IANS during the registration process or you have reached out to an IANS team member regarding booking a room, please note our venues have a cancellation policy of 48 hours. If you do not cancel your reservation through your online registration or in writing to IANS, you will be charged for the night(s) in which you have failed to cancel.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

Photography, Audio & Video Recording

IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Housing & Travel Questions

How can I book a hotel room?

All hotel requests must be made through the registration site.

How can I cancel my hotel reservation?

Most of our hotel venues have a 72 hour cancellation policy. You must cancel by contacting one of the IANS team members or through the online registration. If you fail to do so you will be charged for the night(s) in which you have failed to cancel.

Is parking provided?

IANS does not cover any parking.

What hotel accommodations are available during the Forum?

IANS provides a room block for forum events. There will be a limited number of rooms available at the discounted rate.

Will I receive a hotel confirmation number?

You will receive a hotel confirmation number 2 weeks prior to the Forum.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for information security practitioners across all industries. Attendees include CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Interested in Forum Sponsorship? Learn More.

Check out IANS other upcoming events