2020 Dallas Information Security Forum

Forum Agenda

Forum Agenda

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Security Operations

SecOps and Open Source: When It Works and When It Doesn’t

with

Before adopting open source tools for SecOps, security teams must first understand where they stand on the maturity curve. Many times, these tools are useful in smaller, less mature environments, but not necessarily in advanced operations. This session explores:

Which tools are appropriate for smaller teams
Which tools, if any, are applicable to large security operations
Which tools provide cost benefits, and which carry hidden costs
Effective SecOps applications of open source tools like CloudSeeker, ELK Stack, Autopsy, Maltego, NetworkMiner and RegRipper

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Security Operations

Cutting-Edge Security Operations in the Cloud

with

Security teams know they need to scale their security operations program in the cloud, but how? This session takes attendees through the nuts and bolts of creating a cloud-based, cutting-edge security operations center (SOC), including:

Approaches to automation
How to foster more well-rounded team members who can handle tasks outside their daily focus
Differences between security operations as part of IT, and information security groups that focus on governance and oversight
Understanding when security operations are best insourced or outsourced
Examples of how successful organizations deploy their information security resources around the globe

John Visneski

IANS Faculty

John is the Director of Information Security and Data Protection Officer at The Pokémon Company International where he has built their security team and achieved GDPR Compliance. Before joining Pokémon, he served as a Cyberspace Operations Officer for the US Air Force where he supported operations in Iraq and Afghanistan. John also served as Chief of Executive Communications for the Chief of Staff and Secretary of the US Air Force supporting intelligence operations that shaped policy at the Pentagon.

Security Operations

Incident Response: Fixing What’s Wrong with Crisis Management

with

Security teams are getting better at the technical side of incident response, but crisis management is still a pain point. This session details how to quickly and efficiently manage a crisis when the crush is on. This session explores:

Tips to help first responders take charge, including the art of speaking in short sentences and keeping a journal
Case study: What we can learn from the SEAL team approach
How integrating OODA (observe, orient, decide and act) Loop principals across the culture results in a faster, more effective crisis response
How agreed-on values and beliefs guide decision-making when pressure is extreme
How leaders’ character, substance and style impact those around them

Dave Shackleford

IANS Faculty

Security Operations

Log Management in the Cloud

with

Getting cloud log management up and running is one thing; tailoring it to your workflows is another. This session outlines the latest cloud log management tools and techniques, including:

Comparing/contrasting vendor tools to grab log data and upload it into threat detection tools
Creating alerts that will pull more meaningful insights from the logs
How to focus on this from cloud to cloud as opposed to on-prem to cloud

Mike Rothman

IANS Faculty

Security Operations

SIEM Alert Overload: Cutting Through the Noise

with

Overwhelmed by SIEM alerts? Then it’s time to focus on better-defined logging and fine-tuning your alert triggers. This session explores:

Specific network activities to log
What requires an alert and what doesn’t
Creating a step-by-step action plan to better tune your SIEM
Using security orchestration, automation and response (SOAR) and user and entity behavior analytics (UEBA) to enhance detection

Mike Rothman

IANS Faculty

Security Architecture

Advancing Cloud Security: A Roadmap

with

Small teams are stuck at the ground level for cloud security and need to mature. Large teams continue to struggle when designing cloud architecture, managing apps and configuring systems. Both need to know what they’re doing wrong and how to do it right. This session begins with a brief overview of the IANS/Securosis Cloud Security Maturity Model and then explores fresh guidance to improve SecOps and DevOps in the cloud, including:

How to build an automation framework for SecOps in the cloud
How to build a library of design patterns that development teams can use to develop stronger code in the cloud
How to know when you’ve reached the point within cloud security where you don’t actually have to be involved because everything is being built into code and infrastructure

Dave Shackleford

IANS Faculty

Security Architecture

IAM and File Security: Advanced Tools and Techniques

with

Employees and contractors still end up with advanced file access permissions when they shouldn’t. Security teams need to know what they’re doing wrong in file security and what tools/techniques can help them fix this problem. This session explores:

How to reduce your attack surface more effectively
How to marry security objectives with compliance/business objectives when setting file access perimeters
Key considerations for cloud and mobile

Mike Rothman

IANS Faculty

Security Architecture

Beyond Passwords: Where Biometrics Fit In

with

Security teams have explored biometrics as an option to eliminate passwords for authentication. But with such methods as facial recognition under fire, they need to separate sensational headlines from the realities of where biometrics may or may be viable. This session:

Recaps the privacy and legal ramifications of biometrics (e.g., facial recognition)
Explores biometrics use cases, including document validation, authentication and lie detection
Explores the full spectrum of tools worth considering in the pursuit of passwordless authentication

Bill Dean

IANS Faculty

Bill is a Shareholder at LBMC Information Security,where he is responsible for security assessments, incident response, digital forensics, electronic discovery and overall litigation support. He also serves as an expert witness in federal courts and numerous state courts and has conducted digital forensic investigations and electronic discovery services to support litigation efforts. He is also an active member of the International Society for Forensic Computer Examiners and Board Member in East Tennessee’s InfraGard Chapter.

