DAY 1
Registration & Breakfast
Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.IANS Welcome and Perspective
Come join us as we welcome you to the Forum.
Brian Fricke
CISO, City National Bank
A business-centric technology professional, specializing in strategic Enterprise Information Security Policy and Risk Management, Brian is currently the Chief Information Security Officer of City National Bank. Formally establishing the first of its kind Information Security Programs at BBVA & Bank OZK, he has overseen the information & cyber security risk portfolio of over 600 sites, 30,000 Personnel, and 20,000 systems and endpoints across the globe for public and private entities.
Formerly a civil servant as the CISO and Cyber Security Branch Manager at the US Navy's Military Sealift Command (MSC) at the Washington Navy Yard in Washington, DC. Brian is a Certified Information Systems Security Professional (CISSP) and holds a variety of relevant certifications (CISM, CCSP, CSSLP etc.). In his role at MSC he was responsible for planning, organizing and managing the implementation of cyber security industry best practice, as well as DoD & Federal cyber security mandates. A former active duty Marine, he has worked at the Joint Chiefs of Staff in the Pentagon, the US Agency for International Development (USAID), the Securities Exchange Commission (SEC) in Manhattan and was an officer of the Board of Directors of OutServe, a 501(c)(3) non-profit. He was Class President of the The George Washington University School of Business, World Executive MBA, Class of 2013, and also holds a Graduate Certificate in Strategic Cybersecurity Enforcement.
Phil Gardner
Founder & Chief Executive Officer
Having built IANS’ end-user research offering, Phil now oversees all strategic and operational decisions at IANS. Phil began his career in security with seven years with the U.S. Navy as a Strike Fighter Pilot & Ordnance Requirements Officer. After receiving a Masters in Business Administration from Harvard Business School, he joined Goldman, Sachs & Co. in Mergers & Acquisitions and later became an associate with McKinsey & Company in Boston, MA. In 1996, Phil became one of the founders of Provant, Inc., a publicly traded training company serving the Fortune 1000 and Federal Government. He left Provant in 2000 to launch IANS. He graduated at the top of his class in US Navy Flight School.
A Keynote Discussion with CNB’s Brian Fricke: Getting Real & Tangible Around Risk Management
with Brian Fricke and Phil GardnerJoin City National Bank’s CISO Brian Fricke and IANS’ CEO Phil Gardner for a far-ranging keynote conversation that will tackle how to make infosec risk management real and tangible, where to find talent, the importance ‘speaking business’ and Brian’s view on AI’s infosec utility.
Tabletop Break
IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.Technology Group 1
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Dave Shackleford
IANS Faculty
Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).
File Security: Tools and Techniques in 2019
with Dave ShacklefordAttackers continue to find new ways to access, steal and corrupt files. This means organizations need to up their game in protecting them. To that end, this session will explore:
- Advancements vendors in the space have made and what’s right for you
- The latest techniques to ensure files are only being accessed by those whose jobs require it
Aaron Turner
IANS Faculty
Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.
Advancements in Secure Remote Access
with Aaron TurnerThe endpoint continues to grower wider and muddier as professionals access company resources from a growing array of mobile devices. This session looks at:
- How VPNs are evolving
- Vendors in the space and how they compare
- Tools and techniques organizations can use to bolster secure remote access
Mike Rothman
IANS Faculty
Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.
DevSecOps Business Cases
with Mike RothmanCompanies still struggle to get developers and security on the same page. They need case studies to show them where and how DevSecOps successes have happened. To that end, this session explores:
- Case studies of DevSecOps done right
- How to measure your maturity for DevSecOps -- Phase 1 to Phase 5, for example
- How to put the “Shift Left” DevSecOps workflow in place
- How DevSecOps leads to more secure cloud deployments
- How to use DevSecOps to improve security in IoT technology when they are at the development stage
Ondrej Krehel
IANS Faculty
Ondrej Krehel is the CEO and Founder of LIFARS LLC, an international cybersecurity and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.
The Changing Face of Ransomware
with Ondrej KrehelRansomware continues to be a significant problem for many organizations, and it has shown a ferocious ability to evolve. One reason is ransomware as a service, where people with little skill can buy ransomware-making kits online. This session explores:
- Ways ransomware has evolved in the last 6-12 months
- What ransomware as a service looks like and why it’s such a problem
- What vendors are doing to get ahead of the bad guys
Jake Williams
IANS Faculty
Jake Williams, the founder of Rendition Infosec, has almost two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding Rendition Infosec, Williams worked with various government agencies in information security and CNO roles. He also works with SANS where he teaches and authors courses in Malware Reverse Engineering, Memory Forensics, Cyber Threat Intelligence, and Advanced Exploit Development. He is the two-time victor of the annual DC3 Forensics Challenge. He has spoken at Blackhat, DEFCON, Shmoocon, CEIC, RSA, EnFuse, and DC3 Conference (among others). His research areas include automating incident response throughout the enterprise, threat modeling and analysis, binary analysis, and malware C2. The primary focus of his work is increasing enterprise security by presenting complex topics in a way that anyone can understand.
