2020 Minneapolis
Information Security Forum

#IANSMinneapolis #IANSEvents

April 14 - 15, 2020
Hyatt Regency Minneapolis, Minneapolis, MN

The IANS 2020 Minneapolis Information Security Forum delivers an immersive curriculum with 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers. Attend the two-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise security leaders. Network with peers to benchmark your information security practices and engage with IANS Faculty during interactive sessions.

Let your colleagues know you're coming!
Register

Forum Agenda

7:30 AM - 8:30 AM

Registration & Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Security Operations

Cutting-Edge Security Operations in the Cloud

with George Gerchow

Security teams know they need to scale their security operations program in the cloud, but how? This session takes attendees through the nuts and bolts of creating a cloud-based, cutting-edge security operations center (SOC), including:

  • Approaches to automation
  • How to foster more well-rounded team members who can handle tasks outside their daily focus
  • Differences between security operations as part of IT, and information security groups that focus on governance and oversight
  • Understanding when security operations are best insourced or outsourced
  • Examples of how successful organizations deploy their information security resources around the globe
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Security Operations

Incident Response: Fixing What’s Wrong with Crisis Management

with Dave Kennedy

Security teams are getting better at the technical side of incident response, but crisis management is still a pain point. This session details how to quickly and efficiently manage a crisis when the crush is on. This session explores:

  • Tips to help first responders take charge, including the art of speaking in short sentences and keeping a journal
  • Case study: What we can learn from the SEAL team approach
  • How integrating OODA (observe, orient, decide and act) Loop principals across the culture results in a faster, more effective crisis response
  • How agreed-on values and beliefs guide decision-making when pressure is extreme
  • How leaders’ character, substance and style impact those around them
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Security Operations

SecOps and Open Source: When It Works and When It Doesn’t

with George Gerchow

Before adopting open source tools for SecOps, security teams must first understand where they stand on the maturity curve. Many times, these tools are useful in smaller, less mature environments, but not necessarily in advanced operations. This session explores:

  • Which tools are appropriate for smaller teams
  • Which tools, if any, are applicable to large security operations
  • Which tools provide cost benefits, and which carry hidden costs
  • Effective SecOps applications of open source tools like CloudSeeker, ELK Stack, Autopsy, Maltego, NetworkMiner and RegRipper
davi-ottenheimer

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

Security Operations

Using AI/ML to Optimize SecOps

with Davi Ottenheimer

AI/ML technology can help them make more accurate decisions, but only if security teams feed the right data into the machine. This session explains how to grab and input the right data from five primary log data sources:

  • Network (traffic flows)
  • Infrastructure (servers)
  • Database
  • Applications
  • Identity and access management (IAM)/people

From there, we explore what clean, relevant, actionable and business-driven data truly looks like.

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Security Operations

Log Management in the Cloud

with George Gerchow

Getting cloud log management up and running is one thing; tailoring it to your workflows is another. This session outlines the latest cloud log management tools and techniques, including:

  • Comparing/contrasting vendor tools to grab log data and upload it into threat detection tools
  • Creating alerts that will pull more meaningful insights from the logs
  • How to focus on this from cloud to cloud as opposed to on-prem to cloud
kevin-johnson

Kevin Johnson

IANS Faculty

Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis

Security Architecture

IoT in the Enterprise: Minimizing the Risks

with Kevin Johnson

There’s no clear consensus on who is responsible for managing risks associated with IoT devices in an organization. Security teams need help clearing up that confusion. This session will review:

  • Where all the IoT devices are
  • Who should be in charge of security risks related to IoT
  • How to assemble a responsibility tree for who does what in the event of an IoT-related compromise
davi-ottenheimer

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

Security Architecture

Successful DevSecOps: Understanding the Business Cases

with Davi Ottenheimer

Companies still struggle to get developers and security on the same page. It’s time to learn from those who’ve notched DevSecOps successes. This session explores:

  • Case studies of DevSecOps done right
  • How to measure your maturity for DevSecOps (Phase 1 to Phase 5)
  • Putting the “Shift Left” DevSecOps workflow in place
  • How DevSecOps creates secure cloud deployments
  • How to use DevSecOps to improve internet-of-things (IoT) security at the development stage
wolfgang-goerlich

J Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Security Architecture

Zero Trust Principles: Making Them Work for You

with J Wolfgang Goerlich

Security teams need to understand both what zero trust principals are and how to properly implement them across the organization. This session starts with the nuts and bolts that make up zero trust, then delves into:

  • How zero trust architecture lowers the risk of common attacks, including account takeovers, insider threats, web and cloud app risks, and IoT and device compromises
  • Real-world examples of successful zero trust in action
  • Legacy tech that doesn’t play well with zero trust and what to do about it
wolfgang-goerlich

J Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Security Architecture

Beyond Passwords: Where Biometrics Fit In

with J Wolfgang Goerlich

Security teams have explored biometrics as an option to eliminate passwords for authentication. But with such methods as facial recognition under fire, they need to separate sensational headlines from the realities of where biometrics may or may be viable. This session:

  • Recaps the privacy and legal ramifications of biometrics (e.g., facial recognition)
  • Explores biometrics use cases, including document validation, authentication and lie detection
  • Explores the full spectrum of tools worth considering in the pursuit of passwordless authentication
wolfgang-goerlich

J Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Security Architecture

IAM and File Security: Advanced Tools and Techniques

with J Wolfgang Goerlich

Employees and contractors still end up with advanced file access permissions when they shouldn’t. Security teams need to know what they’re doing wrong in file security and what tools/techniques can help them fix this problem. This session explores:

  • How to reduce your attack surface more effectively
  • How to marry security objectives with compliance/business objectives when setting file access perimeters
  • Key considerations for cloud and mobile
kevin-johnson

Kevin Johnson

IANS Faculty

Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis

Threats & Vulnerabilities

Application Security: Fixing the Legacy App Problem

with Kevin Johnson

Large companies – especially post-M&A – tend to ignore legacy apps in favor of implementing new technology. This results in old apps sitting on the network with vulnerabilities attackers easily exploit. This session explores how to:

  • Protect legacy apps long enough to either come up with a graceful transition or update them
  • Design a more effective, advanced and automated inventory process
  • Get a better sense for how to triage the most troublesome apps
  • Better optimize unused features in older apps before rushing to new apps
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Threats & Vulnerabilities

Insider Threats: Rooting Them Out

with Dave Kennedy

Companies are usually unaware when a malicious insider is up to no good in their networks until it’s too late. This session explores:

  • Early red flags to look for
  • Security controls to detect and prevent insider threat activity
  • Top insider threat monitoring solutions, and their strengths and weaknesses
  • Detection tool essentials
  • How to better coordinate investigations with human resources and legal
kevin-johnson

Kevin Johnson

IANS Faculty

Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis

Threats & Vulnerabilities

Open Source Tools and Techniques for Threat/Vulnerability Management

with Kevin Johnson

To use open source tools, security teams must first understand where they stand on the maturity curve. Typically, open source threat/vulnerability tools are most useful in smaller environments. This session offers step-by-step guidance to determine where your team fits and how to:

  • Scale your open source approach to the business
  • Understand what regulators require when it comes to open source usage
  • Determine which tools are appropriate for beginners of open source vs. more advanced users
  • Determine which tools provide cost benefits and which carry hidden costs
  • Use tools that might be a good fit for your environment, including:
    • MX Toolbox for email diagnostics, blacklisting, MX records and DMARC
    • AVG LinkScanner Drop Zone for analyzing URLs in real time
    • IPVoid for scanning IP addresses using multiple DNS-based blacklists
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Threats & Vulnerabilities

Practical Applications for MITRE ATT&CK

with Dave Kennedy

MITRE ATT&CK has enormous potential as a security Swiss Army knife, but security teams need a soup-to-nuts breakdown for how best to apply it in their environments. This session explores how to make MITRE ATT&CK part of your daily security practices, including:

  • Using the framework to identify the most efficient ways to improve adversarial defenses
  • Understanding the framework is NOT technique-driven -- it’s about understanding attack lifecycles and building a defense
  • Leveraging balanced scorecards for direct tracking of capabilities
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Threats & Vulnerabilities

