• 2019 Seattle Symposium Cloud Security Maturity

    , Seattle

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Portland Symposium Cloud Security Maturity

    , Portland

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 New York Symposium IAM Strategies that Work

    , New York

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Washington DC Symposium Cloud Security Maturity

    , Washington

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Minneapolis Symposium IAM Strategies that Work

    , Minneapolis

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Denver Symposium Cloud Security Maturity

    , Denver

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 San Francisco Symposium How to Mature Your Application Security Program

    , San Francisco

    Fortune 1000 companies face myriad challenges when it comes to application security. They don't know how to run an effective bug bounty program. They don't know whether to do manual or automated web app pen testing or go with a more hybrid approach. And they spin up containers quickly, setting them loose with no security due diligence.

  • 2019 Nashville Symposium Cloud Security Maturity

    , Nashville

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Symposium Deception

    , Atlanta

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Charlotte Symposium Cloud Security Maturity

    , Charlotte

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Los Angeles Symposium Deception

    , Santa Monica

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Chicago Symposium Deception

    , Chicago

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Philadelphia Symposium Vulnerability Management

    , Philadelphia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Boston Symposium IAM Strategies that Work

    , Boston

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Columbus Symposium Deception

    , Columbus

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Milwaukee Symposium Cloud Security Maturity

    , Milwaukee

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Super Symposium Building a Modern Day SOC and IAM Strategies that Work

    , Atlanta

    This super symposium will bring together security practitioners for a dual-track seminar on “Building a Modern Day SOC” with George Gerchow and “IAM Strategies that Work: Vendor-Agnostic 'How-To' Guidance” with Aaron Turner. Choose one of the tracks to attend.

  • 2019 Austin Symposium Purple Teaming

    , Austin

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Charlotte Symposium Vulnerability Management

    , Charlotte

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Phoenix Symposium The Cloud Security Maturity Roadmap

    , Phoenix

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Orlando Symposium IAM Strategies that Work

    , Orlando

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Chicago Symposium Purple Teaming

    , Chicago

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Palo Alto Symposium Threat Hunting

    , Sunnyvale

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Dallas Symposium Building a Modern Day SOC

    , Plano

    Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school SOC is quickly losing its ability to fulfill its mission. These SOCs must adapt to life in the cloud and security teams need direction on how to get it done. They must be able to differentiate between an old-world SOC and one in the cloud and make the transition without dropping balls in either world.

  • 2019 Boston Super Symposium Vulnerability Management & Application Security

    , Boston

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy highlights 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Kevin Johnson highlights 'How to Mature Your Application Security Program.'

  • 2019 Philadelphia Symposium How to Mature Your Application Security Program

    , Philadelphia

    Security teams have fought hard for better application security but remain challenged on myriad fronts: They’re hungry for more step-by-step details on how to run an effective bug bounty program. They want better guidance for when it’s best to do manual or automated web app pen testing or go with a more hybrid approach. They remain stuck in a cycle of spinning up containers quickly and setting them loose without always knowing if they’ve missed cracks along the way.

  • 2019 Toronto Symposium Cloud Security Maturity

    , Toronto

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 August Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 Washington DC Symposium Vulnerability Management

    , Washington, DC

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Miami Symposium Vulnerability Management

    , Miami

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Nashville Symposium Vulnerability Management

    , Nashville

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Rochester Symposium Advancing Cloud Security: A Roadmap

    , Rochester

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Denver Symposium Vulnerability Management

    , Denver

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 New York Super Symposium Vulnerability Management & Cloud SOC

    , New York

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with George Gerchow will focus on 'Monitoring, Detection and Response in the Cloud.'

  • 2019 Minneapolis Super Symposium Vulnerability Management & Cloud Security Roadmap

    , Minneapolis

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Mike Rothman will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2019 Los Angeles Symposium Advancing Cloud Security: A Roadmap

    , Los Angeles

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Dallas Symposium Vulnerability Management

    , Dallas

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Detroit Symposium Vulnerability Management

    , Livonia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 October Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Seattle Symposium How to Implement Zero Trust in Your Organization

    , Seattle

    Zero Trust has become a vendor buzzword, but security organizations have much to learn about what it is and how to apply it in their specialized environments.

  • 2019 San Diego Symposium Monitoring, Detection and Response in the Cloud

    , San Diego

    Many security operations teams remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school methods of monitoring, detection and response must change.

  • 2019 Cincinnati Symposium Advancing Cloud Security: A Roadmap

    , Cincinnati

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Toronto Super Symposium Vulnerability Management & DevSecOps

    , Toronto

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Shannon Lietz will focus on 'DevSecOps and AppSec: How to Better Align to the Hierarchy of Needs.'

  • 2019 December Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2020 January 21 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Atlanta Symposium Zero Trust

    , Atlanta

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January 28 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 January 30 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Washington, DC Symposium Zero Trust

    , Washington

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Chicago Symposium Zero Trust

    , Chicago

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Columbus Symposium MITRE

    , Columbus

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Phoenix Symposium AI/ML

    , Phoenix

    AI/ML technology can help security teams make more accurate decisions, but it only works when you feed the right data into the machine.

  • 2020 Charlotte Symposium Zero Trust

    , Charlotte

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Seattle Symposium Building an Advanced Privacy Program

    , Seattle

    Existing and forecasted data privacy/protection legislation is taxing the current privacy model inside large organizations. Security teams need step-by-step guidance to keep up.

  • 2020 Boston Symposium Advancing Cloud Security

    , Boston

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Symposium Zero Trust

    , New York

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Los Angeles LA Symposium IAM

    , Los Angeles

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Open Source

    , San Diego

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Philadelphia Symposium IAM

    , Philadelphia

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Portland Symposium IAM

    , Portland

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 April 16 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Denver Symposium Open Source Tools

    , Denver

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Milwaukee Symposium IAM

    , Milwaukee

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Orlando Symposium Zero Trust

    , Orlando

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 May 19 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Atlanta Symposium Advancing Cloud Security

    , Atlanta

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 May 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 San Francisco Virtual Symposium DevSecOps and AppSec

    , San Francisco

    In application security, a common failure point is when security teams neglect to consider the Security Hierarchy of Needs: Authentication, Asset Management, Encryption, Logging and Zoning/Containment. Together, they cover 80 percent of an organization’s security program.

  • 2020 Rochester Virtual Symposium MITRE

    , Rochester

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Cleveland Symposium Advancing Cloud Security

    , Cleveland

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Minneapolis Symposium Zero Trust

    , Minneapolis

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 June 3 Virtual Symposium Injecting Business Acumen

    , Virtual

    Security practitioners struggle to frame security needs around the core values and functions of the business. This symposium will help attendees overcome that struggle.

  • 2020 Boston Virtual Super Symposium MITRE and Zero Trust

    , Boston

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'Effectively Leveraging MITRE ATT&CK.' Track 2 with Jake Williams will focus on 'Zero Trust Principles in Action.'

  • 2020 Dallas Symposium Open Source Tools

    , Dallas

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Chicago Virtual Symposium MITRE

    , Chicago

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Philadelphia Symposium Advancing Cloud Security

    , Philadelphia

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Virtual Super Symposium DevSecOps and Advancing Cloud

    , New York

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca will focus on 'Security Learns to Sprint: DevSecOps.' Track 2 with Rich Mogull will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2020 Toronto Symposium Zero Trust

    , Toronto

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 July 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington DC Virtual Symposium IAM

    , Washington

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 July 30 Virtual Symposium DevSecOps

    This talk will argue that DevOps could be the best thing to happen to application security since OWASP -- if developers and operations teams are enabled to make security a part of their everyday work.

  • 2020 Los Angeles Virtual Symposium MITRE

    , Los Angeles

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Boston Symposium DevSecOps

    , Boston

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 Atlanta Virtual Symposium MITRE

    , Atlanta

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Faculty Consulting Briefing: O365

    Microsoft Office 365 is fast becoming one of the top attack vectors used against organizations due to its large and complex external attack surface and integration with organizations’ internal environments. While Microsoft is rapidly releasing new functionality and security controls, security teams are still struggling to ensure they are properly configured for security, audit, and governance capabilities and deficiencies.

  • 2020 Nashville Symposium Advancing Cloud Security

    , Nashville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Jacksonville Symposium Advancing Cloud Security

    , Jacksonville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 September 9 Virtual Symposium IAM

    , Web Conference

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Advancing Cloud Security

    , San Diego

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 San Francisco Symposium Zero Trust

    , San Francisco

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Cincinnati Symposium Zero Trust

    , Cincinnati

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Charlotte Symposium Advancing Cloud Security

    , Charlotte

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Milwaukee Symposium DevSecOps

    , Milwaukee

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 October 22 Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink.

