2020 Columbus
Information Security Forum

#IANSColumbus #IANSEvents

April 28, 2020
Hyatt Regency Columbus, Columbus, OH

The IANS 2020 Columbus Information Security Forum delivers an immersive curriculum with 30+ sessions led by esteemed IANS Faculty, global information security thought leaders and solution providers. Attend the one-day Forum to gain actionable technical solutions and leadership insights focused on current and emerging challenges facing enterprise security leaders. Network with peers to benchmark your information security practices and engage with IANS Faculty during interactive sessions.

Let your colleagues know you're coming!
Register

Day 1

7:30 AM - 8:30 AM

Registration & Continental Breakfast

Come check in to receive your program and CPEs while enjoying a complimentary continental breakfast.
8:30 AM - 8:45 AM

IANS Welcome & State of the Industry

Come join us as we welcome you to the Forum.
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

8:45 AM - 9:15 AM

IANS Faculty Keynote: Attack Patterns for the Cloud Era

with Dave Shackleford With tons of high-profile data exposure scenarios and breaches occurring in the cloud over the past several years, it’s important for all security professionals to learn from others’ mistakes and adapt our controls and processes to cloud service provider environments. In this talk, IANS Faculty member Dave Shackleford will walk through some examples of cloud breaches and exposure, describe the threat surface cloud presents, and walk through attack patterns in the cloud that align with frameworks like MITRE ATT&CK.
9:15 AM - 9:30 AM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
9:30 AM - 9:45 AM

Technology Spotlight Sessions Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.``
9:50 AM - 10:05 AM

Technology Spotlight Sessions Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.``
10:10 AM - 10:25 AM

Technology Spotlight Sessions Group 3

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.``
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

10:35 AM - 11:35 AM Security Operations

SIEM Alert Overload: Cutting Through the Noise

with Mike Rothman

Overwhelmed by SIEM alerts? Then it’s time to focus on better-defined logging and fine-tuning your alert triggers. This session explores:

  • Specific network activities to log
  • What requires an alert and what doesn’t
  • Creating a step-by-step action plan to better tune your SIEM
  • Using security orchestration, automation and response (SOAR) and user and entity behavior analytics (UEBA) to enhance detection
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Security Architecture

IAM and File Security: Advanced Tools and Techniques

with Dave Shackleford

Employees and contractors still end up with advanced file access permissions when they shouldn’t. Security teams need to know what they’re doing wrong in file security and what tools/techniques can help them fix this problem. This session explores:

  • How to reduce your attack surface more effectively
  • How to marry security objectives with compliance/business objectives when setting file access perimeters
  • Key considerations for cloud and mobile
tim-medin

Tim Medin

IANS Faculty

Tim is A Principal Consultant and Founder at Red Siege, an information security company focused on adversary emulation and penetration testing. He also serves as the MSISE Program Director, Course Author, and Principal Instructor at the SANS Institute.

Threats & Vulnerabilities

Insider Threats: Rooting Them Out

with Tim Medin

Companies are usually unaware when a malicious insider is up to no good in their networks until it’s too late. This session explores:

  • Early red flags to look for
  • Security controls to detect and prevent insider threat activity
  • Top insider threat monitoring solutions, and their strengths and weaknesses
  • Detection tool essentials
  • How to better coordinate investigations with human resources and legal
11:40 AM - 12:40 PM

Lunch & Keynote Address

More information coming soon.
12:50 PM - 1:05 PM

Technology Spotlight Sessions Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.``
1:10 PM - 1:25 PM

Technology Spotlight Sessions Group 3

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.``
1:30 PM - 1:45 PM

Technology Spotlight Sessions Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
1:50 PM - 2:00 PM

Tabletop Break

IANS Tabletops gives you an opportunity to connect with information security leaders in a relaxed environment. Come stretch your legs and network with your peers and solution providers over snacks and coffee.
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