Bug Bounties: Do-it-Yourself vs Crowdsourcing
with Jake WilliamsCompanies face challenges with how to run an effective bug bounty program and oftentimes don’t know whether to do it in-house or through crowdsourcing. This session addresses ways to move forward by exploring:
- How bug bounty programs translate into cost savings
- At what maturity level you should be at before taking on this challenge in-house
- The fundamentals for putting an internal program together
- The pros and cons of such outsourced services as those provided by Bugcrowd and HackerOne
Technology Group 1
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Russ Currie
Netscout, VP of Enterprise Strategy
As VP of Enterprise Strategy, Russ is responsible for working with enterprise customers, partners and field personnel to ensure that NETSCOUT’s products and solutions aremeeting the needs of our customers and the market. Russ has over 15 years working atNETSCOUT where he has held many technical and marketing roles. Prior to joiningNETSCOUT, Russ had worked in IT managing networks for Fidelity Investments and Digital Equipment Corporation where he installed some of the first production Ethernet networks.
Lunch & Sponsor Keynote: Visibility and Collaboration in the Multicloud
with Russ Currie ITOps and SecOps have collaborated for years. However, many organizations are now looking at approaches that make the collaboration more formal. Many enterprises are adopting the concept of the “Versatilist” and replacing war room discussions with agile approaches to problem solving. This session will address the increasing complexity of our networks and the need for a common and consistent approach to visibility in the multicloud.
Dave Shackleford
IANS Faculty
Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).
Choosing a Cloud Provider
with Dave ShacklefordThere are too many vendors, an over-saturated market and confusion over the security requirements that truly matter vs. the vendor fluff. In this session, you’ll learn how cut through the confusion and address:
- What the cloud provider landscape look like
- When to go with a big player as opposed to smaller players
- Questions you should ask internally before looking at potential providers
- The right (or wrong) questions to ask prospective cloud providers
Aaron Turner
IANS Faculty
Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.
Vendor Optimization: Thinning the Herd
with Aaron TurnerThere are too many security vendors that have expanded offerings in a way that has created a lot of overlap and complexity within Fortune 1000 companies’ environments. This session will explore:
- How to do an assessment and logically start pruning your stack
- How one tool can replace several others without loss of functionality or controls coverage
- The most important questions to ask your existing and prospective vendors in order to determine where the overlap exists
- Specific examples of what you can kill?
- Integrations between products that currently exist but are not being leveraged
Dave Kennedy
IANS Faculty
Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.
New Threat Hunting Techniques
with Dave KennedyAttackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. This session explores the latest techniques in that area, and how to:
- Position hunt teams to directly increase the overall maturity (and ROI) of their monitoring and detection capabilities
- Detect abnormal patterns of behavior
Ondrej Krehel
IANS Faculty
Ondrej Krehel is the CEO and Founder of LIFARS LLC, an international cybersecurity and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.
Chris Nickerson
IANS Faculty
Chris Nickerson, CEO of Lares, has spent the last 20 years of his career leading, inspiring, and sometimes irritating, the security industry. With Lares co-Founder Eric M. Smith, he created the unique methodology used at Lares to assess, implement, and manage information security realistically and effectively. Collaborating with a group of other InfoSec researchers, he founded the Penetration Testing Execution Standard (PTES), and is working with the Red Team Alliance Training Collective to create a certification for Red Team Testing. He is one of the founders of the Security BSides conferences, he’s been a keynote, speaker, and/or trainer at more than fifty InfoSec conferences worldwide, including DEFCON, CyberWeek, and BlackHat. He’s a member and certification holder with ISACA, on the board of CREST, and holds CISSP, CISA, BS7799, and NSA IAM certifications. His book, Red Team Testing, is upcoming from Elsevier/Syngress. And despite all that, he is perhaps best known for his appearance on the TV show Tiger Team on TruTV, and his TED Talk, Hackers are all about curiosity, and security is just a feeling.
Bringing Red/Blue/Purple Teaming into Balance
with Ondrej Krehel and Chris NickersonYour Red Team does one thing, your Blue Team does the other, and they don’t talk. Companies struggle to get them on the same page and achieve the true value of these exercises. What to do? This session will explore:
- The most valuable KPIs to use for these activities
- How to use automation testing to test the effectiveness of a response during an exercise
- How to leverage balanced scorecards for direct tracking of capabilities
Jake Williams
IANS Faculty
Jake Williams, the founder of Rendition Infosec, has almost two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding Rendition Infosec, Williams worked with various government agencies in information security and CNO roles. He also works with SANS where he teaches and authors courses in Malware Reverse Engineering, Memory Forensics, Cyber Threat Intelligence, and Advanced Exploit Development. He is the two-time victor of the annual DC3 Forensics Challenge. He has spoken at Blackhat, DEFCON, Shmoocon, CEIC, RSA, EnFuse, and DC3 Conference (among others). His research areas include automating incident response throughout the enterprise, threat modeling and analysis, binary analysis, and malware C2. The primary focus of his work is increasing enterprise security by presenting complex topics in a way that anyone can understand.