  • 2020 Denver Virtual Symposium InfoSec Program Roadmap

    , Denver

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Minneapolis Virtual Super Symposium DevSecOps and Open Source Tools/Techniques

    , Minneapolis

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Rich Mogull is titled "Open Source Tools/Techniques for Cloud and SecOps."

  • 2020 Nov 17 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Cleveland Virtual Symposium Zero Trust

    , Cleveland

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington, DC Virtual Symposium MITRE

    , Washington

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Los Angeles Virtual Symposium Reducing Security's Cost Responsibilities

    , Los Angeles

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Toronto Virtual Super Symposium DevSecOps and Security Upgrades

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Dave Kennedy is titled "Network Security Upgrades to Make While Everyone Works Remotely."

  • 2020 New York Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 8 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 9 Virtual Symposium Zero Trust

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Philadelphia Virtual Symposium InfoSec Program Roadmap

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Dec 10 Virtual Symposium Open Source Tools

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Seattle Symposium Open Source Tools

    , Seattle

    Interest in open source tools to use across security domains in a broader, more cost-effective manner has increased as companies struggle to maintain security programs amid an economic downturn. But before diving in, they must understand how these tools would work in their environment.

  • 2021 Q1 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting compliance assessment and enforcement procedures is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q2 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q2 Symposium: IAM: Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q2 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q3 Symposium: Finding/Fixing Vulnerabilities in the Healthcare Sector

    Attacks against hospitals and companies in the medical space have skyrocketed during the pandemic. As bad actors target long-standing vulnerabilities in these organizations, security teams seek guidance to close those security holes. This virtual symposium will outline ways to find and fix them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q3 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q4 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Grow Your Future CISO

    When a CISO is ready to move on, companies often lack a smooth process for putting a new one in place. This symposium is about building a succession process to ensure your security team doesn’t miss a beat during transition periods.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2019 Seattle Symposium Cloud Security Maturity

    , Seattle

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Portland Symposium Cloud Security Maturity

    , Portland

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 New York Symposium IAM Strategies that Work

    , New York

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Washington DC Symposium Cloud Security Maturity

    , Washington

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Minneapolis Symposium IAM Strategies that Work

    , Minneapolis

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Denver Symposium Cloud Security Maturity

    , Denver

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 San Francisco Symposium How to Mature Your Application Security Program

    , San Francisco

    Fortune 1000 companies face myriad challenges when it comes to application security. They don't know how to run an effective bug bounty program. They don't know whether to do manual or automated web app pen testing or go with a more hybrid approach. And they spin up containers quickly, setting them loose with no security due diligence.

  • 2019 Nashville Symposium Cloud Security Maturity

    , Nashville

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Symposium Deception

    , Atlanta

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Charlotte Symposium Cloud Security Maturity

    , Charlotte

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Los Angeles Symposium Deception

    , Santa Monica

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Chicago Symposium Deception

    , Chicago

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Philadelphia Symposium Vulnerability Management

    , Philadelphia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Boston Symposium IAM Strategies that Work

    , Boston

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Columbus Symposium Deception

    , Columbus

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Milwaukee Symposium Cloud Security Maturity

    , Milwaukee

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Super Symposium Building a Modern Day SOC and IAM Strategies that Work

    , Atlanta

    This super symposium will bring together security practitioners for a dual-track seminar on “Building a Modern Day SOC” with George Gerchow and “IAM Strategies that Work: Vendor-Agnostic 'How-To' Guidance” with Aaron Turner. Choose one of the tracks to attend.

  • 2019 Austin Symposium Purple Teaming

    , Austin

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Charlotte Symposium Vulnerability Management

    , Charlotte

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Phoenix Symposium The Cloud Security Maturity Roadmap

    , Phoenix

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Orlando Symposium IAM Strategies that Work

    , Orlando

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Chicago Symposium Purple Teaming

    , Chicago

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Palo Alto Symposium Threat Hunting

    , Sunnyvale

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Dallas Symposium Building a Modern Day SOC

    , Plano

    Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school SOC is quickly losing its ability to fulfill its mission. These SOCs must adapt to life in the cloud and security teams need direction on how to get it done. They must be able to differentiate between an old-world SOC and one in the cloud and make the transition without dropping balls in either world.

  • 2019 Boston Super Symposium Vulnerability Management & Application Security

    , Boston

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy highlights 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Kevin Johnson highlights 'How to Mature Your Application Security Program.'

  • 2019 Philadelphia Symposium How to Mature Your Application Security Program

    , Philadelphia

    Security teams have fought hard for better application security but remain challenged on myriad fronts: They’re hungry for more step-by-step details on how to run an effective bug bounty program. They want better guidance for when it’s best to do manual or automated web app pen testing or go with a more hybrid approach. They remain stuck in a cycle of spinning up containers quickly and setting them loose without always knowing if they’ve missed cracks along the way.

  • 2019 Toronto Symposium Cloud Security Maturity

    , Toronto

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 August Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 Washington DC Symposium Vulnerability Management

    , Washington, DC

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Miami Symposium Vulnerability Management

    , Miami

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Nashville Symposium Vulnerability Management

    , Nashville

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Rochester Symposium Advancing Cloud Security: A Roadmap

    , Rochester

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Denver Symposium Vulnerability Management

    , Denver

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 New York Super Symposium Vulnerability Management & Cloud SOC

    , New York

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with George Gerchow will focus on 'Monitoring, Detection and Response in the Cloud.'

  • 2019 Minneapolis Super Symposium Vulnerability Management & Cloud Security Roadmap

    , Minneapolis

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Mike Rothman will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2019 Los Angeles Symposium Advancing Cloud Security: A Roadmap

    , Los Angeles

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Dallas Symposium Vulnerability Management

    , Dallas

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Detroit Symposium Vulnerability Management

    , Livonia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 October Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Seattle Symposium How to Implement Zero Trust in Your Organization

    , Seattle

    Zero Trust has become a vendor buzzword, but security organizations have much to learn about what it is and how to apply it in their specialized environments.

  • 2019 San Diego Symposium Monitoring, Detection and Response in the Cloud

    , San Diego

    Many security operations teams remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school methods of monitoring, detection and response must change.

  • 2019 Cincinnati Symposium Advancing Cloud Security: A Roadmap

    , Cincinnati

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Toronto Super Symposium Vulnerability Management & DevSecOps

    , Toronto

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Shannon Lietz will focus on 'DevSecOps and AppSec: How to Better Align to the Hierarchy of Needs.'

  • 2019 December Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2020 January 21 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Atlanta Symposium Zero Trust

    , Atlanta

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January 28 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 January 30 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Washington, DC Symposium Zero Trust

    , Washington

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Chicago Symposium Zero Trust

    , Chicago

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Columbus Symposium MITRE

    , Columbus

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Phoenix Symposium AI/ML

    , Phoenix

    AI/ML technology can help security teams make more accurate decisions, but it only works when you feed the right data into the machine.

  • 2020 Charlotte Symposium Zero Trust

    , Charlotte

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Seattle Symposium Building an Advanced Privacy Program

    , Seattle

    Existing and forecasted data privacy/protection legislation is taxing the current privacy model inside large organizations. Security teams need step-by-step guidance to keep up.

  • 2020 Boston Symposium Advancing Cloud Security

    , Boston

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Symposium Zero Trust

    , New York

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Los Angeles LA Symposium IAM

    , Los Angeles

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Open Source

    , San Diego

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Philadelphia Symposium IAM

    , Philadelphia

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Portland Symposium IAM

    , Portland

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 April 16 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Denver Symposium Open Source Tools

    , Denver

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Milwaukee Symposium IAM

    , Milwaukee

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Orlando Symposium Zero Trust

    , Orlando

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 May 19 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Atlanta Symposium Advancing Cloud Security

    , Atlanta

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 May 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 San Francisco Virtual Symposium DevSecOps and AppSec

    , San Francisco

    In application security, a common failure point is when security teams neglect to consider the Security Hierarchy of Needs: Authentication, Asset Management, Encryption, Logging and Zoning/Containment. Together, they cover 80 percent of an organization’s security program.

  • 2020 Rochester Virtual Symposium MITRE

    , Rochester

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Cleveland Symposium Advancing Cloud Security

    , Cleveland

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Minneapolis Symposium Zero Trust

    , Minneapolis

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 June 3 Virtual Symposium Injecting Business Acumen

    , Virtual

    Security practitioners struggle to frame security needs around the core values and functions of the business. This symposium will help attendees overcome that struggle.