Threats & Vulnerabilities

Building and Optimizing a Threat Intel Program

with

Less mature security teams need step-by-step guidance to take their threat intelligence tactics to a more advanced level. This session explores:

Getting more out of open source threat intelligence sources such as LinkedIn, Twitter and news feeds
How to think critically and develop analytical judgments you can then communicate to leaders who have to make decisions
Data quality vs. quantity
Native language analysis
Getting access to source data and knowing how to use it

Ron Ritchey

IANS Faculty

Ron is a seasoned technologist specializing in cyber security with over 30 years of experience in the IT industry. Currently, he is the global lead for Cyber Architecture at JP Morgan Chase. His group is responsible for designing secure solutions to support their clients and employees. He is also an active researcher and speaker in the Information Assurance (IA) field and is widely published on network security topics including co-authoring books on Software Assurance and Insider Threats.

Threats & Vulnerabilities

Application Security: Fixing the Legacy App Problem

with

Large companies – especially post-M&A – tend to ignore legacy apps in favor of implementing new technology. This results in old apps sitting on the network with vulnerabilities attackers easily exploit. This session explores how to:

Protect legacy apps long enough to either come up with a graceful transition or update them
Design a more effective, advanced and automated inventory process
Get a better sense for how to triage the most troublesome apps
Better optimize unused features in older apps before rushing to new apps

Bill Dean

IANS Faculty

Threats & Vulnerabilities

Insider Threats: Rooting Them Out

with

Companies are usually unaware when a malicious insider is up to no good in their networks until it’s too late. This session explores:

Early red flags to look for
Security controls to detect and prevent insider threat activity
Top insider threat monitoring solutions, and their strengths and weaknesses
Detection tool essentials
How to better coordinate investigations with human resources and legal

Bill Dean

IANS Faculty

Threats & Vulnerabilities

Threat Hunting Techniques for 2020

with

Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. This session explores:

Host and network-based techniques for identifying advanced attackers and threats to customer networks
How to position hunt teams to directly increase the overall maturity and return on investment (ROI) of their monitoring and detection capabilities
Detecting abnormal patterns of behavior
Tips to better incorporate threat hunting into purple teaming

John Visneski

IANS Faculty

GRC

Best Practices for Managing Third-Party Contractors

with

Companies lack sufficient controls to ensure contractors are doing their work securely. Security teams need help building an action plan to lock down contractor access and ensure they are following security procedures. This session explores:

Best practices for pre-onboarding checks and onboarding
How to tier contractors to ensure their access fits only what they need to do their work
A framework to determine situations where contractors require more scrutiny before access is granted, e.g., whether they have access to personally identifiable information (PII)

Dave Shackleford

IANS Faculty

GRC

Tracking Data Flow On-Prem and Off

with

Rapid cloud adoption leads to data and asset sprawl, making it difficult for security teams to know where all their critical data lives. When teams can’t accurately keep track of their data, they can’t stop hackers from compromising and exploiting them. This session uses case studies to explore the lapses that lead to asset and data sprawl, and offers guidelines to avoid it, including:

Differences in managing data assets in Azure vs. AWS vs. Google
Addressing incomplete automation policies and settings
Finding and fixing improper settings that keep artificial intelligence/machine learning from functioning at full power

Ron Ritchey

IANS Faculty

GRC

Building an Advanced Privacy Program

with

Privacy regulation is a moving target, and teams must build an updated, modern privacy program from the ground up. This session explores:

Key areas to mature within your privacy function
Changes needed in people, process and technology
Which responsibilities fall under security vs. privacy

Ron Ritchey

IANS Faculty

GRC

Managing Privacy and Risk in the Social Media Age

with

Facebook, Twitter and LinkedIn aren’t going anywhere. Security teams need the latest best practices for monitoring and effectively locking down employee social media use to avoid being an easy target for attackers. This session explores:

Where current methods of tracking employee social media use fail and how to fix it
Tools and techniques to quickly find and eradicate malware injected into company networks via social media usage
How well (or not so well) cloud-based email systems interact with social media platforms

4:45 PM - 5:45 PM

Networking Reception

Come network with your peers! Hors d'eouvres and cocktails will be served!

