home_banner
Vince Aimutis, Federated Mutual Insurance

Events

Join The IANS Peer Community

IANS facilitates and connects clients-to-experts and experts-to-experts. Our Faculty of industry experts provides the breadth and depth of information to guide you on your information security journey. Through a regional delivery model, our events gather all members of the security function.

*CPE credits will be awarded for attending the event.

Forums

Two-day events with keynotes, breakout sessions, technology spotlight sessions, and networking breaks.

CISO Roundtables

One-day roundtables designed exclusively for CISOs and senior level InfoSec executives to learn and share insights in a confidential setting.

Symposiums

Half-day, deep-dive explorations of technical and operational information security topics, free of vendor presence.

Webinars

Hour-long interactive discussions examining hot topics in information security.

May 23

2019 Phoenix Symposium
The Cloud Security Maturity Roadmap

Courtyard by Marriott Scottsdale Old Town

Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

Speakers:
  • Adrian Lane

    Adrian Lane

    IANS Faculty

    Adrian is the CTO of the boutique analyst firm Securosis. Adrian has practiced security for twenty years, with prior experience as the CTO of the database security company IPLocks, VP Engineering at the web commerce firm Touchpoint, CTO/CIO of CPMi (A Raymond James brokerage), and CTO of encryption & DRM firm Transactor. Adrian is known for his depth of knowledge in data security, database (RDBMS & NoSQL) security, security monitoring, assessment, and secure application development. Adrian presents at most major security conferences, and has blogged for Dark Reading and Information Week. Adrian is a Computer Science graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University. Adrian is an avid runner, mountain biker and maintain a farm in his back yard, but we suspect he is really too busy with his regular Securosis blogs, webcasts and research papers to ever leave his desk.

June 6

Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

Speakers:
  • Aaron Turner

    Aaron Turner

    IANS Faculty

    Aaron Turner is a multi-decade veteran of the InfoSec community with significant experience in the fields of identity and access management, mobile device security, embedded system vulnerabilities, IoT security and international cybersecurity risk management. Starting as an independent penetration tester in the early 1990's, he went on to work at Microsoft in the days before the company had formal security teams. During the massive worm attacks of the early 2000's, Aaron helped found many of the Microsoft Security teams, start security programs and eventually was responsible for all interactions between Microsoft and its customers' CISOs. In 2006, he was invited to participate in a new research project at the Idaho National Lab, funded by DHS, DOE and DOD, to investigate how the system vulnerabilities in commodity software and hardware impact critical infrastructure such as the national power grid, cellular communications networks and other utilities. While at INL, Aaron co-invented a contactless payment technology which he later spun-out of the INL in 2008 as a venture-backed company called RFinity, with that technology eventually licensed on to others. In 2010, Aaron founded IntegriCell to focus on cellular network vulnerability research and established a management consulting practice that delivered unique vulnerability intelligence to customers. Aaron founded Terreo in 2014 as an Internet of Things security product development company, and patented a series of inventions which captured radio frequency transmissions from IoT devices. In 2015, Verifone acquired Terreo and made Aaron the VP of Security Products R&D with a focus of applying the Terreo technologies to helping manage the risks posed by credit card skimmers. In 2017, he left Verifone and refocused his efforts on his IntegriCell research, specifically around applying Machine Learning to the massive data sets created by mobile and IoT devices. Aaron has testified before congress to help set policy for US critical infrastructure protection.

June 6

Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

Speakers:
  • Dave Kennedy

    Dave Kennedy

    IANS Faculty

    Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.

June 11

Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play.

Speakers:
  • Dave Kennedy

    Dave Kennedy

    IANS Faculty

    Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.

June 19

2019 Dallas Symposium
Building a Modern Day SOC

Dallas/Plano Marriott at Legacy Town Center

Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school SOC is quickly losing its ability to fulfill its mission. These SOCs must adapt to life in the cloud and security teams need direction on how to get it done. They must be able to differentiate between an old-world SOC and one in the cloud and make the transition without dropping balls in either world.