  • 2020 Boston Virtual Super Symposium MITRE and Zero Trust

    , Boston

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'Effectively Leveraging MITRE ATT&CK.' Track 2 with Jake Williams will focus on 'Zero Trust Principles in Action.'

  • 2020 Dallas Symposium Open Source Tools

    , Dallas

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Chicago Virtual Symposium MITRE

    , Chicago

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Philadelphia Symposium Advancing Cloud Security

    , Philadelphia

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Virtual Super Symposium DevSecOps and Advancing Cloud

    , New York

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca will focus on 'Security Learns to Sprint: DevSecOps.' Track 2 with Rich Mogull will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2020 Toronto Symposium Zero Trust

    , Toronto

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 July 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington DC Virtual Symposium IAM

    , Washington

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 July 30 Virtual Symposium DevSecOps

    This talk will argue that DevOps could be the best thing to happen to application security since OWASP -- if developers and operations teams are enabled to make security a part of their everyday work.

  • 2020 Los Angeles Virtual Symposium MITRE

    , Los Angeles

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Boston Symposium DevSecOps

    , Boston

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 Atlanta Virtual Symposium MITRE

    , Atlanta

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Faculty Consulting Briefing: O365

    Microsoft Office 365 is fast becoming one of the top attack vectors used against organizations due to its large and complex external attack surface and integration with organizations’ internal environments. While Microsoft is rapidly releasing new functionality and security controls, security teams are still struggling to ensure they are properly configured for security, audit, and governance capabilities and deficiencies.

  • 2020 Nashville Symposium Advancing Cloud Security

    , Nashville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Jacksonville Symposium Advancing Cloud Security

    , Jacksonville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 September 9 Virtual Symposium IAM

    , Web Conference

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Advancing Cloud Security

    , San Diego

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 San Francisco Symposium Zero Trust

    , San Francisco

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Cincinnati Symposium Zero Trust

    , Cincinnati

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Charlotte Symposium Advancing Cloud Security

    , Charlotte

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Milwaukee Symposium DevSecOps

    , Milwaukee

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 October 22 Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink.

  • 2020 Denver Virtual Symposium InfoSec Program Roadmap

    , Denver

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Minneapolis Virtual Super Symposium DevSecOps and Open Source Tools/Techniques

    , Minneapolis

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Rich Mogull is titled "Open Source Tools/Techniques for Cloud and SecOps."

  • 2020 Nov 17 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Cleveland Virtual Symposium Zero Trust

    , Cleveland

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington, DC Virtual Symposium MITRE

    , Washington

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Los Angeles Virtual Symposium Reducing Security's Cost Responsibilities

    , Los Angeles

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Toronto Virtual Super Symposium DevSecOps and Security Upgrades

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Dave Kennedy is titled "Network Security Upgrades to Make While Everyone Works Remotely."

  • 2020 New York Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 8 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 9 Virtual Symposium Zero Trust

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Philadelphia Virtual Symposium InfoSec Program Roadmap

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Dec 10 Virtual Symposium Open Source Tools

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Seattle Symposium Open Source Tools

    , Seattle

    Interest in open source tools to use across security domains in a broader, more cost-effective manner has increased as companies struggle to maintain security programs amid an economic downturn. But before diving in, they must understand how these tools would work in their environment.

  • 2021 Q1 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting compliance assessment and enforcement procedures is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q2 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q2 Symposium: IAM: Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q2 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q3 Symposium: Finding/Fixing Vulnerabilities in the Healthcare Sector

    Attacks against hospitals and companies in the medical space have skyrocketed during the pandemic. As bad actors target long-standing vulnerabilities in these organizations, security teams seek guidance to close those security holes. This virtual symposium will outline ways to find and fix them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q3 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q4 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Grow Your Future CISO

    When a CISO is ready to move on, companies often lack a smooth process for putting a new one in place. This symposium is about building a succession process to ensure your security team doesn’t miss a beat during transition periods.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2019 Seattle Symposium Cloud Security Maturity

    , Seattle

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Portland Symposium Cloud Security Maturity

    , Portland

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 New York Symposium IAM Strategies that Work

    , New York

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Washington DC Symposium Cloud Security Maturity

    , Washington

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Minneapolis Symposium IAM Strategies that Work

    , Minneapolis

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Denver Symposium Cloud Security Maturity

    , Denver

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 San Francisco Symposium How to Mature Your Application Security Program

    , San Francisco

    Fortune 1000 companies face myriad challenges when it comes to application security. They don't know how to run an effective bug bounty program. They don't know whether to do manual or automated web app pen testing or go with a more hybrid approach. And they spin up containers quickly, setting them loose with no security due diligence.

  • 2019 Nashville Symposium Cloud Security Maturity

    , Nashville

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Symposium Deception

    , Atlanta

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Charlotte Symposium Cloud Security Maturity

    , Charlotte

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Los Angeles Symposium Deception

    , Santa Monica

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Chicago Symposium Deception

    , Chicago

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Philadelphia Symposium Vulnerability Management

    , Philadelphia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Boston Symposium IAM Strategies that Work

    , Boston

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Columbus Symposium Deception

    , Columbus

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Milwaukee Symposium Cloud Security Maturity

    , Milwaukee

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Super Symposium Building a Modern Day SOC and IAM Strategies that Work

    , Atlanta

    This super symposium will bring together security practitioners for a dual-track seminar on “Building a Modern Day SOC” with George Gerchow and “IAM Strategies that Work: Vendor-Agnostic 'How-To' Guidance” with Aaron Turner. Choose one of the tracks to attend.

  • 2019 Austin Symposium Purple Teaming

    , Austin

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Charlotte Symposium Vulnerability Management

    , Charlotte

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Phoenix Symposium The Cloud Security Maturity Roadmap

    , Phoenix

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Orlando Symposium IAM Strategies that Work

    , Orlando

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Chicago Symposium Purple Teaming

    , Chicago

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Palo Alto Symposium Threat Hunting

    , Sunnyvale

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Dallas Symposium Building a Modern Day SOC

    , Plano

    Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school SOC is quickly losing its ability to fulfill its mission. These SOCs must adapt to life in the cloud and security teams need direction on how to get it done. They must be able to differentiate between an old-world SOC and one in the cloud and make the transition without dropping balls in either world.

  • 2019 Boston Super Symposium Vulnerability Management & Application Security

    , Boston

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy highlights 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Kevin Johnson highlights 'How to Mature Your Application Security Program.'

  • 2019 Philadelphia Symposium How to Mature Your Application Security Program

    , Philadelphia

    Security teams have fought hard for better application security but remain challenged on myriad fronts: They’re hungry for more step-by-step details on how to run an effective bug bounty program. They want better guidance for when it’s best to do manual or automated web app pen testing or go with a more hybrid approach. They remain stuck in a cycle of spinning up containers quickly and setting them loose without always knowing if they’ve missed cracks along the way.

  • 2019 Toronto Symposium Cloud Security Maturity

    , Toronto

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 August Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 Washington DC Symposium Vulnerability Management

    , Washington, DC

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Miami Symposium Vulnerability Management

    , Miami

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Nashville Symposium Vulnerability Management

    , Nashville

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Rochester Symposium Advancing Cloud Security: A Roadmap

    , Rochester

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Denver Symposium Vulnerability Management

    , Denver

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 New York Super Symposium Vulnerability Management & Cloud SOC

    , New York

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with George Gerchow will focus on 'Monitoring, Detection and Response in the Cloud.'

  • 2019 Minneapolis Super Symposium Vulnerability Management & Cloud Security Roadmap

    , Minneapolis

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Mike Rothman will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2019 Los Angeles Symposium Advancing Cloud Security: A Roadmap

    , Los Angeles

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Dallas Symposium Vulnerability Management

    , Dallas

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Detroit Symposium Vulnerability Management

    , Livonia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 October Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Seattle Symposium How to Implement Zero Trust in Your Organization

    , Seattle

    Zero Trust has become a vendor buzzword, but security organizations have much to learn about what it is and how to apply it in their specialized environments.

  • 2019 San Diego Symposium Monitoring, Detection and Response in the Cloud

    , San Diego

    Many security operations teams remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school methods of monitoring, detection and response must change.

  • 2019 Cincinnati Symposium Advancing Cloud Security: A Roadmap

    , Cincinnati

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Toronto Super Symposium Vulnerability Management & DevSecOps

    , Toronto

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Shannon Lietz will focus on 'DevSecOps and AppSec: How to Better Align to the Hierarchy of Needs.'