Adapting the SOC to a Cloud Environment
with Jake WilliamsSecurity Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. They need to adapt to life in the cloud, and this session will explore how to get there. Issues addressed include:
- How an old-world SOC differs from one in the cloud
- Changes you need to make with your SOC
- How to make that transition without dropping the ball in either world
- Skills that need to be picked up in the new cloud-based SOC
- Examples of cloud detection and response
Technology Group 2
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.Tabletop Break
IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.Technology Group 2
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Dave Shackleford
IANS Faculty
Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).
Getting Control of Container Security
with Dave ShacklefordFortune 1000 problem: Companies spin up containers quickly, then set them loose with no security due diligence. It’s a process problem as much as a technology issue. Questions to address:
- How can a company create a more deliberate process to determine when containers are necessary?
- What is some specific automation or orchestration tools? (Docker Swarm, Kubernates)
- How does one optimize such tools as AppArmor and SELinuxbecause to prevents a misconfiguration or bug at the container daemon level?
- What is Docker Notary and how can it add a layer of trust?
- What are some of the more recent attacks to exploit unsecured containers?
Aaron Turner
IANS Faculty
Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.
Email in the Cloud: Stress Testing Office 365 Apps
with Aaron TurnerCompanies struggle with how to secure Office 365 apps that come from multiple online marketplaces, from the MS Store to MS Teams and a variety of third-party app stores. This session will explore:
- How to confirm the security levels of various apps
- Specific validation techniques for MS App Store, Teams Store and others
- Warning signs that an app is problematic and shouldn’t be downloaded
- Advice the security team can give employees on what to watch out for
Dave Kennedy
IANS Faculty
Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.
How to Fill SIEM Gaps with UEBA/SOAR
with Dave KennedyOrganizations want their SIEM to alert them in real time, but that’s not happening. Instead, their SIEM only helps determine how a breach occurred after the fact. Practitioners have heard that UEBA and SOAR can be used to overcome the limits of their current SIEM set up, but they seek concrete answers about how it all works and what kind of training and investments are required. In this session, attendees will learn:
- The specific actions they must take in order to fully understand where their SIEM is hitting the wall
- A list of ways to tell if their MSSP is properly goaled/resourced/qualified to correlate and alert in real time
- A clearer understanding of the small and well-defined situations AI/ML is best suited for
Mike Rothman
IANS Faculty
Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.
Advances in Network Visibility
with Mike RothmanNetwork security and monitoring remains essential in light of increasing volumes of data and an ever-expanding threat landscape, but comprehensive network visibility is hard, and organizations need better guidance. This session aims to provide that by looking at:
- What organizations are missing and which vendors and techniques can help
Jake Williams
IANS Faculty
Jake Williams, the founder of Rendition Infosec, has almost two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding Rendition Infosec, Williams worked with various government agencies in information security and CNO roles. He also works with SANS where he teaches and authors courses in Malware Reverse Engineering, Memory Forensics, Cyber Threat Intelligence, and Advanced Exploit Development. He is the two-time victor of the annual DC3 Forensics Challenge. He has spoken at Blackhat, DEFCON, Shmoocon, CEIC, RSA, EnFuse, and DC3 Conference (among others). His research areas include automating incident response throughout the enterprise, threat modeling and analysis, binary analysis, and malware C2. The primary focus of his work is increasing enterprise security by presenting complex topics in a way that anyone can understand.
Phishing and Social Engineering: New Solutions to an Old Problem
with Jake WilliamsPhishing is an old social engineering technique and organizations have certainly tried to make employees aware of email links they shouldn’t open. But phishing remains a highly successful technique for the bad guys. So what do we keep doing wrong? This session explores:
- New phishing security tools that may help
- What organizations can do to enhance security awareness among employees
Networking Reception
Come network with your peers! Hors d'oeuvres and cocktails will be served!DAY 2
Registration & Breakfast
Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
Dave Kennedy
IANS Faculty
Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.
IANS Faculty Keynote: The Five Things That Matter
with Dave KennedyOrganizations are continually trying to identify how effective their controls are to withstand specific attacks. Understanding threat modeling and risk becomes equally important in these concepts; however, there’s so much noise out there, how do we actually prioritize and focus our security programs to become more effective?
In this talk, IANS Faculty member Dave Kennedy will dive down into the top five things that he sees as a consultant advising organizations across the globe on their security programs and ways to promote a better understanding around threats. He’ll cover the current state of the industry and the effectiveness he personally sees while working with organizations, as well as how to best improve what he consistently sees as lacking across multiple industry verticals.