2020 Dallas Speakers

Bill Dean

IANS Faculty

Presentations

Building and Optimizing a Threat Intel ProgramForum Agenda9:40 AM - 9:45 AM
Insider Threats: Rooting Them OutForum Agenda9:50 AM - 9:55 AM
Threat Hunting Techniques for 2020Forum Agenda9:55 AM - 10:00 AM

Ron Ritchey

IANS Faculty

Presentations

Application Security: Fixing the Legacy App ProblemForum Agenda9:45 AM - 9:50 AM
Building an Advanced Privacy ProgramForum Agenda10:10 AM - 10:15 AM
Managing Privacy and Risk in the Social Media AgeForum Agenda10:15 AM - 10:20 AM

Mike Rothman

IANS Faculty

Presentations

SecOps and Open Source: When It Works and When It Doesn’tForum Agenda9:00 AM - 9:05 AM
SIEM Alert Overload: Cutting Through the NoiseForum Agenda9:20 AM - 9:25 AM
Advancing Cloud Security: A RoadmapForum Agenda9:25 AM - 9:30 AM
Beyond Passwords: Where Biometrics Fit InForum Agenda9:35 AM - 9:40 AM

Dave Shackleford

IANS Faculty

Presentations

Cutting-Edge Security Operations in the CloudForum Agenda9:05 AM - 9:10 AM
Log Management in the CloudForum Agenda9:15 AM - 9:20 AM
IAM and File Security: Advanced Tools and TechniquesForum Agenda9:30 AM - 9:35 AM
Tracking Data Flow On-Prem and OffForum Agenda10:05 AM - 10:10 AM

John Visneski

IANS Faculty

Presentations

Incident Response: Fixing What’s Wrong with Crisis ManagementForum Agenda9:10 AM - 9:15 AM
Best Practices for Managing Third-Party ContractorsForum Agenda10:00 AM - 10:05 AM

Cityplace Conference Center

2711 N Haskell Ave, Dallas, TX 75204

Hotel: Canopy Dallas Uptown

2950 CityPlace West Blvd, Dallas, TX 75204

Room Rate:

^$200

per night plus tax

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Hotel Cancellations

If you have booked a hotel room with IANS during the registration process or you have reached out to an IANS team member regarding booking a room, please note our venues have a cancellation policy of 48 hours. If you do not cancel your reservation through your online registration or in writing to IANS, you will be charged for the night(s) in which you have failed to cancel.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

Photography, Audio & Video Recording

IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Registration Questions

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What's the registration deadline?

You can register for and IANS event up to the day of the event.

What time does the Forum begin and end?

The Forum officially begins on Day 1 at 7:30am and ends on Day 2 at 4:40pm.

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.

Onsite Questions

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers during the lunches, breaks and the networking reception at the end of day one.

Where do I pick up my badge and registration material?

Your badge and registration materials will be available to pick-up at the registration desk. Registration starts at 7:30am.

Does IANS provide a Mobile App?

The IANS Information Security Forum App will be available 1 week prior to the event. To download the Mobile App go to the App Store or Google Play Store on your device and search IANS.

What is the best way to stay updated before and during the Forum?

For all updates please download the IANS Mobile App or follow us on Twitter.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

Is there free Wi-Fi onsite?

Free Wi-Fi will be provided throughout the Forum in conference areas.

Are the presentations available for viewing after the Forum?

All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.

Housing & Travel Questions

What hotel accommodations are available during the Forum?

IANS provides a room block for forum events. There will be a limited number of rooms available at the discounted rate.

How can I book a hotel room?

All hotel requests must be made through the registration site.

Will I receive a hotel confirmation number?

You will receive a hotel confirmation number 2 weeks prior to the Forum.

Is parking provided?

IANS does not cover any parking.

How can I cancel my hotel reservation?

Most of our hotel venues have a 72 hour cancellation policy. You must cancel by contacting one of the IANS team members or through the online registration. If you fail to do so you will be charged for the night(s) in which you have failed to cancel.

Sponsorship Questions

Will there be opportunities to network with peers and sponsors?

IANS offers a Silver, Gold and Platinum level sponsorship. Please visit the Event Sponsors Page for more information.

Are there still sponsorship opportunities?

Please contact Eric Bartczak at sponsorships@iansresearch.com for more information.