Speakers:
  • George Gerchow

    George Gerchow

    IANS Faculty

    As Sumo Logic's Chief Security Officer, George Gerchow brings over 20 years of information technology and systems management expertise to the application of IT processes and disciplines. His background includes the security, compliance, and cloud computing disciplines. Mr. Gerchow has years of practical experience in building agile security, compliance and, modern day Security Operation Centers in rapid development organizations. These insights make him a highly regarded speaker, and invited panelist on topics including DevSecOps, cloud secure architecture design, virtualization, compliance, configuration management, and operational security and compliance. George has been on the bleeding edge of public cloud security and privacy since being a co-founder of the VMware Center for Policy & Compliance. Mr. Gerchow is also an active Board Member for several technology start-ups and the co-author of the Center for Internet Security - Quick Start Cloud Infrastructure Benchmark v1.0.0 and the MISTI Fundamentals in Cloud Security. He is a Faculty Member for IANS (Institute for Applied Network Security) and Cloud Academy.

June 25

In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy highlights 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Kevin Johnson highlights 'How to Mature Your Application Security Program.'

Speakers:
  • Kevin Johnson

    Kevin Johnson

    IANS Faculty

    Kevin has over 15 years of experience within security working with and performing services for Fortune 100 companies and draws upon his development and system administration background. Kevin is the CEO and Principal Security Consultant with Secure Ideas. Previously, Kevin was a Senior Instructor at SANS and the author of "Security 542: Web Application Penetration Testing and ethical Hacking." Other current speaking engagements include DEFCON, ShmooCon as well as Infragard, ISSA and the University of Florida. He founded BASE (web front-end for snort analysis) as well as Samurai WTF live DVD (live environment focused on web pen testing). Two additional projects Kevin founded are Yokoso and Laudanum, which are focused on exploit delivery. In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion (Star Wars charity group).

  • Dave Kennedy

    Dave Kennedy

    IANS Faculty

    Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.

June 26

Security teams have fought hard for better application security but remain challenged on myriad fronts: They’re hungry for more step-by-step details on how to run an effective bug bounty program. They want better guidance for when it’s best to do manual or automated web app pen testing or go with a more hybrid approach. They remain stuck in a cycle of spinning up containers quickly and setting them loose without always knowing if they’ve missed cracks along the way.

Speakers:
  • Kevin Johnson

    Kevin Johnson

    IANS Faculty

    Kevin has over 15 years of experience within security working with and performing services for Fortune 100 companies and draws upon his development and system administration background. Kevin is the CEO and Principal Security Consultant with Secure Ideas. Previously, Kevin was a Senior Instructor at SANS and the author of "Security 542: Web Application Penetration Testing and ethical Hacking." Other current speaking engagements include DEFCON, ShmooCon as well as Infragard, ISSA and the University of Florida. He founded BASE (web front-end for snort analysis) as well as Samurai WTF live DVD (live environment focused on web pen testing). Two additional projects Kevin founded are Yokoso and Laudanum, which are focused on exploit delivery. In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion (Star Wars charity group).

June 27

Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

Speakers:
  • Mike Rothman

    Mike Rothman

    IANS Faculty

    Mike has been in the information security industry for over 10 years. He is currently President and Analyst at Securosis, a firm exclusively focused on information security and research analysis. He started Security Incite in 2006 to provide the "voice of reason" in what was considered an overhyped, yet underwhelming security industry. After a brief detour as SVP, Strategy and Chief Marketing Officer at eIQNetworks, Mike joined Securosis at the start of 2010 with a "rejuvenated cynicism" about security. In 2007, Mike published "The Pragmatic CSO" to introduce technically oriented security professionals to the nuances of what is required to become a senior security professional.

August 21

2019 Miami Symposium
How to Achieve Saner, More Effective Vulnerability Management

Venue Coming Soon

Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

Speakers:
  • Jake Williams

    Jake Williams

    IANS Faculty

    Jake Williams, the founder of Rendition Infosec, has almost two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Prior to founding Rendition Infosec, Williams worked with various government agencies in information security and CNO roles. He also works with SANS where he teaches and authors courses in Malware Reverse Engineering, Memory Forensics, Cyber Threat Intelligence, and Advanced Exploit Development. He is the two-time victor of the annual DC3 Forensics Challenge. He has spoken at Blackhat, DEFCON, Shmoocon, CEIC, RSA, EnFuse, and DC3 Conference (among others). His research areas include automating incident response throughout the enterprise, threat modeling and analysis, binary analysis, and malware C2. The primary focus of his work is increasing enterprise security by presenting complex topics in a way that anyone can understand.

 

Want to know more? Let us know how we can help you.

Success! Thanks for filling out our form!

* Required Fields