Technology Group 2
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.Technology Group 2
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.Tabletop Break
IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
Dave Shackleford
IANS Faculty
Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).
Breaking a Failed Vulnerability Management Cycle
with Dave ShacklefordCompanies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right. This session will explore:
- Particular tools you should be using to create more automation
- How to use automation to move through the flaw finding and patching process more quickly
- Which companies have taken this to the next level
- What they did to move past the struggle most still find themselves in
- What the Vulnerability Management Process Workflow is and how will it help
- How can organizations can ensure data within their SQL Server, DB2 and Oracle databases are secure?
- Besides Shodan, some other tools that will cast a wider net for vulnerabilities
Aaron Turner
IANS Faculty
Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.
Prioritizing Privilege Management
with Aaron TurnerAs IT infrastructure gets more complex and infrastructure-as-a-service (IaaS) becomes a reality, one of the few controls we have left is privileged user management (PUM). But it’s difficult to get it right. To advance in the right direction, this session will explore:
- How to link privileged access management to change management
- How to identify what is happening with the use of these credentials
- How to Identify the appropriate tools to use for privileged access management
- How to handle insider threats related to privilege abuse/misuse
Dave Kennedy
IANS Faculty
Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.
Deception and Honeypots
with Dave KennedyCompanies struggle enough with basic security tasks and don’t truly know if deception/honeypots are worth trying or if they would provide the adequate ROI. To help them reach a better place, this session will explore:
- What level of operational maturity one must have for honeypots/deception to make sense?
- How to find balance when it comes to how many doors to leave open for snoopers and would-be thieves
- The latest honeypot/deception technologies worth deploying
- The management/technology overhang associated with them?
- Buying versus building
Jake Williams
IANS Faculty
Jake Williams, the founder of Rendition Infosec, has almost two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding Rendition Infosec, Williams worked with various government agencies in information security and CNO roles. He also works with SANS where he teaches and authors courses in Malware Reverse Engineering, Memory Forensics, Cyber Threat Intelligence, and Advanced Exploit Development. He is the two-time victor of the annual DC3 Forensics Challenge. He has spoken at Blackhat, DEFCON, Shmoocon, CEIC, RSA, EnFuse, and DC3 Conference (among others). His research areas include automating incident response throughout the enterprise, threat modeling and analysis, binary analysis, and malware C2. The primary focus of his work is increasing enterprise security by presenting complex topics in a way that anyone can understand.
Cryptojacking & Cryptocurrency Mining: Defensive Measures
with Jake WilliamsCryptojacking malware and crypto mining are eating AWS resources, tying up CPU capacity and costing money. This session will help you fight back by exploring:
- How to tell if cryptomining malware is in the system
- How to get the malware out of your systems
- How to keep it out
- The most prolific cryptocurrency-based attacks targeting companies
- How this malware differs from others, such as worms, ransomware and Trojans
Mike Rothman
IANS Faculty
Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.
The Cloud Security Maturity Roadmap
with Mike RothmanSecuring the cloud is fundamentally different from how it’s done on-premises, yet there are very few guidebooks or clear methods to ensure adequate protection. This session will take you to the next level by exploring:
- The Securosis/IANS Cloud Security Maturity Model
- The difference between being a cloud native and a cloud tourist
- Best practices to set up a secure cloud environment
- How serverless functions enable continuous cloud security
- How to implement guardrails around your Cloud
Chris Calvert
Respond Software, VP Products
Respond Software, VP Product Strategy and Co-Founder
Chris has over 30 years of experience in defensive information security: 14 years in the defense and intelligence community and 17 years in the commercial industry. He has worked on the Defense Department Joint Staff and held leadership positions in both large and small companies, including IBM and HPE. He has designed, built and managed global security operations centers and incident response teams for six of the global Fortune-50. As he often says, if you have complaints about today’s security operations model, you can partially blame him. It’s from his first-hand experience in learning the limitations of the man vs. data SecOps model that Chris leads product design and strategy for Respond Software.
Lunch & Sponsor Keynote: The Power of AI to Disrupt Security Ops
with Chris Calvert Many of today’s companies are hesitant to adopt new security technologies – particularly AI. The truth is AI is successfully disrupting many areas of security operations. Chris will discuss autonomous security driven by AI, probability theory and advanced algorithms: apply reasoning, judgement and experience to identify threats with machines and freeing up our skilled analysts for investigation and response.Technology Group 1
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.Technology Group 1
Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
Dave Shackleford
IANS Faculty
Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).
Security Tools for a Multi-Platform Cloud Environment
with Dave ShacklefordIt's difficult to choose and implement security tools that scale in an environment where multiple platforms have different settings, features and requirements. This session will address the technical remedies, including:
- Differences to accounted for between one platform and the next during tool selection
- Different vendor and tool categories and how do they compare
- Pros and cons of multi-cloud access brokers?
Aaron Turner
IANS Faculty
Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.