  • 2019 December Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2020 January 21 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Atlanta Symposium Zero Trust

    , Atlanta

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January 28 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 January 30 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Washington, DC Symposium Zero Trust

    , Washington

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Chicago Symposium Zero Trust

    , Chicago

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Columbus Symposium MITRE

    , Columbus

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Phoenix Symposium AI/ML

    , Phoenix

    AI/ML technology can help security teams make more accurate decisions, but it only works when you feed the right data into the machine.

  • 2020 Charlotte Symposium Zero Trust

    , Charlotte

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Seattle Symposium Building an Advanced Privacy Program

    , Seattle

    Existing and forecasted data privacy/protection legislation is taxing the current privacy model inside large organizations. Security teams need step-by-step guidance to keep up.

  • 2020 Boston Symposium Advancing Cloud Security

    , Boston

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Symposium Zero Trust

    , New York

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Los Angeles LA Symposium IAM

    , Los Angeles

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Open Source

    , San Diego

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Philadelphia Symposium IAM

    , Philadelphia

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Portland Symposium IAM

    , Portland

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 April 16 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Denver Symposium Open Source Tools

    , Denver

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Milwaukee Symposium IAM

    , Milwaukee

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Orlando Symposium Zero Trust

    , Orlando

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 May 19 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Atlanta Symposium Advancing Cloud Security

    , Atlanta

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 May 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 San Francisco Virtual Symposium DevSecOps and AppSec

    , San Francisco

    In application security, a common failure point is when security teams neglect to consider the Security Hierarchy of Needs: Authentication, Asset Management, Encryption, Logging and Zoning/Containment. Together, they cover 80 percent of an organization’s security program.

  • 2020 Rochester Virtual Symposium MITRE

    , Rochester

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Cleveland Symposium Advancing Cloud Security

    , Cleveland

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Minneapolis Symposium Zero Trust

    , Minneapolis

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 June 3 Virtual Symposium Injecting Business Acumen

    , Virtual

    Security practitioners struggle to frame security needs around the core values and functions of the business. This symposium will help attendees overcome that struggle.

  • 2020 Boston Virtual Super Symposium MITRE and Zero Trust

    , Boston

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'Effectively Leveraging MITRE ATT&CK.' Track 2 with Jake Williams will focus on 'Zero Trust Principles in Action.'

  • 2020 Dallas Symposium Open Source Tools

    , Dallas

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Chicago Virtual Symposium MITRE

    , Chicago

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Philadelphia Symposium Advancing Cloud Security

    , Philadelphia

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Virtual Super Symposium DevSecOps and Advancing Cloud

    , New York

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca will focus on 'Security Learns to Sprint: DevSecOps.' Track 2 with Rich Mogull will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2020 Toronto Symposium Zero Trust

    , Toronto

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 July 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington DC Virtual Symposium IAM

    , Washington

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 July 30 Virtual Symposium DevSecOps

    This talk will argue that DevOps could be the best thing to happen to application security since OWASP -- if developers and operations teams are enabled to make security a part of their everyday work.

  • 2020 Los Angeles Virtual Symposium MITRE

    , Los Angeles

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Boston Symposium DevSecOps

    , Boston

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 Atlanta Virtual Symposium MITRE

    , Atlanta

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Faculty Consulting Briefing: O365

    Microsoft Office 365 is fast becoming one of the top attack vectors used against organizations due to its large and complex external attack surface and integration with organizations’ internal environments. While Microsoft is rapidly releasing new functionality and security controls, security teams are still struggling to ensure they are properly configured for security, audit, and governance capabilities and deficiencies.

  • 2020 Nashville Symposium Advancing Cloud Security

    , Nashville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Jacksonville Symposium Advancing Cloud Security

    , Jacksonville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 September 9 Virtual Symposium IAM

    , Web Conference

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Advancing Cloud Security

    , San Diego

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 San Francisco Symposium Zero Trust

    , San Francisco

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Cincinnati Symposium Zero Trust

    , Cincinnati

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Charlotte Symposium Advancing Cloud Security

    , Charlotte

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Milwaukee Symposium DevSecOps

    , Milwaukee

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 October 22 Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink.

  • 2020 Denver Virtual Symposium InfoSec Program Roadmap

    , Denver

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Minneapolis Virtual Super Symposium DevSecOps and Open Source Tools/Techniques

    , Minneapolis

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Rich Mogull is titled "Open Source Tools/Techniques for Cloud and SecOps."

  • 2020 Nov 17 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Cleveland Virtual Symposium Zero Trust

    , Cleveland

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington, DC Virtual Symposium MITRE

    , Washington

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Los Angeles Virtual Symposium Reducing Security's Cost Responsibilities

    , Los Angeles

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Toronto Virtual Super Symposium DevSecOps and Security Upgrades

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Dave Kennedy is titled "Network Security Upgrades to Make While Everyone Works Remotely."

  • 2020 New York Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 8 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 9 Virtual Symposium Zero Trust

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Philadelphia Virtual Symposium InfoSec Program Roadmap

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Dec 10 Virtual Symposium Open Source Tools

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Seattle Symposium Open Source Tools

    , Seattle

    Interest in open source tools to use across security domains in a broader, more cost-effective manner has increased as companies struggle to maintain security programs amid an economic downturn. But before diving in, they must understand how these tools would work in their environment.

  • 2021 Q1 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting compliance assessment and enforcement procedures is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q2 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q2 Symposium: IAM: Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q2 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q3 Symposium: Finding/Fixing Vulnerabilities in the Healthcare Sector

    Attacks against hospitals and companies in the medical space have skyrocketed during the pandemic. As bad actors target long-standing vulnerabilities in these organizations, security teams seek guidance to close those security holes. This virtual symposium will outline ways to find and fix them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q3 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q4 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Grow Your Future CISO

    When a CISO is ready to move on, companies often lack a smooth process for putting a new one in place. This symposium is about building a succession process to ensure your security team doesn’t miss a beat during transition periods.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2019 Seattle Symposium Cloud Security Maturity

    , Seattle

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Portland Symposium Cloud Security Maturity

    , Portland

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 New York Symposium IAM Strategies that Work

    , New York

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Washington DC Symposium Cloud Security Maturity

    , Washington

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Minneapolis Symposium IAM Strategies that Work

    , Minneapolis

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Denver Symposium Cloud Security Maturity

    , Denver

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 San Francisco Symposium How to Mature Your Application Security Program

    , San Francisco

    Fortune 1000 companies face myriad challenges when it comes to application security. They don't know how to run an effective bug bounty program. They don't know whether to do manual or automated web app pen testing or go with a more hybrid approach. And they spin up containers quickly, setting them loose with no security due diligence.

  • 2019 Nashville Symposium Cloud Security Maturity

    , Nashville

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Symposium Deception

    , Atlanta

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Charlotte Symposium Cloud Security Maturity

    , Charlotte

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Los Angeles Symposium Deception

    , Santa Monica

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Chicago Symposium Deception

    , Chicago

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Philadelphia Symposium Vulnerability Management

    , Philadelphia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Boston Symposium IAM Strategies that Work

    , Boston

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Columbus Symposium Deception

    , Columbus

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Milwaukee Symposium Cloud Security Maturity

    , Milwaukee

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Super Symposium Building a Modern Day SOC and IAM Strategies that Work

    , Atlanta

    This super symposium will bring together security practitioners for a dual-track seminar on “Building a Modern Day SOC” with George Gerchow and “IAM Strategies that Work: Vendor-Agnostic 'How-To' Guidance” with Aaron Turner. Choose one of the tracks to attend.

  • 2019 Austin Symposium Purple Teaming

    , Austin

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Charlotte Symposium Vulnerability Management

    , Charlotte

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Phoenix Symposium The Cloud Security Maturity Roadmap

    , Phoenix

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Orlando Symposium IAM Strategies that Work

    , Orlando

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Chicago Symposium Purple Teaming

    , Chicago

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Palo Alto Symposium Threat Hunting

    , Sunnyvale

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Dallas Symposium Building a Modern Day SOC

    , Plano

    Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school SOC is quickly losing its ability to fulfill its mission. These SOCs must adapt to life in the cloud and security teams need direction on how to get it done. They must be able to differentiate between an old-world SOC and one in the cloud and make the transition without dropping balls in either world.

  • 2019 Boston Super Symposium Vulnerability Management & Application Security

    , Boston

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy highlights 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Kevin Johnson highlights 'How to Mature Your Application Security Program.'

