2020 Dallas/Houston Virtual
Information Security Forum

#IANSDallas #IANSHouston #IANSEvents

November 19, 2020
Web Conference, Dallas/Houston, TX

The Dallas/Houston Forum is designed for information security practitioners across all industries to dive deep on specific topics, share insights, and network with peers in a virtual environment. This one-day event will feature keynote speeches, IANS Faculty presentations, ‘Ask Me Anything’ topic lounges, and ‘Technology Spotlight’ sessions to engage with solution providers.

IANS Forum content spans the depth and breadth of the entire security function. Attendees include but are not limited to CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Please note: This virtual event is intended for practitioners from the Dallas and Houston metro areas. For people outside of these regions who wish to join, attendance is subject to capacity. We will inform out-of-metro registrants on the status of their registration one week in advance of the event.

 

Let your colleagues know you're coming!
Register Now
*Receive 1 CPE credit for every hour of attendance at our events.
CPE credits will be awarded for attending the event.

Agenda

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

9:00 AM - 9:30 AM

FedRAMP or Bust: Remote or Not, the Regulations Never Stop

with George Gerchow

The road to ATO is never easy, but a government shutdown and pandemic makes it nearly impossible. Our journey has not been easy, but it has been rewarding. In this keynote, IANS Faculty member George Gerchow will unpack his experience on the FedRAMP path. He’ll discuss:

  • Building a FedRAMP business case.
  • Managing the process – selecting the right CSP, level of ATO and sponsorship path.
  • The governance, policy, software and engineering changes driven by FedRAMP.
  • The cost and time allocation implications of the process.

Throughout the session, George will detail lessons learned through the FedRAMP journey, including working with a JAB vs. an agency, how to switch IDP providers (he did it twice) and how to conduct a SAR remotely.

9:30 AM - 10:15 AM

Sponsor Tabletops & Technology Spotlight Demos

Check out the Sponsors, enter to win prizes, and gather materials from their tabletops. Visit the Demo Lounge to join topic-specific Technology Spotlight Demos.

  • 9:30-9:45am- Technology Spotlight Group 1
  • 9:45-10:00am- Technology Spotlight Group 2
  • 10:00-10:15am- Technology Spotlight Group 3
john-strand

John Strand

IANS Faculty

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

10:15 AM - 11:00 AM Threats & Vulnerabilities

Application Security: Fixing the Legacy App Problem

with John Strand

Large companies – especially post-M&A – tend to ignore legacy apps in favor of implementing new technology. This results in old apps sitting on the network with vulnerabilities attackers easily exploit. This session explores how to:

  • Protect legacy apps long enough to either come up with a graceful transition or update them
  • Design a more effective, advanced and automated inventory process
  • Get a better sense for how to triage the most troublesome apps
  • Better optimize unused features in older apps before rushing to new apps

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

GRC

Managing Privacy and Risk in the Social Media Age

with Aaron Turner

Facebook, Twitter and LinkedIn aren’t going anywhere. Security teams need the latest best practices for monitoring and effectively locking down employee social media use to avoid being an easy target for attackers. This session explores:

  • Where current methods of tracking employee social media use fail and how to fix it
  • Tools and techniques to quickly find and eradicate malware injected into company networks via social media usage
  • How well (or not so well) cloud-based email systems interact with social media platforms
wolfgang-goerlich

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Security Architecture

Zero Trust Principles: Making Them Work for You

with Wolfgang Goerlich

Security teams need to understand both what zero trust principals are and how to properly implement them across the organization. This session starts with the nuts and bolts that make up zero trust, then delves into:

  • How zero trust architecture lowers the risk of common attacks, including account takeovers, insider threats, web and cloud app risks, and IoT and device compromises
  • Real-world examples of successful zero trust in action
  • Legacy tech that doesn’t play well with zero trust and what to do about it
11:05 AM - 11:50 AM

Sponsor Tabletops & Technology Spotlight Demos

Check out the Sponsors, enter to win prizes, and gather materials from their tabletops. Visit the Demo Lounge to join topic-specific Technology Spotlight Demos.