Cutting Through the AI/ML Vendor Hype
with Aaron TurnerVendors hype the benefits of AI/ML too broadly when it’s really meant for small, well-defined situations. This session will address the following:
- When we say AI/ML is for small or well-defined situations, what are examples of those?
- What are specific examples of where AI/ML works, and where it doesn’t?
Ondrej Krehel
IANS Faculty
Ondrej Krehel is the CEO and Founder of LIFARS LLC, an international cybersecurity and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.
Blockchain: What Your Vendors Have and How to Use It
with Ondrej KrehelCompanies don’t understand how blockchain works inside their security vendor offerings. This session will arm attendees with a stronger foundation by exploring:
- The use cases around how blockchain enhances security
- Blockchain-related products that are actually viable
- How blockchain increase the efficacy of things like vulnerability management and SIEM
- What CISOs should tell their exec stakeholders about blockchain
Jake Williams
IANS Faculty
Jake Williams, the founder of Rendition Infosec, has almost two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding Rendition Infosec, Williams worked with various government agencies in information security and CNO roles. He also works with SANS where he teaches and authors courses in Malware Reverse Engineering, Memory Forensics, Cyber Threat Intelligence, and Advanced Exploit Development. He is the two-time victor of the annual DC3 Forensics Challenge. He has spoken at Blackhat, DEFCON, Shmoocon, CEIC, RSA, EnFuse, and DC3 Conference (among others). His research areas include automating incident response throughout the enterprise, threat modeling and analysis, binary analysis, and malware C2. The primary focus of his work is increasing enterprise security by presenting complex topics in a way that anyone can understand.
Insider Threats
with Jake WilliamsCompanies are usually unaware that a malicious insider is up to no good in their networks until it’s too late. They need help knowing how to identify early red flags. To that end, this session will explore:
- Early red flags to look for
- Security controls you can put in place to detect and prevent insider threat activity
- Top insider threat monitoring solutions, their strengths and weaknesses
- Detection tool essentials
Mike Rothman
IANS Faculty
Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.
Case Study: Building a Better Security Culture
with Mike RothmanCompanies struggle to find a successful recipe for their security culture and need a concrete example of what another company has done to get it right. This session will offer:
- A case study for a company that has succeeded in growing a true security culture
- Three things you can do to change that trajectory and actually make your program effective
- Ways to expand the team with non-traditional security staff (i.e. ambassadors/champions)
Closing Ceremonies
Join us for closing remarks and the chance to win prizes!2019 Atlanta Speakers
Chris Calvert
Respond Software, VP Products
Respond Software, VP Product Strategy and Co-Founder
Chris has over 30 years of experience in defensive information security: 14 years in the defense and intelligence community and 17 years in the commercial industry. He has worked on the Defense Department Joint Staff and held leadership positions in both large and small companies, including IBM and HPE. He has designed, built and managed global security operations centers and incident response teams for six of the global Fortune-50. As he often says, if you have complaints about today’s security operations model, you can partially blame him. It’s from his first-hand experience in learning the limitations of the man vs. data SecOps model that Chris leads product design and strategy for Respond Software.
Presentations
- Lunch & Sponsor Keynote: The Power of AI to Disrupt Security OpsDAY 212:50 PM - 1:40 PM
Russ Currie
Netscout, VP of Enterprise Strategy
As VP of Enterprise Strategy, Russ is responsible for working with enterprise customers, partners and field personnel to ensure that NETSCOUT’s products and solutions aremeeting the needs of our customers and the market. Russ has over 15 years working atNETSCOUT where he has held many technical and marketing roles. Prior to joiningNETSCOUT, Russ had worked in IT managing networks for Fidelity Investments and Digital Equipment Corporation where he installed some of the first production Ethernet networks.
Presentations
- Lunch & Sponsor Keynote: Visibility and Collaboration in the MulticloudDAY 112:00 PM - 12:50 PM
Brian Fricke
CISO, City National Bank
A business-centric technology professional, specializing in strategic Enterprise Information Security Policy and Risk Management, Brian is currently the Chief Information Security Officer of City National Bank. Formally establishing the first of its kind Information Security Programs at BBVA & Bank OZK, he has overseen the information & cyber security risk portfolio of over 600 sites, 30,000 Personnel, and 20,000 systems and endpoints across the globe for public and private entities.
Formerly a civil servant as the CISO and Cyber Security Branch Manager at the US Navy's Military Sealift Command (MSC) at the Washington Navy Yard in Washington, DC. Brian is a Certified Information Systems Security Professional (CISSP) and holds a variety of relevant certifications (CISM, CCSP, CSSLP etc.). In his role at MSC he was responsible for planning, organizing and managing the implementation of cyber security industry best practice, as well as DoD & Federal cyber security mandates. A former active duty Marine, he has worked at the Joint Chiefs of Staff in the Pentagon, the US Agency for International Development (USAID), the Securities Exchange Commission (SEC) in Manhattan and was an officer of the Board of Directors of OutServe, a 501(c)(3) non-profit. He was Class President of the The George Washington University School of Business, World Executive MBA, Class of 2013, and also holds a Graduate Certificate in Strategic Cybersecurity Enforcement.