  • 2019 Philadelphia Symposium How to Mature Your Application Security Program

    , Philadelphia

    Security teams have fought hard for better application security but remain challenged on myriad fronts: They’re hungry for more step-by-step details on how to run an effective bug bounty program. They want better guidance for when it’s best to do manual or automated web app pen testing or go with a more hybrid approach. They remain stuck in a cycle of spinning up containers quickly and setting them loose without always knowing if they’ve missed cracks along the way.

  • 2019 Toronto Symposium Cloud Security Maturity

    , Toronto

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 August Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 Washington DC Symposium Vulnerability Management

    , Washington, DC

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Miami Symposium Vulnerability Management

    , Miami

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Nashville Symposium Vulnerability Management

    , Nashville

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Rochester Symposium Advancing Cloud Security: A Roadmap

    , Rochester

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Denver Symposium Vulnerability Management

    , Denver

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 New York Super Symposium Vulnerability Management & Cloud SOC

    , New York

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with George Gerchow will focus on 'Monitoring, Detection and Response in the Cloud.'

  • 2019 Minneapolis Super Symposium Vulnerability Management & Cloud Security Roadmap

    , Minneapolis

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Mike Rothman will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2019 Los Angeles Symposium Advancing Cloud Security: A Roadmap

    , Los Angeles

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Dallas Symposium Vulnerability Management

    , Dallas

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Detroit Symposium Vulnerability Management

    , Livonia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 October Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Seattle Symposium How to Implement Zero Trust in Your Organization

    , Seattle

    Zero Trust has become a vendor buzzword, but security organizations have much to learn about what it is and how to apply it in their specialized environments.

  • 2019 San Diego Symposium Monitoring, Detection and Response in the Cloud

    , San Diego

    Many security operations teams remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school methods of monitoring, detection and response must change.

  • 2019 Cincinnati Symposium Advancing Cloud Security: A Roadmap

    , Cincinnati

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Toronto Super Symposium Vulnerability Management & DevSecOps

    , Toronto

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Shannon Lietz will focus on 'DevSecOps and AppSec: How to Better Align to the Hierarchy of Needs.'

  • 2019 December Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2020 January 21 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Atlanta Symposium Zero Trust

    , Atlanta

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January 28 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 January 30 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Washington, DC Symposium Zero Trust

    , Washington

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Chicago Symposium Zero Trust

    , Chicago

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Columbus Symposium MITRE

    , Columbus

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Phoenix Symposium AI/ML

    , Phoenix

    AI/ML technology can help security teams make more accurate decisions, but it only works when you feed the right data into the machine.

  • 2020 Charlotte Symposium Zero Trust

    , Charlotte

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Seattle Symposium Building an Advanced Privacy Program

    , Seattle

    Existing and forecasted data privacy/protection legislation is taxing the current privacy model inside large organizations. Security teams need step-by-step guidance to keep up.

  • 2020 Boston Symposium Advancing Cloud Security

    , Boston

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Symposium Zero Trust

    , New York

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Los Angeles LA Symposium IAM

    , Los Angeles

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Open Source

    , San Diego

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Philadelphia Symposium IAM

    , Philadelphia

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Portland Symposium IAM

    , Portland

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 April 16 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Denver Symposium Open Source Tools

    , Denver

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Milwaukee Symposium IAM

    , Milwaukee

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Orlando Symposium Zero Trust

    , Orlando

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 May 19 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Atlanta Symposium Advancing Cloud Security

    , Atlanta

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 May 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 San Francisco Virtual Symposium DevSecOps and AppSec

    , San Francisco

    In application security, a common failure point is when security teams neglect to consider the Security Hierarchy of Needs: Authentication, Asset Management, Encryption, Logging and Zoning/Containment. Together, they cover 80 percent of an organization’s security program.

  • 2020 Rochester Virtual Symposium MITRE

    , Rochester

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Cleveland Symposium Advancing Cloud Security

    , Cleveland

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Minneapolis Symposium Zero Trust

    , Minneapolis

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 June 3 Virtual Symposium Injecting Business Acumen

    , Virtual

    Security practitioners struggle to frame security needs around the core values and functions of the business. This symposium will help attendees overcome that struggle.

  • 2020 Boston Virtual Super Symposium MITRE and Zero Trust

    , Boston

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'Effectively Leveraging MITRE ATT&CK.' Track 2 with Jake Williams will focus on 'Zero Trust Principles in Action.'

  • 2020 Dallas Symposium Open Source Tools

    , Dallas

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Chicago Virtual Symposium MITRE

    , Chicago

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Philadelphia Symposium Advancing Cloud Security

    , Philadelphia

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Virtual Super Symposium DevSecOps and Advancing Cloud

    , New York

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca will focus on 'Security Learns to Sprint: DevSecOps.' Track 2 with Rich Mogull will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2020 Toronto Symposium Zero Trust

    , Toronto

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 July 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington DC Virtual Symposium IAM

    , Washington

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 July 30 Virtual Symposium DevSecOps

    This talk will argue that DevOps could be the best thing to happen to application security since OWASP -- if developers and operations teams are enabled to make security a part of their everyday work.

  • 2020 Los Angeles Virtual Symposium MITRE

    , Los Angeles

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Boston Symposium DevSecOps

    , Boston

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 Atlanta Virtual Symposium MITRE

    , Atlanta

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Faculty Consulting Briefing: O365

    Microsoft Office 365 is fast becoming one of the top attack vectors used against organizations due to its large and complex external attack surface and integration with organizations’ internal environments. While Microsoft is rapidly releasing new functionality and security controls, security teams are still struggling to ensure they are properly configured for security, audit, and governance capabilities and deficiencies.

  • 2020 Nashville Symposium Advancing Cloud Security

    , Nashville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Jacksonville Symposium Advancing Cloud Security

    , Jacksonville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 September 9 Virtual Symposium IAM

    , Web Conference

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Advancing Cloud Security

    , San Diego

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 San Francisco Symposium Zero Trust

    , San Francisco

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Cincinnati Symposium Zero Trust

    , Cincinnati

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Charlotte Symposium Advancing Cloud Security

    , Charlotte

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Milwaukee Symposium DevSecOps

    , Milwaukee

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 October 22 Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink.

  • 2020 Denver Virtual Symposium InfoSec Program Roadmap

    , Denver

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Minneapolis Virtual Super Symposium DevSecOps and Open Source Tools/Techniques

    , Minneapolis

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Rich Mogull is titled "Open Source Tools/Techniques for Cloud and SecOps."

  • 2020 Nov 17 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Cleveland Virtual Symposium Zero Trust

    , Cleveland

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington, DC Virtual Symposium MITRE

    , Washington

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Los Angeles Virtual Symposium Reducing Security's Cost Responsibilities

    , Los Angeles

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Toronto Virtual Super Symposium DevSecOps and Security Upgrades

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Dave Kennedy is titled "Network Security Upgrades to Make While Everyone Works Remotely."

  • 2020 New York Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 8 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 9 Virtual Symposium Zero Trust

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Philadelphia Virtual Symposium InfoSec Program Roadmap

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Dec 10 Virtual Symposium Open Source Tools

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Seattle Symposium Open Source Tools

    , Seattle

    Interest in open source tools to use across security domains in a broader, more cost-effective manner has increased as companies struggle to maintain security programs amid an economic downturn. But before diving in, they must understand how these tools would work in their environment.

  • 2021 Q1 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting compliance assessment and enforcement procedures is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q2 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q2 Symposium: IAM: Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q2 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q3 Symposium: Finding/Fixing Vulnerabilities in the Healthcare Sector

    Attacks against hospitals and companies in the medical space have skyrocketed during the pandemic. As bad actors target long-standing vulnerabilities in these organizations, security teams seek guidance to close those security holes. This virtual symposium will outline ways to find and fix them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q3 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q4 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Grow Your Future CISO

    When a CISO is ready to move on, companies often lack a smooth process for putting a new one in place. This symposium is about building a succession process to ensure your security team doesn’t miss a beat during transition periods.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2019 Seattle Symposium Cloud Security Maturity

    , Seattle

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Portland Symposium Cloud Security Maturity

    , Portland

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 New York Symposium IAM Strategies that Work

    , New York

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Washington DC Symposium Cloud Security Maturity

    , Washington

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Minneapolis Symposium IAM Strategies that Work

    , Minneapolis

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Denver Symposium Cloud Security Maturity

    , Denver

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 San Francisco Symposium How to Mature Your Application Security Program

    , San Francisco

    Fortune 1000 companies face myriad challenges when it comes to application security. They don't know how to run an effective bug bounty program. They don't know whether to do manual or automated web app pen testing or go with a more hybrid approach. And they spin up containers quickly, setting them loose with no security due diligence.