  • 11:05-11:20am- Technology Spotlight Group 1
  • 11:20-11:35am- Technology Spotlight Group 2
  • 11:35-11:50am- Technology Spotlight Group 3
john-strand

John Strand

IANS Faculty

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

11:50 AM - 12:20 PM Threats & Vulnerabilities

Ask Me Anything: Threat Landscape for T2 2020

with John Strand In this topic lounge, ask IANS Faculty member John Strand questions about threats you should be on guard for in the second half of 2020 – from ransomware attacks and state-sponsored actions against corporations and critical infrastructure, to attacks that exploit everyone’s move to remote work amid the COVID-19 pandemic.
wolfgang-goerlich

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Security Architecture

Ask Me Anything: IAM Remote Work Environment

with Wolfgang Goerlich In this topic lounge, ask IANS Faculty member Wolfgang Goerlich questions about the key necessities for securing endpoint devices, maintaining strong IAM, and using Zero Trust to the fullest as the workforce continues to operate remotely.
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Leadership

Ask Me Anything: Maintaining Security in a Pandemic and Downturn

with Dave Shackleford In this topic lounge, ask IANS Faculty member Dave Shackleford questions about your challenges around maintaining security amid the shift to remote work and the economic pressure that is forcing many companies to do more with less.
12:20 PM - 12:45 PM

Networking Lunch

dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

12:45 PM - 1:30 PM Security Architecture

Cloud Open Source Tools/Techniques: When They Work and When They Don’t

with Dave Shackleford

To use open source security architecture tools properly, security teams must first understand where they stand on the maturity curve. Tools that are useful in smaller, less mature environments, may not work for more advanced operations. This session offers step-by-step guidance to determine where your team fits, including:

  • Whether your organization is cloud native or multi-cloud
  • Gauging the right time to go forward with open source
  • Once ready, deciding which tools will be most helpful
wolfgang-goerlich

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Security Architecture

Prioritizing Privilege Access Management, Step by Step

with Wolfgang Goerlich

To secure cloud and on-premises access -- and meet compliance requirements -- privileged access management (PAM) is the tool for the job. But it’s difficult to get right. To advance in the right direction, this session will explore how to:

  • Link privileged access management to IT ops and DevOps
  • Identify the appropriate tools to use
  • Detect and stop insider threats and other threats from misusing privileged access
  • Measure and demonstrate the success of a PAM security capability

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Security Operations

Using AI/ML to Optimize SecOps

with Aaron Turner

AI/ML technology can help them make more accurate decisions, but only if security teams feed the right data into the machine. This session explains how to grab and input the right data from five primary log data sources:

  • Network (traffic flows)
  • Infrastructure (servers)
  • Database
  • Applications
  • Identity and access management (IAM)/people

From there, we explore what clean, relevant, actionable and business-driven data truly looks like.

1:30 PM - 2:15 PM

Sponsor Tabletops & Technology Spotlight Demos

Check out the Sponsors, enter to win prizes, and gather materials from their tabletops. Visit the Demo Lounge to join topic-specific Technology Spotlight Demos.

  • 1:30-1:45pm- Technology Spotlight Group 1
  • 1:45-2:00pm- Technology Spotlight Group 2
  • 2:00-2:15pm- Technology Spotlight Group 3

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

2:15 PM - 3:00 PM Security Operations

Reduce Malware False Positives and Hold Vendors More Accountable

with Aaron Turner

Endpoint tools are notorious for drowning security teams in false positives. Teams must be able to both better tune the tools and hold vendors more accountable for deficiencies in their products. This session explores:

  • Questions to ask to keep endpoint security vendors’ feet to the fire
  • How to more quickly recognize false positives
  • How to ensure the same false positives don’t crop up over and over
john-strand

John Strand

IANS Faculty

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

Threats & Vulnerabilities

Ransomware: Defense and Recovery Tactics for 2020

with John Strand

Ransomware continues to be a significant problem for many organizations, and it has shown a ferocious ability to evolve. This session explores:

  • Case studies from the news: What victims did wrong and what they did right
  • Tools and techniques to use if an initial attack is successful
  • A look at how tactics differ for small teams vs. large teams
  • How to account for ransomware attacks in your incident response plan
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