Presentations
- A Keynote Discussion with CNB’s Brian Fricke: Getting Real & Tangible Around Risk ManagementDAY 19:00 AM - 9:30 AM
Dave Kennedy
IANS Faculty
Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.
Presentations
- New Threat Hunting TechniquesDAY 11:00 PM - 2:15 PM
- How to Fill SIEM Gaps with UEBA/SOARDAY 14:15 PM - 4:50 PM
- IANS Faculty Keynote: The Five Things That MatterDAY 29:00 AM - 9:30 AM
- Deception and HoneypotsDAY 211:20 AM - 12:50 PM
Ondrej Krehel
IANS Faculty
Ondrej Krehel is the CEO and Founder of LIFARS LLC, an international cybersecurity and digital forensics firm. He’s the former Chief Information Security Officer of Identity Theft 911, the nation’s premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters—from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal and The New York Times, among many others.
Presentations
- The Changing Face of RansomwareDAY 110:35 AM - 11:10 AM
- Bringing Red/Blue/Purple Teaming into BalanceDAY 11:00 PM - 2:15 PM
- Blockchain: What Your Vendors Have and How to Use ItDAY 23:20 PM - 4:20 PM
Chris Nickerson
IANS Faculty
Chris Nickerson, CEO of Lares, has spent the last 20 years of his career leading, inspiring, and sometimes irritating, the security industry. With Lares co-Founder Eric M. Smith, he created the unique methodology used at Lares to assess, implement, and manage information security realistically and effectively. Collaborating with a group of other InfoSec researchers, he founded the Penetration Testing Execution Standard (PTES), and is working with the Red Team Alliance Training Collective to create a certification for Red Team Testing. He is one of the founders of the Security BSides conferences, he’s been a keynote, speaker, and/or trainer at more than fifty InfoSec conferences worldwide, including DEFCON, CyberWeek, and BlackHat. He’s a member and certification holder with ISACA, on the board of CREST, and holds CISSP, CISA, BS7799, and NSA IAM certifications. His book, Red Team Testing, is upcoming from Elsevier/Syngress. And despite all that, he is perhaps best known for his appearance on the TV show Tiger Team on TruTV, and his TED Talk, Hackers are all about curiosity, and security is just a feeling.
Presentations
- Bringing Red/Blue/Purple Teaming into BalanceDAY 11:00 PM - 2:15 PM
Mike Rothman
IANS Faculty
Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.
Presentations
- DevSecOps Business CasesDAY 110:35 AM - 11:10 AM
- Advances in Network VisibilityDAY 14:15 PM - 4:50 PM
- The Cloud Security Maturity RoadmapDAY 211:20 AM - 12:50 PM
- Case Study: Building a Better Security CultureDAY 23:20 PM - 4:20 PM
Dave Shackleford
IANS Faculty
Dave is the Founder and Principal Consultant with Voodoo Security and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book Virtualization Security: Protecting Virtualized Environments, leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. Dave has his CISSP and SANS GIAC, and received his Bachelor's degree in Microbiology/Psychology and Computer Information Systems, and also has an MBA from GA Tech, GA State, and Kennesaw State University. When he has time, Dave enjoys running, camping, cooking and playing music (piano, guitar and DJing).
Presentations
- File Security: Tools and Techniques in 2019DAY 110:35 AM - 11:10 AM
- Choosing a Cloud ProviderDAY 11:00 PM - 2:15 PM
- Getting Control of Container SecurityDAY 14:15 PM - 4:50 PM
- Breaking a Failed Vulnerability Management CycleDAY 211:20 AM - 12:50 PM
- Security Tools for a Multi-Platform Cloud EnvironmentDAY 23:20 PM - 4:20 PM
Aaron Turner
IANS Faculty
Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.
Presentations
- Advancements in Secure Remote AccessDAY 110:35 AM - 11:10 AM
- Vendor Optimization: Thinning the HerdDAY 11:00 PM - 2:15 PM
- Email in the Cloud: Stress Testing Office 365 AppsDAY 14:15 PM - 4:50 PM
- Prioritizing Privilege ManagementDAY 211:20 AM - 12:50 PM
- Cutting Through the AI/ML Vendor HypeDAY 23:20 PM - 4:20 PM
Jake Williams
IANS Faculty
Jake Williams, the founder of Rendition Infosec, has almost two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding Rendition Infosec, Williams worked with various government agencies in information security and CNO roles. He also works with SANS where he teaches and authors courses in Malware Reverse Engineering, Memory Forensics, Cyber Threat Intelligence, and Advanced Exploit Development. He is the two-time victor of the annual DC3 Forensics Challenge. He has spoken at Blackhat, DEFCON, Shmoocon, CEIC, RSA, EnFuse, and DC3 Conference (among others). His research areas include automating incident response throughout the enterprise, threat modeling and analysis, binary analysis, and malware C2. The primary focus of his work is increasing enterprise security by presenting complex topics in a way that anyone can understand.