  • 2019 Nashville Symposium Cloud Security Maturity

    , Nashville

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Symposium Deception

    , Atlanta

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Charlotte Symposium Cloud Security Maturity

    , Charlotte

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Los Angeles Symposium Deception

    , Santa Monica

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Chicago Symposium Deception

    , Chicago

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Philadelphia Symposium Vulnerability Management

    , Philadelphia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Boston Symposium IAM Strategies that Work

    , Boston

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Columbus Symposium Deception

    , Columbus

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Milwaukee Symposium Cloud Security Maturity

    , Milwaukee

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Super Symposium Building a Modern Day SOC and IAM Strategies that Work

    , Atlanta

    This super symposium will bring together security practitioners for a dual-track seminar on “Building a Modern Day SOC” with George Gerchow and “IAM Strategies that Work: Vendor-Agnostic 'How-To' Guidance” with Aaron Turner. Choose one of the tracks to attend.

  • 2019 Austin Symposium Purple Teaming

    , Austin

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Charlotte Symposium Vulnerability Management

    , Charlotte

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Phoenix Symposium The Cloud Security Maturity Roadmap

    , Phoenix

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Orlando Symposium IAM Strategies that Work

    , Orlando

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Chicago Symposium Purple Teaming

    , Chicago

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Palo Alto Symposium Threat Hunting

    , Sunnyvale

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Dallas Symposium Building a Modern Day SOC

    , Plano

    Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school SOC is quickly losing its ability to fulfill its mission. These SOCs must adapt to life in the cloud and security teams need direction on how to get it done. They must be able to differentiate between an old-world SOC and one in the cloud and make the transition without dropping balls in either world.

  • 2019 Boston Super Symposium Vulnerability Management & Application Security

    , Boston

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy highlights 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Kevin Johnson highlights 'How to Mature Your Application Security Program.'

  • 2019 Philadelphia Symposium How to Mature Your Application Security Program

    , Philadelphia

    Security teams have fought hard for better application security but remain challenged on myriad fronts: They’re hungry for more step-by-step details on how to run an effective bug bounty program. They want better guidance for when it’s best to do manual or automated web app pen testing or go with a more hybrid approach. They remain stuck in a cycle of spinning up containers quickly and setting them loose without always knowing if they’ve missed cracks along the way.

  • 2019 Toronto Symposium Cloud Security Maturity

    , Toronto

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 August Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 Washington DC Symposium Vulnerability Management

    , Washington, DC

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Miami Symposium Vulnerability Management

    , Miami

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Nashville Symposium Vulnerability Management

    , Nashville

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Rochester Symposium Advancing Cloud Security: A Roadmap

    , Rochester

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Denver Symposium Vulnerability Management

    , Denver

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 New York Super Symposium Vulnerability Management & Cloud SOC

    , New York

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with George Gerchow will focus on 'Monitoring, Detection and Response in the Cloud.'

  • 2019 Minneapolis Super Symposium Vulnerability Management & Cloud Security Roadmap

    , Minneapolis

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Mike Rothman will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2019 Los Angeles Symposium Advancing Cloud Security: A Roadmap

    , Los Angeles

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Dallas Symposium Vulnerability Management

    , Dallas

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Detroit Symposium Vulnerability Management

    , Livonia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 October Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Seattle Symposium How to Implement Zero Trust in Your Organization

    , Seattle

    Zero Trust has become a vendor buzzword, but security organizations have much to learn about what it is and how to apply it in their specialized environments.

  • 2019 San Diego Symposium Monitoring, Detection and Response in the Cloud

    , San Diego

    Many security operations teams remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school methods of monitoring, detection and response must change.

  • 2019 Cincinnati Symposium Advancing Cloud Security: A Roadmap

    , Cincinnati

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Toronto Super Symposium Vulnerability Management & DevSecOps

    , Toronto

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Shannon Lietz will focus on 'DevSecOps and AppSec: How to Better Align to the Hierarchy of Needs.'

  • 2019 December Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2020 January 21 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Atlanta Symposium Zero Trust

    , Atlanta

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January 28 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 January 30 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Washington, DC Symposium Zero Trust

    , Washington

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Chicago Symposium Zero Trust

    , Chicago

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Columbus Symposium MITRE

    , Columbus

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Phoenix Symposium AI/ML

    , Phoenix

    AI/ML technology can help security teams make more accurate decisions, but it only works when you feed the right data into the machine.

  • 2020 Charlotte Symposium Zero Trust

    , Charlotte

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Seattle Symposium Building an Advanced Privacy Program

    , Seattle

    Existing and forecasted data privacy/protection legislation is taxing the current privacy model inside large organizations. Security teams need step-by-step guidance to keep up.

  • 2020 Boston Symposium Advancing Cloud Security

    , Boston

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Symposium Zero Trust

    , New York

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Los Angeles LA Symposium IAM

    , Los Angeles

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Open Source

    , San Diego

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Philadelphia Symposium IAM

    , Philadelphia

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Portland Symposium IAM

    , Portland

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 April 16 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Denver Symposium Open Source Tools

    , Denver

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Milwaukee Symposium IAM

    , Milwaukee

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Orlando Symposium Zero Trust

    , Orlando

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 May 19 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Atlanta Symposium Advancing Cloud Security

    , Atlanta

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 May 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 San Francisco Virtual Symposium DevSecOps and AppSec

    , San Francisco

    In application security, a common failure point is when security teams neglect to consider the Security Hierarchy of Needs: Authentication, Asset Management, Encryption, Logging and Zoning/Containment. Together, they cover 80 percent of an organization’s security program.

  • 2020 Rochester Virtual Symposium MITRE

    , Rochester

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Cleveland Symposium Advancing Cloud Security

    , Cleveland

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Minneapolis Symposium Zero Trust

    , Minneapolis

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 June 3 Virtual Symposium Injecting Business Acumen

    , Virtual

    Security practitioners struggle to frame security needs around the core values and functions of the business. This symposium will help attendees overcome that struggle.

  • 2020 Boston Virtual Super Symposium MITRE and Zero Trust

    , Boston

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'Effectively Leveraging MITRE ATT&CK.' Track 2 with Jake Williams will focus on 'Zero Trust Principles in Action.'

  • 2020 Dallas Symposium Open Source Tools

    , Dallas

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Chicago Virtual Symposium MITRE

    , Chicago

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Philadelphia Symposium Advancing Cloud Security

    , Philadelphia

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Virtual Super Symposium DevSecOps and Advancing Cloud

    , New York

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca will focus on 'Security Learns to Sprint: DevSecOps.' Track 2 with Rich Mogull will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2020 Toronto Symposium Zero Trust

    , Toronto

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 July 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington DC Virtual Symposium IAM

    , Washington

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 July 30 Virtual Symposium DevSecOps

    This talk will argue that DevOps could be the best thing to happen to application security since OWASP -- if developers and operations teams are enabled to make security a part of their everyday work.

  • 2020 Los Angeles Virtual Symposium MITRE

    , Los Angeles

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Boston Symposium DevSecOps

    , Boston

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 Atlanta Virtual Symposium MITRE

    , Atlanta

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Faculty Consulting Briefing: O365

    Microsoft Office 365 is fast becoming one of the top attack vectors used against organizations due to its large and complex external attack surface and integration with organizations’ internal environments. While Microsoft is rapidly releasing new functionality and security controls, security teams are still struggling to ensure they are properly configured for security, audit, and governance capabilities and deficiencies.

  • 2020 Nashville Symposium Advancing Cloud Security

    , Nashville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Jacksonville Symposium Advancing Cloud Security

    , Jacksonville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 September 9 Virtual Symposium IAM

    , Web Conference

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Advancing Cloud Security

    , San Diego

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 San Francisco Symposium Zero Trust

    , San Francisco

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Cincinnati Symposium Zero Trust

    , Cincinnati

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Charlotte Symposium Advancing Cloud Security

    , Charlotte

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Milwaukee Symposium DevSecOps

    , Milwaukee

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 October 22 Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink.

  • 2020 Denver Virtual Symposium InfoSec Program Roadmap

    , Denver

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Minneapolis Virtual Super Symposium DevSecOps and Open Source Tools/Techniques

    , Minneapolis

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Rich Mogull is titled "Open Source Tools/Techniques for Cloud and SecOps."

  • 2020 Nov 17 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Cleveland Virtual Symposium Zero Trust

    , Cleveland

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington, DC Virtual Symposium MITRE

    , Washington

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Los Angeles Virtual Symposium Reducing Security's Cost Responsibilities

    , Los Angeles

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Toronto Virtual Super Symposium DevSecOps and Security Upgrades

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Dave Kennedy is titled "Network Security Upgrades to Make While Everyone Works Remotely."