2:05 PM - 2:50 PM Security Architecture

Advancing Cloud Security: A Roadmap

with Mike Rothman

Small teams are stuck at the ground level for cloud security and need to mature. Large teams continue to struggle when designing cloud architecture, managing apps and configuring systems. Both need to know what they’re doing wrong and how to do it right. This session begins with a brief overview of the IANS/Securosis Cloud Security Maturity Model and then explores fresh guidance to improve SecOps and DevOps in the cloud, including:

  • How to build an automation framework for SecOps in the cloud
  • How to build a library of design patterns that development teams can use to develop stronger code in the cloud
  • How to know when you’ve reached the point within cloud security where you don’t actually have to be involved because everything is being built into code and infrastructure
tim-medin

Tim Medin

IANS Faculty

Tim is A Principal Consultant and Founder at Red Siege, an information security company focused on adversary emulation and penetration testing. He also serves as the MSISE Program Director, Course Author, and Principal Instructor at the SANS Institute.

Threats & Vulnerabilities

Application Security: Fixing the Legacy App Problem

with Tim Medin

Large companies – especially post-M&A – tend to ignore legacy apps in favor of implementing new technology. This results in old apps sitting on the network with vulnerabilities attackers easily exploit. This session explores how to:

  • Protect legacy apps long enough to either come up with a graceful transition or update them
  • Design a more effective, advanced and automated inventory process
  • Get a better sense for how to triage the most troublesome apps
  • Better optimize unused features in older apps before rushing to new apps
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

GRC

Tracking Data Flow On-Prem and Off

with Dave Shackleford

Rapid cloud adoption leads to data and asset sprawl, making it difficult for security teams to know where all their critical data lives. When teams can’t accurately keep track of their data, they can’t stop hackers from compromising and exploiting them. This session uses case studies to explore the lapses that lead to asset and data sprawl, and offers guidelines to avoid it, including:

  • Differences in managing data assets in Azure vs. AWS vs. Google
  • Addressing incomplete automation policies and settings
  • Finding and fixing improper settings that keep artificial intelligence/machine learning from functioning at full power
2:55 PM - 3:10 PM

Technology Spotlight Sessions Group 3

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.``
3:15 PM - 3:30 PM

Technology Spotlight Sessions Group 1

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.
3:35 PM - 3:50 PM

Technology Spotlight Sessions Group 2

Join the Technology Spotlight session where Sponsors will present their innovative technology. Each session will last 35 minutes and are both technical and educational in nature. This is your opportunity to stay current on emerging technologies and see what is going on in the space.``
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

4:00 PM - 5:00 PM Security Architecture

Cloud Open Source Tools/Techniques: When They Work and When They Don’t

with Dave Shackleford

To use open source security architecture tools properly, security teams must first understand where they stand on the maturity curve. Tools that are useful in smaller, less mature environments, may not work for more advanced operations. This session offers step-by-step guidance to determine where your team fits, including:

  • Whether your organization is cloud native or multi-cloud
  • Gauging the right time to go forward with open source
  • Once ready, deciding which tools will be most helpful
tim-medin

Tim Medin

IANS Faculty

Tim is A Principal Consultant and Founder at Red Siege, an information security company focused on adversary emulation and penetration testing. He also serves as the MSISE Program Director, Course Author, and Principal Instructor at the SANS Institute.

Threats & Vulnerabilities

Open Source Tools and Techniques for Threat/Vulnerability Management

with Tim Medin

Large companies – especially post-M&A – tend to ignore legacy apps in favor of implementing new technology. This results in old apps sitting on the network with vulnerabilities attackers easily exploit. This session explores how to:

  • Protect legacy apps long enough to either come up with a graceful transition or update them
  • Design a more effective, advanced and automated inventory process
  • Get a better sense for how to triage the most troublesome apps
  • Better optimize unused features in older apps before rushing to new apps
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

GRC

Managing Privacy and Risk in the Social Media Age

with Mike Rothman

Facebook, Twitter and LinkedIn aren’t going anywhere. Security teams need the latest best practices for monitoring and effectively locking down employee social media use to avoid being an easy target for attackers. This session explores:

  • Where current methods of tracking employee social media use fail and how to fix it
  • Tools and techniques to quickly find and eradicate malware injected into company networks via social media usage
  • How well (or not so well) cloud-based email systems interact with social media platforms
5:00 PM - 6:00 PM

Networking Reception

Come network with your peers!