Presentations
- Bug Bounties: Do-it-Yourself vs CrowdsourcingDAY 110:35 AM - 11:10 AM
- Adapting the SOC to a Cloud EnvironmentDAY 11:00 PM - 2:15 PM
- Phishing and Social Engineering: New Solutions to an Old ProblemDAY 14:15 PM - 4:50 PM
- Cryptojacking & Cryptocurrency Mining: Defensive MeasuresDAY 211:20 AM - 12:50 PM
- Insider ThreatsDAY 23:20 PM - 4:20 PM
Platinum Sponsors
NETSCOUT
NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT) assures digital business services against disruptions in availability, performance, and security. Our nGenius service assurance solutions provide real-time, contextual analysis of service, network, and application performance. Arbor security solutions protect against DDoS attacks that threaten availability and advanced threats that infiltrate networks to steal critical business assets. To learn more about improving service, network, and application performance in physical or virtual data centers, or in the cloud, and how NETSCOUT’s performance and security solutions, powered by service intelligence can help you move forward with confidence, visit www.netscout.com or follow @NETSCOUT and @ArborNetworks on Twitter, Facebook, or LinkedIn.
Respond
Respond Software delivers instant return on investment (ROI) to organizations in their battle against cyber-crime. With its patented intelligent decision engine, PGO®, Respond Software’s product uniquely combines the best of human expert judgement with the scale and consistency of software. Our quick-to-implement cybersecurity automation software delivers the equivalent of a virtual, best-of-breed analyst team that dramatically increases capacity and improves monitoring and triage capabilities at a fraction of the cost. Respond Software was founded in 2016 by security and software industry veterans. www.respond-software.com
Gold Sponsors
Aqua Security
Contrast Security
Contrast Security enables applications to automatically detect and fix vulnerabilities, identify attacks, and defend themselves. Contrast employs security instrumentation to strengthen applications before they deploy, protect in production and provide visibility throughout the application lifecycle. More information can be found at www.contrastsecurity.com or by following Contrast on Twitter at @ContrastSec.
CyCognito
CyCognito's platform provides organizations a complete Attack Surface analysis from a sophisticated attacker point of view.
Gigamon
Illumio
Nyotron
Nyotron has turned the security paradigm upside down by focusing on the damage stage or the intended outcome behind the attack. Traditional as well as next-generation endpoint security technologies attempt to prevent attacker’s entry into the enterprise, whether at the perimeter or the endpoint, acting like gates that can be bypassed. We assume that given enough time targeted and unknown threats will bypass your existing security controls. Our engine has mapped legitimate operating system behavior, so when an attack attempts to delete, exfiltrate or encrypt files, we know the actions shouldn’t be allowed and stop the damage from executing.
Founded in 2012, Nyotron is headquartered in Santa Clara, CA with R&D in Israel. Nyotron has earned a top score of 5 stars from SC Magazine in its review of Endpoint Security Platforms, won GOLD in the 2017 IT World Awards for Endpoint Security and was designated as the 2017 HOT COMPANY in Endpoint Security by Cyber Defense Magazine.
SentinelOne
SentinelOne, headquartered in Mountain View, California, is a provider of next-generation endpoint security, serving more than 2000 customers globally, including 3 of the Fortune 10. Leveraging a single autonomous agent architecture and cloud analytics platform – the SentinelOne solution enables customers to defend against the most advanced cyber threats, including malware, ransomware, and non-malware attacks. Deployed via the cloud, on premise or as a multi-tenant managed service, customers use SentinelOne to protect their servers, VDI, cloud and endpoint systems (including cross platform coverage for Windows, Windows legacy, macOS, and Linux), hunt threats, and replace legacy antivirus. Visit sentinelone.com to learn more.
Tanium
Tanium gives the world’s largest enterprises and government organizations the unique power to secure, control, and manage millions of endpoints across the enterprise within seconds. Serving as the “central nervous system” for enterprises, Tanium empowers security and IT operations teams to ask questions about the state of every endpoint across the enterprise in plain English, retrieve data on their current and historical state, and execute change as necessary, all within seconds. With the unprecedented speed, scale, and simplicity of Tanium, organizations now have complete and accurate information on the state of endpoints at all times to more effectively protect against modern day threats and realize new levels of efficiency in IT operations. Visit us at www.tanium.com or follow us on Twitter at @Tanium.
Votiro
ZeroFOX
ZeroFOX, the innovator of social media & digital security, protects modern organizations from dynamic security, brand and physical risks across social, mobile, web and collaboration platforms. Using targeted data collection and artificial intelligence-based analysis, ZeroFOX protects modern organizations from targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. Recognized as a Leader in Digital Risk Monitoring by Forrester, the patented ZeroFOX SaaS platform processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, HipChat, Instagram, Reddit, Pastebin, Tumblr, YouTube, VK, mobile app stores, the deep & dark web, domains and more.