  • 2020 New York Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 8 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 9 Virtual Symposium Zero Trust

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Philadelphia Virtual Symposium InfoSec Program Roadmap

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Dec 10 Virtual Symposium Open Source Tools

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Seattle Symposium Open Source Tools

    , Seattle

    Interest in open source tools to use across security domains in a broader, more cost-effective manner has increased as companies struggle to maintain security programs amid an economic downturn. But before diving in, they must understand how these tools would work in their environment.

  • 2021 Q1 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting compliance assessment and enforcement procedures is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    IAM teams are challenged with demands for more robust access governance, cloud migration and integration with other IT infrastructure. This virtual symposium helps security teams make smart choices.

  • 2021 Q2 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q2 Symposium: IAM: Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q2 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q2 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q2 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q2 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q3 Symposium: Finding/Fixing Vulnerabilities in the Healthcare Sector

    Attacks against hospitals and companies in the medical space have skyrocketed during the pandemic. As bad actors target long-standing vulnerabilities in these organizations, security teams seek guidance to close those security holes. This virtual symposium will outline ways to find and fix them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: MITRE ATT&CK: New Use Cases for 2021

    Security teams seek fresh MITRE ATT&CK use cases to help them navigate threats and vulnerabilities in 2021. This virtual symposium will outline those use cases and how to apply them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q3 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q3 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q3 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q3 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q3 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q4 Symposium: Where Critical Infrastructure is Threatened and How to Fix It

    Nation states have increasingly targeted organizations managing critical infrastructure (utilities, for example) knowing that industrial control systems continue to run on antiquated technology. Security teams seek guidance to better determine their weaknesses and how to fix them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  How to Automate Assessment/Enforcement in the Cloud

    Manually conducting assessment and enforcement in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. Teams need strategies for automation of these tasks and tools to do it with.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Grow Your Future CISO

    When a CISO is ready to move on, companies often lack a smooth process for putting a new one in place. This symposium is about building a succession process to ensure your security team doesn’t miss a beat during transition periods.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2021 Q4 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium: Phishing/Ransomware Readiness

    Security teams need help identifying what’s needed to better prepare and defend against the phishing and ransomware in 2021 and beyond.

  • 2021 Q4 Symposium:  Securing the Supply Chain

    In the wake of SolarWinds, companies are looking at how to minimize threats to their software supply chains – specifically, how to more effectively coordinate efforts with third- and fourth-party suppliers.

  • 2019 Seattle Symposium Cloud Security Maturity

    , Seattle

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Portland Symposium Cloud Security Maturity

    , Portland

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 New York Symposium IAM Strategies that Work

    , New York

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Washington DC Symposium Cloud Security Maturity

    , Washington

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Minneapolis Symposium IAM Strategies that Work

    , Minneapolis

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Denver Symposium Cloud Security Maturity

    , Denver

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 San Francisco Symposium How to Mature Your Application Security Program

    , San Francisco

    Fortune 1000 companies face myriad challenges when it comes to application security. They don't know how to run an effective bug bounty program. They don't know whether to do manual or automated web app pen testing or go with a more hybrid approach. And they spin up containers quickly, setting them loose with no security due diligence.

  • 2019 Nashville Symposium Cloud Security Maturity

    , Nashville

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Symposium Deception

    , Atlanta

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Charlotte Symposium Cloud Security Maturity

    , Charlotte

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Los Angeles Symposium Deception

    , Santa Monica

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Chicago Symposium Deception

    , Chicago

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Philadelphia Symposium Vulnerability Management

    , Philadelphia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Boston Symposium IAM Strategies that Work

    , Boston

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Columbus Symposium Deception

    , Columbus

    Deception is an effective tool to detect APT adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network unchecked unless we put something in the way to entice them to make a mistake. Deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside, or are working their way in.

  • 2019 Milwaukee Symposium Cloud Security Maturity

    , Milwaukee

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Atlanta Super Symposium Building a Modern Day SOC and IAM Strategies that Work

    , Atlanta

    This super symposium will bring together security practitioners for a dual-track seminar on “Building a Modern Day SOC” with George Gerchow and “IAM Strategies that Work: Vendor-Agnostic 'How-To' Guidance” with Aaron Turner. Choose one of the tracks to attend.

  • 2019 Austin Symposium Purple Teaming

    , Austin

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Charlotte Symposium Vulnerability Management

    , Charlotte

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Phoenix Symposium The Cloud Security Maturity Roadmap

    , Phoenix

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Orlando Symposium IAM Strategies that Work

    , Orlando

    Facing the cloud and its mobile constituency, investments in end-point protection and next generation firewalls are powerless. In these environments, it is identity that stands between information assets and a world of possible threats. Yet few organizations have prioritized the development of a practical strategy for the planning, execution, operation, and governance of Identity and Access Management (IAM). This under-investment creates an identity debt that will increasingly be paid with inefficiencies and incidents.

  • 2019 Chicago Symposium Purple Teaming

    , Chicago

    Your Red Team does one thing, your Blue Team does the other, and they don’t talk. You struggle to get them on the same page and achieve the true value of these exercises. What to do?

  • 2019 Palo Alto Symposium Threat Hunting

    , Sunnyvale

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Dallas Symposium Building a Modern Day SOC

    , Plano

    Security Operations Centers remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school SOC is quickly losing its ability to fulfill its mission. These SOCs must adapt to life in the cloud and security teams need direction on how to get it done. They must be able to differentiate between an old-world SOC and one in the cloud and make the transition without dropping balls in either world.

  • 2019 Boston Super Symposium Vulnerability Management & Application Security

    , Boston

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy highlights 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Kevin Johnson highlights 'How to Mature Your Application Security Program.'

  • 2019 Philadelphia Symposium How to Mature Your Application Security Program

    , Philadelphia

    Security teams have fought hard for better application security but remain challenged on myriad fronts: They’re hungry for more step-by-step details on how to run an effective bug bounty program. They want better guidance for when it’s best to do manual or automated web app pen testing or go with a more hybrid approach. They remain stuck in a cycle of spinning up containers quickly and setting them loose without always knowing if they’ve missed cracks along the way.

  • 2019 Toronto Symposium Cloud Security Maturity

    , Toronto

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 August Virtual Symposium Mindfulness

    A CISO’s job is difficult and, at times, overwhelming. The stress is part of the job and isn’t going away, so we need techniques to calm and focus the mind and keep us from getting overrun.

  • 2019 Washington DC Symposium Vulnerability Management

    , Washington, DC

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Miami Symposium Vulnerability Management

    , Miami

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Nashville Symposium Vulnerability Management

    , Nashville

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Rochester Symposium Advancing Cloud Security: A Roadmap

    , Rochester

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Denver Symposium Vulnerability Management

    , Denver

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 New York Super Symposium Vulnerability Management & Cloud SOC

    , New York

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with George Gerchow will focus on 'Monitoring, Detection and Response in the Cloud.'

  • 2019 Minneapolis Super Symposium Vulnerability Management & Cloud Security Roadmap

    , Minneapolis

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Jake Williams will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Mike Rothman will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2019 Los Angeles Symposium Advancing Cloud Security: A Roadmap

    , Los Angeles

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Dallas Symposium Vulnerability Management

    , Dallas

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 Detroit Symposium Vulnerability Management

    , Livonia

    Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

  • 2019 October Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2019 Seattle Symposium How to Implement Zero Trust in Your Organization

    , Seattle

    Zero Trust has become a vendor buzzword, but security organizations have much to learn about what it is and how to apply it in their specialized environments.

  • 2019 San Diego Symposium Monitoring, Detection and Response in the Cloud

    , San Diego

    Many security operations teams remain rooted in the same tech, procedures and mindsets that existed before the cloud. With companies doing an ever-increasing amount of business in the cloud, and with more of their resources residing there, the old-school methods of monitoring, detection and response must change.

  • 2019 Cincinnati Symposium Advancing Cloud Security: A Roadmap

    , Cincinnati

    Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

  • 2019 Toronto Super Symposium Vulnerability Management & DevSecOps

    , Toronto

    In this 5-hour Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'How to Achieve Saner, More Effective Vulnerability Management.' Track 2 with Shannon Lietz will focus on 'DevSecOps and AppSec: How to Better Align to the Hierarchy of Needs.'

  • 2019 December Virtual Symposium New Threat Hunting Techniques

    , Virtual

    Attackers keep evolving their tactics, making it increasingly difficult for traditional forensic techniques to keep up. Security teams have plenty of data but don’t know what specific data types they need and what to do with what they have. It’s time to get proactive – and that’s where threat hunting comes into play.