2020 Columbus Speakers

tim-medin

Tim Medin

IANS Faculty

Tim is A Principal Consultant and Founder at Red Siege, an information security company focused on adversary emulation and penetration testing. He also serves as the MSISE Program Director, Course Author, and Principal Instructor at the SANS Institute.

Presentations
  • Insider Threats: Rooting Them OutDay 110:35 AM - 11:35 AM
  • Application Security: Fixing the Legacy App ProblemDay 12:05 PM - 2:50 PM
  • Open Source Tools and Techniques for Threat/Vulnerability ManagementDay 14:05 PM - 5:05 PM
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Presentations
  • SIEM Alert Overload: Cutting Through the NoiseDay 110:35 AM - 11:35 AM
  • Advancing Cloud Security: A RoadmapDay 12:05 PM - 2:50 PM
  • Managing Privacy and Risk in the Social Media AgeDay 14:05 PM - 5:05 PM
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Presentations
  • IANS Faculty Keynote: Attack Patterns for the Cloud EraDay 18:45 AM - 9:15 AM
  • IAM and File Security: Advanced Tools and TechniquesDay 110:35 AM - 11:35 AM
  • Tracking Data Flow On-Prem and OffDay 12:05 PM - 2:50 PM
  • Cloud Open Source Tools/Techniques: When They Work and When They Don’tDay 14:00 PM - 5:00 PM

Hyatt Regency Columbus

350 N High St, Columbus, OH 43215

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Hotel Cancellations

If you have booked a hotel room with IANS during the registration process or you have reached out to an IANS team member regarding booking a room, please note our venues have a cancellation policy of 48 hours. If you do not cancel your reservation through your online registration or in writing to IANS, you will be charged for the night(s) in which you have failed to cancel.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

Photography, Audio & Video Recording

IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Registration Questions

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What's the registration deadline?
You can register for and IANS event up to the day of the event.
What time does the Forum begin and end?

The Forum officially begins on Day 1 at 7:30am and ends on Day 2 at 4:40pm.

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.

Onsite Questions

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers during the lunches, breaks and the networking reception at the end of day one.

Where do I pick up my badge and registration material?

Your badge and registration materials will be available to pick-up at the registration desk. Registration starts at 7:30am.

Does IANS provide a Mobile App?

The IANS Information Security Forum App will be available 1 week prior to the event. To download the Mobile App go to the App Store or Google Play Store on your device and search IANS.

What is the best way to stay updated before and during the Forum?

For all updates please download the IANS Mobile App or follow us on Twitter.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

Is there free Wi-Fi onsite?

Free Wi-Fi will be provided throughout the Forum in conference areas.

Are the presentations available for viewing after the Forum?

All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.

Housing & Travel Questions

What hotel accommodations are available during the Forum?

IANS provides a room block for forum events. There will be a limited number of rooms available at the discounted rate.

How can I book a hotel room?

All hotel requests must be made through the registration site.

How can I cancel my hotel reservation?

Most of our hotel venues have a 72 hour cancellation policy. You must cancel by contacting one of the IANS team members or through the online registration. If you fail to do so you will be charged for the night(s) in which you have failed to cancel.

Will I receive a hotel confirmation number?

You will receive a hotel confirmation number 2 weeks prior to the Forum.

Is parking provided?

IANS does not cover any parking.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for information security practitioners across all industries. Attendees include CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Interested in Forum Sponsorship? Learn More.

Check out IANS other upcoming events