GRC

Building a Three-Year Strategic GRC Roadmap

with Dave Shackleford

Security leaders need to know which strategic areas to focus on long term and how to prevent those from being cast aside by day-to-day brush fires. What should they delegate and what are some tips to stay focused on the big picture, whether it concerns risk management or compliance? This session explores:

  • Key information security risks, how they should be determined, what projects are under way to mitigate them and what the timelines should look like
  • A governance process that ensures information security activities – including key risk indicators (KRIs), and compliance checklists – are performed with proper oversight
  • Tips to minimize risk at the outset by making better decisions

2020 Dallas/Houston Virtual Speakers

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Presentations
  • FedRAMP or Bust: Remote or Not, the Regulations Never StopAgenda9:00 AM - 9:30 AM
wolfgang-goerlich

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Presentations
  • Zero Trust Principles: Making Them Work for YouAgenda10:15 AM - 11:00 AM
  • Ask Me Anything: IAM Remote Work EnvironmentAgenda11:50 AM - 12:20 PM
  • Prioritizing Privilege Access Management, Step by StepAgenda12:45 PM - 1:30 PM
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Presentations
  • Ask Me Anything: Maintaining Security in a Pandemic and DownturnAgenda11:50 AM - 12:20 PM
  • Cloud Open Source Tools/Techniques: When They Work and When They Don’tAgenda12:45 PM - 1:30 PM
  • Building a Three-Year Strategic GRC RoadmapAgenda2:15 PM - 3:00 PM
john-strand

John Strand

IANS Faculty

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

Presentations
  • Application Security: Fixing the Legacy App ProblemAgenda10:15 AM - 11:00 AM
  • Ask Me Anything: Threat Landscape for T2 2020Agenda11:50 AM - 12:20 PM
  • Ransomware: Defense and Recovery Tactics for 2020Agenda2:15 PM - 3:00 PM

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Presentations
  • Managing Privacy and Risk in the Social Media AgeAgenda10:15 AM - 11:00 AM
  • Using AI/ML to Optimize SecOpsAgenda12:45 PM - 1:30 PM
  • Reduce Malware False Positives and Hold Vendors More AccountableAgenda2:15 PM - 3:00 PM

Web Conference

Registrants will receive a logistics email with web conference meeting information one day prior to the event.

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum officially begins on Day 1 at 7:30am and ends on Day 2 at 4:40pm.

What's the registration deadline?
You can register for and IANS event up to the day of the event.

Onsite Questions

Are the presentations available for viewing after the Forum?

All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.

Does IANS provide a Mobile App?

The IANS Information Security Forum App will be available 1 week prior to the event. To download the Mobile App go to the App Store or Google Play Store on your device and search IANS.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.

Is there free Wi-Fi onsite?

Free Wi-Fi will be provided throughout the Forum in conference areas.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please download the IANS Mobile App or follow us on Twitter.

Where do I pick up my badge and registration material?

Your badge and registration materials will be available to pick-up at the registration desk. Registration starts at 7:30am.

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers during the lunches, breaks and the networking reception at the end of day one.

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Hotel Cancellations

If you have booked a hotel room with IANS during the registration process or you have reached out to an IANS team member regarding booking a room, please note our venues have a cancellation policy of 48 hours. If you do not cancel your reservation through your online registration or in writing to IANS, you will be charged for the night(s) in which you have failed to cancel.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

Photography, Audio & Video Recording

IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Housing & Travel Questions

How can I book a hotel room?

All hotel requests must be made through the registration site.

How can I cancel my hotel reservation?

Most of our hotel venues have a 72 hour cancellation policy. You must cancel by contacting one of the IANS team members or through the online registration. If you fail to do so you will be charged for the night(s) in which you have failed to cancel.

Is parking provided?

IANS does not cover any parking.

What hotel accommodations are available during the Forum?

IANS provides a room block for forum events. There will be a limited number of rooms available at the discounted rate.

Will I receive a hotel confirmation number?

You will receive a hotel confirmation number 2 weeks prior to the Forum.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for information security practitioners across all industries. Attendees include CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Interested in Forum Sponsorship? Learn More.

Check out IANS other upcoming events