Threat Hunting Techniques for 2020

with Dave Kennedy

Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play. This session explores:

  • Host and network-based techniques for identifying advanced attackers and threats to customer networks
  • How to position hunt teams to directly increase the overall maturity and return on investment (ROI) of their monitoring and detection capabilities
  • Detecting abnormal patterns of behavior
  • Tips to better incorporate threat hunting into purple teaming
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Threats & Vulnerabilities

Defending Against Nation-State Attacks

with Dave Kennedy

Nation states are increasingly targeting Fortune-class companies in an effort to steal their intellectual property. Large security teams need to learn from case studies of recent attacks and develop strategies and tactics to protect their own environments. This session explores:

  • Recent nation-state targets and what attackers were looking for
  • What those companies did right, and what they did wrong in their defenses and incident response
  • Tools and techniques companies should consider to defend against future attacks
wolfgang-goerlich

J Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

GRC

Building a Three-Year Strategic GRC Roadmap

with J Wolfgang Goerlich

Security leaders need to know which strategic areas to focus on long term and how to prevent those from being cast aside by day-to-day brush fires. What should they delegate and what are some tips to stay focused on the big picture, whether it concerns risk management or compliance? This session explores:

  • Key information security risks, how they should be determined, what projects are under way to mitigate them and what the timelines should look like
  • A governance process that ensures information security activities – including key risk indicators (KRIs), and compliance checklists – are performed with proper oversight
  • Tips to minimize risk at the outset by making better decisions
wolfgang-goerlich

J Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

GRC

Improving Your Three Lines of Defense

with J Wolfgang Goerlich

The Three Lines of Defense model remains poorly understood. The three lines get blurred within many organizations and security teams need help understanding what they are. This session breaks down the components, clarifies who does what and explores tools that help. Topics include:

  • How to spread accountability across the board by breaking down which groups fall where inside the three lines of defense
  • How to optimize RSA Archer, ServiceNow and other good risk management tools
  • How to find and deal with older technology and procedures nearing end of life
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

GRC

Recent GDPR Penalties: Key Takeaways

with George Gerchow

Since GDPR took effect in 2018, several companies have been fined for violations. What can teams learn from these company’s mistakes? This session applies lessons learned across all industries, exploring:

  • How companies ran afoul of GDPR, and what they’ve since done right
  • How to avoid their mistakes
  • How to use EU enforcement actions as a guide to assess GDPR strengths and weaknesses
  • How to do so in a way that works across business sectors
davi-ottenheimer

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

GRC

Managing Privacy and Risk in the Social Media Age

with Davi Ottenheimer

Facebook, Twitter and LinkedIn aren’t going anywhere. Security teams need the latest best practices for monitoring and effectively locking down employee social media use to avoid being an easy target for attackers. This session explores:

  • Where current methods of tracking employee social media use fail and how to fix it
  • Tools and techniques to quickly find and eradicate malware injected into company networks via social media usage
  • How well (or not so well) cloud-based email systems interact with social media platforms
4:45 PM - 5:45 PM

Networking Reception

Come network with your peers! Hors d'eouvres and cocktails will be served!

2020 Minneapolis Speakers

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Presentations
  • Cutting-Edge Security Operations in the CloudForum Agenda8:35 AM - 8:40 AM
  • SecOps and Open Source: When It Works and When It Doesn’tForum Agenda8:40 AM - 8:45 AM
  • Log Management in the CloudForum Agenda8:50 AM - 8:55 AM
  • Recent GDPR Penalties: Key TakeawaysForum Agenda10:00 AM - 10:05 AM
wolfgang-goerlich

J Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Presentations
  • Zero Trust Principles: Making Them Work for YouForum Agenda9:05 AM - 9:10 AM
  • Beyond Passwords: Where Biometrics Fit InForum Agenda9:10 AM - 9:15 AM
  • IAM and File Security: Advanced Tools and TechniquesForum Agenda9:15 AM - 9:20 AM
  • Building a Three-Year Strategic GRC RoadmapForum Agenda9:50 AM - 9:55 AM
  • Improving Your Three Lines of DefenseForum Agenda9:55 AM - 10:00 AM
kevin-johnson