Led by a team of information security and high-growth company veterans, ZeroFOX has raised nearly $100M in funding from NEA, Highland Capital, Silver Lake Waterman, Redline Capital and others, and has collected top industry awards such as Red Herring North America Top 100, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.
Silver Sponsors
Armis
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
Cobalt
Code42
Code42 is the leader in data loss protection, visibility and recovery solutions. Native to the cloud, the Code42 Next-Gen Data Loss Protection solution rapidly detects insider threats, satisfies regulatory compliance requirements and speeds incident response — all without lengthy deployments, complex policy management or blocks on user collaboration. Security, IT and compliance professionals can protect endpoint and cloud data from loss, leak and theft while maintaining an open and collaborative culture for employees.
Founded in 2001, more than 50,000 organizations worldwide, including the most recognized brands in business and education, rely on Code42 to safeguard their ideas. The company is headquartered in Minneapolis, Minnesota, and backed by Accel Partners, JMI Equity, NEA and Split Rock Partners. For more information, visit code42.com, read Code42’s blog or follow the company on Twitter.
CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to protect against cyber threats before attacks can escalate and do irreparable damage.
Deep Instinct
GuidePoint Security
GuidePoint Security is an elite team of top certified cybersecurity experts. We help organizations minimize cyber gaps and vulnerabilities, understand the evolving threat landscape and optimize resources designed to create a safer, more secure cybersecurity ecosystem. Learn more at www.guidepointsecurity.com.
Lastline
Malwarebytes
Malwarebytes is the most trusted endpoint security company in the world. Malwarebytes proactively protects people and businesses against malicious threats, including ransomware, that traditional antivirus solutions miss. The company’s flagship product uses signature-less technologies to detect and stop a cyberattack before damage occurs.
NCC Group
NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape.
With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
Tenable Inc.
Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies.
Vectra
Hyatt Regency Atlanta
265 Peachtree St NE, Atlanta, GA 30303
Room Rate:
$239per night plus tax
Onsite Questions
Are the presentations available for viewing after the Forum?
All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.
Does IANS provide a Mobile App?
The IANS Information Security Forum App will be available 1 week prior to the event. To download the Mobile App go to the App Store or Google Play Store on your device and search IANS.
How can I promote my involvement with the event?
Please share your thoughts and excitement using our event hashtags found at the top of this page.
How can I submit my feedback on the Forum?
We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.
Is there free Wi-Fi onsite?
Free Wi-Fi will be provided throughout the Forum in conference areas.
What can I expect when I attend an IANS event?
When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.
What is the best way to stay updated before and during the Forum?
For all updates please download the IANS Mobile App or follow us on Twitter.
Where do I pick up my badge and registration material?
Your badge and registration materials will be available to pick-up at the registration desk. Registration starts at 7:30am.
Will there be opportunities to network with peers and sponsors?
There will be chances to network with your peers during the lunches, breaks and the networking reception at the end of day one.
Sponsorship Questions
Are there still sponsorship opportunities?
Please contact Eric Bartczak at sponsorships@iansresearch.com for more information.
Will there be opportunities to network with peers and sponsors?
IANS offers a Silver, Gold and Platinum level sponsorship. Please visit the Event Sponsors Page for more information.
Registration Questions
Can I earn continuing education credits for attending the forum?
Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.
What is the registration fee?
The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.
What time does the Forum begin and end?
The Forum officially begins on Day 1 at 7:30am and ends on Day 2 at 4:40pm.
What's the registration deadline?
You can register for and IANS event up to the day of the event.General Information
Cancellations
IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.
Hotel Cancellations
If you have booked a hotel room with IANS during the registration process or you have reached out to an IANS team member regarding booking a room, please note our venues have a cancellation policy of 48 hours. If you do not cancel your reservation through your online registration or in writing to IANS, you will be charged for the night(s) in which you have failed to cancel.
Terms and Conditions
This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.
Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.
IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.
Photography, Audio & Video Recording
IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.
IANS Code of Conduct
IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.
IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.
If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.
If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.
We expect participants to follow these rules at all event venues and event-related social activities.
Housing & Travel Questions
How can I book a hotel room?
All hotel requests must be made through the registration site.
How can I cancel my hotel reservation?
Most of our hotel venues have a 72 hour cancellation policy. You must cancel by contacting one of the IANS team members or through the online registration. If you fail to do so you will be charged for the night(s) in which you have failed to cancel.
Is parking provided?
IANS does not cover any parking.
What hotel accommodations are available during the Forum?
IANS provides a room block for forum events. There will be a limited number of rooms available at the discounted rate.
Will I receive a hotel confirmation number?
You will receive a hotel confirmation number 2 weeks prior to the Forum.