  • 2020 January 21 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Atlanta Symposium Zero Trust

    , Atlanta

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 January 28 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 January 30 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Washington, DC Symposium Zero Trust

    , Washington

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Chicago Symposium Zero Trust

    , Chicago

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Columbus Symposium MITRE

    , Columbus

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Phoenix Symposium AI/ML

    , Phoenix

    AI/ML technology can help security teams make more accurate decisions, but it only works when you feed the right data into the machine.

  • 2020 Charlotte Symposium Zero Trust

    , Charlotte

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Seattle Symposium Building an Advanced Privacy Program

    , Seattle

    Existing and forecasted data privacy/protection legislation is taxing the current privacy model inside large organizations. Security teams need step-by-step guidance to keep up.

  • 2020 Boston Symposium Advancing Cloud Security

    , Boston

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Symposium Zero Trust

    , New York

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Los Angeles LA Symposium IAM

    , Los Angeles

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Open Source

    , San Diego

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Philadelphia Symposium IAM

    , Philadelphia

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Portland Symposium IAM

    , Portland

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 April 16 Virtual Symposium MITRE ATTACK

    , Virtual

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Denver Symposium Open Source Tools

    , Denver

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Milwaukee Symposium IAM

    , Milwaukee

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 Orlando Symposium Zero Trust

    , Orlando

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 May 19 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Atlanta Symposium Advancing Cloud Security

    , Atlanta

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 May 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 San Francisco Virtual Symposium DevSecOps and AppSec

    , San Francisco

    In application security, a common failure point is when security teams neglect to consider the Security Hierarchy of Needs: Authentication, Asset Management, Encryption, Logging and Zoning/Containment. Together, they cover 80 percent of an organization’s security program.

  • 2020 Rochester Virtual Symposium MITRE

    , Rochester

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Cleveland Symposium Advancing Cloud Security

    , Cleveland

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Minneapolis Symposium Zero Trust

    , Minneapolis

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 June 3 Virtual Symposium Injecting Business Acumen

    , Virtual

    Security practitioners struggle to frame security needs around the core values and functions of the business. This symposium will help attendees overcome that struggle.

  • 2020 Boston Virtual Super Symposium MITRE and Zero Trust

    , Boston

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Dave Kennedy will focus on 'Effectively Leveraging MITRE ATT&CK.' Track 2 with Jake Williams will focus on 'Zero Trust Principles in Action.'

  • 2020 Dallas Symposium Open Source Tools

    , Dallas

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Chicago Virtual Symposium MITRE

    , Chicago

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Philadelphia Symposium Advancing Cloud Security

    , Philadelphia

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 New York Virtual Super Symposium DevSecOps and Advancing Cloud

    , New York

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca will focus on 'Security Learns to Sprint: DevSecOps.' Track 2 with Rich Mogull will focus on 'Advancing Cloud Security: A Roadmap.'

  • 2020 Toronto Symposium Zero Trust

    , Toronto

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 July 21 Virtual Symposium Zero Trust

    , Virtual

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington DC Virtual Symposium IAM

    , Washington

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 July 30 Virtual Symposium DevSecOps

    This talk will argue that DevOps could be the best thing to happen to application security since OWASP -- if developers and operations teams are enabled to make security a part of their everyday work.

  • 2020 Los Angeles Virtual Symposium MITRE

    , Los Angeles

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Boston Symposium DevSecOps

    , Boston

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 Atlanta Virtual Symposium MITRE

    , Atlanta

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Faculty Consulting Briefing: O365

    Microsoft Office 365 is fast becoming one of the top attack vectors used against organizations due to its large and complex external attack surface and integration with organizations’ internal environments. While Microsoft is rapidly releasing new functionality and security controls, security teams are still struggling to ensure they are properly configured for security, audit, and governance capabilities and deficiencies.

  • 2020 Nashville Symposium Advancing Cloud Security

    , Nashville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Jacksonville Symposium Advancing Cloud Security

    , Jacksonville

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 September 9 Virtual Symposium IAM

    , Web Conference

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first.

  • 2020 San Diego Symposium Advancing Cloud Security

    , San Diego

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 San Francisco Symposium Zero Trust

    , San Francisco

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Cincinnati Symposium Zero Trust

    , Cincinnati

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Charlotte Symposium Advancing Cloud Security

    , Charlotte

    Small teams are stuck at the ground level for cloud security and need to mature. Large teams keep making rookie mistakes when designing cloud architecture, managing apps and configuring systems.

  • 2020 Milwaukee Symposium DevSecOps

    , Milwaukee

    With a ratio of 100/10/1 for Development, Operations, and Security, security now needs to concentrate on creating tools, processes and opportunities for dev and ops that result in more-secure products, instead of trying to do it all themselves like they did in days past.

  • 2020 October 22 Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink.

  • 2020 Denver Virtual Symposium InfoSec Program Roadmap

    , Denver

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Minneapolis Virtual Super Symposium DevSecOps and Open Source Tools/Techniques

    , Minneapolis

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Rich Mogull is titled "Open Source Tools/Techniques for Cloud and SecOps."

  • 2020 Nov 17 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Cleveland Virtual Symposium Zero Trust

    , Cleveland

    The Zero Trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Washington, DC Virtual Symposium MITRE

    , Washington

    IANS has run multiple workshops on threat hunting, purple teaming and tool selection, but MITRE ATT&CK has opened up a new range of possibilities for how to approach these areas.

  • 2020 Los Angeles Virtual Symposium Reducing Security's Cost Responsibilities

    , Los Angeles

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Toronto Virtual Super Symposium DevSecOps and Security Upgrades

    In this 2.5-hour Virtual Super Symposium, you'll choose one track to attend. Track 1 with Tanya Janca is titled "Security Learns to Sprint: DevSecOps." Track 2 with Dave Kennedy is titled "Network Security Upgrades to Make While Everyone Works Remotely."

  • 2020 New York Virtual Symposium Reducing Security's Cost Responsibilities

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 8 Virtual Symposium Reducing Security's Cost Responsibilities

    , Virtual

    After re-orienting the business to function in a pandemic, organizations now have an economic downturn on their hands and must find ways to keep security programs functioning as investments freeze and budgets shrink. This virtual symposium will offer steps to do that.

  • 2020 Dec 9 Virtual Symposium Zero Trust

    The zero trust vendor bandwagon is spilling over and organizations can’t keep up. They need help understanding which technologies fit into the concept and how best to configure them.

  • 2020 Philadelphia Virtual Symposium InfoSec Program Roadmap

    The strongest security organizations are self-aware, recognize their weaknesses and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement it.

  • 2020 Dec 10 Virtual Symposium Open Source Tools

    Security teams large and small are clamoring for open source tools they can use across security domains in a broader, more cost-effective manner. But before diving in, they must understand how these tools would work in their environment.

  • 2020 Seattle Symposium Open Source Tools

    , Seattle

    Interest in open source tools to use across security domains in a broader, more cost-effective manner has increased as companies struggle to maintain security programs amid an economic downturn. But before diving in, they must understand how these tools would work in their environment.

  • 2021 Q1 Symposium: Using the DIE Triad for Better Resiliency

    Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. The DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience is one such approach. This virtual symposium will outline the components and how to incorporate them.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: Embrace the Sysmon Approach to Logging

    Security teams are concerned that their logging techniques are outdated, such as the practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools.

  • 2021 Q1 Symposium: Navigating the Multi-Cloud

    Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments, and they seek guidance to adapt their approach to cover the differences from one cloud to the next. This virtual symposium will provide that guidance.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.

  • 2021 Q1 Symposium: Optimizing a SOC via Automation and Visualization

    Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them.

  • 2021 Q1 Symposium: IAM Advanced Tools and Techniques

    Many users still have advanced file access permissions when they shouldn’t. Several tools and techniques can help tighten up access, but you need to know about them first. This virtual symposium helps security teams determine where they are going wrong and how to get on a better track.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: Achieving a Speedier Secure Access Service Edge (SASE)

    The shift to remote work made security teams realize that they must be able to make SASE configuration changes with greater speed and be ready to do so when the next black swan hits. They seek guidance for how to do that without compromising their edge defenses.

  • 2021 Q1 Symposium: Adversarial Emulation: Perfecting a Purple Team Holy Grail

    Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs.

  • 2021 Q1 Symposium: How to Build an Information Security Program Roadmap

    The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their weaknesses, and create roadmaps to move their programs from current to enhanced states. This virtual symposium will outline how to determine the best approach for your organization and implement a framework that makes sense.