Kevin Johnson

IANS Faculty

Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis

Presentations
  • IoT in the Enterprise: Minimizing the RisksForum Agenda8:55 AM - 9:00 AM
  • Application Security: Fixing the Legacy App ProblemForum Agenda9:20 AM - 9:25 AM
  • Open Source Tools and Techniques for Threat/Vulnerability ManagementForum Agenda9:30 AM - 9:35 AM
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Presentations
  • Incident Response: Fixing What’s Wrong with Crisis ManagementForum Agenda8:35 AM - 8:40 AM
  • Insider Threats: Rooting Them OutForum Agenda9:25 AM - 9:30 AM
  • Practical Applications for MITRE ATT&CKForum Agenda9:35 AM - 9:40 AM
  • Threat Hunting Techniques for 2020Forum Agenda9:40 AM - 9:45 AM
  • Defending Against Nation-State AttacksForum Agenda9:45 AM - 9:50 AM
davi-ottenheimer

Davi Ottenheimer

IANS Faculty

Davi is Security Architect at Inrupt, Inc., a company that supports Solid, a web decentralization project founded by the inventor of the World Wide Web, Tim Berners-Lee. He is also the Founder and President of flying penguin LLC, an information security consulting firm that focuses on risk mitigation and incident response solutions. Additionally, he serves as a Visiting Lecturer at St Pölten University of Applied Sciences (Fachhochschule St Pölten) in Austria, an Affiliate for the Policy Innovation Lab of Tomorrow (PILOT) at Penn State University, as well as an Advisory Board Member at Cyral, Anjuana Security, and Accenture. Davi has helped serve customer data protection needs across many industries including data storage and management, software, investment, banking, international retail, as well as higher education, healthcare and aerospace.

Presentations
  • Using AI/ML to Optimize SecOpsForum Agenda8:45 AM - 8:50 AM
  • Successful DevSecOps: Understanding the Business CasesForum Agenda9:00 AM - 9:05 AM
  • Managing Privacy and Risk in the Social Media AgeForum Agenda10:05 AM - 10:10 AM

Hyatt Regency Minneapolis

1300 Nicollet Mall, Minneapolis, MN 55403

Room Rate:

$149

per night plus tax

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Hotel Cancellations

If you have booked a hotel room with IANS during the registration process or you have reached out to an IANS team member regarding booking a room, please note our venues have a cancellation policy of 48 hours. If you do not cancel your reservation through your online registration or in writing to IANS, you will be charged for the night(s) in which you have failed to cancel.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

Photography, Audio & Video Recording

IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Registration Questions

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What's the registration deadline?
You can register for and IANS event up to the day of the event.
What time does the Forum begin and end?

The Forum officially begins on Day 1 at 7:30am and ends on Day 2 at 4:40pm.

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.

Onsite Questions

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers during the lunches, breaks and the networking reception at the end of day one.

Where do I pick up my badge and registration material?

Your badge and registration materials will be available to pick-up at the registration desk. Registration starts at 7:30am.

Does IANS provide a Mobile App?

The IANS Information Security Forum App will be available 1 week prior to the event. To download the Mobile App go to the App Store or Google Play Store on your device and search IANS.

What is the best way to stay updated before and during the Forum?

For all updates please download the IANS Mobile App or follow us on Twitter.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

Is there free Wi-Fi onsite?

Free Wi-Fi will be provided throughout the Forum in conference areas.

Are the presentations available for viewing after the Forum?

All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.

Housing & Travel Questions

What hotel accommodations are available during the Forum?

IANS provides a room block for forum events. There will be a limited number of rooms available at the discounted rate.

How can I book a hotel room?

All hotel requests must be made through the registration site.

How can I cancel my hotel reservation?

Most of our hotel venues have a 72 hour cancellation policy. You must cancel by contacting one of the IANS team members or through the online registration. If you fail to do so you will be charged for the night(s) in which you have failed to cancel.

Will I receive a hotel confirmation number?

You will receive a hotel confirmation number 2 weeks prior to the Forum.

Is parking provided?

IANS does not cover any parking.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for information security practitioners across all industries. Attendees include CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Interested in Forum Sponsorship? Learn More.

Check out IANS other upcoming events