2019 Boston Super Symposium
Saner Vulnerability Management & Maturing Application Security

#IANSBoston #IANSEvents

Tuesday, June 25, 2019 | 10:00 AM - 3:00 PM
District Hall, 75 Northern Ave, Boston, MA

Select a track to see more information.

Companies have limited resources to keep up with an endless pile of vulnerabilities and patches and need to determine what they keep getting wrong and what others are doing that’s right.

In this 5-hour Symposium, IANS Faculty member Dave Kennedy will help attendees better understand what they may be doing wrong and send them back to their organizations with better solutions that include:

  • Particular tools to use to create more automation
  • Using automation to move through the flaw-finding and patching process more quickly
  • A list of methods used by companies that have taken their programs to the next level
  • Instructions on how to use the Vulnerability Management Process Workflow
  • Instructions to ensure data within the SQL Server, DB2 and Oracle databases are secure
  • Tools like Shodan that will cast a wider vulnerability net


Anyone responsible for patch management in their organizations, particularly those who are already well on their way to surfacing and addressing the challenges.

Security teams have fought hard for better application security but remain challenged on a myriad of fronts: They’re hungry for more step-by-step details on how to run an effective bug bounty program. They want better guidance for when it’s best to do manual or automated web app pen testing or go with a more hybrid approach. They remain stuck in a cycle of spinning up containers quickly and setting them loose without always knowing if they’ve missed cracks along the way.

For all of these challenges, they seek more advanced techniques. This 5-hour symposium with IANS Faculty Member Kevin Johnson is designed to offer just that, including:

  • A process you can use to measure your organization’s maturity level for in-house bug bounty programs
  • A thorough inventory of third-party bug bounty vendors and a list of questions to help determine which one is best for you
  • A set of best practices that address big-picture app security challenges in 2019
  • A strategy for hybrid web app pen testing


Anyone responsible for app security in their organizations. The topics will be accessible to relative newcomers but will be most useful to those who are already well on their way to surfacing and addressing the challenges.

This event is for IANS clients and invited guests — there is no vendor sponsorship or presence.

Let your colleagues know you're coming!

This event has ended.

Check out our other upcoming events!

View All Events
*Receive 1 CPE credit for every hour of attendance at our events.

2019 Boston Super Symposium Facilitators


Kevin Johnson

IANS Faculty
Kevin has over 15 years of experience within security working with and performing services for Fortune 100 companies and draws upon his development and system administration background. Kevin is the CEO and Principal Security Consultant with Secure Ideas. Previously, Kevin was a Senior Instructor at SANS and the author of "Security 542: Web Application Penetration Testing and ethical Hacking." Other current speaking engagements include DEFCON, ShmooCon as well as Infragard, ISSA and the University of Florida. He founded BASE (web front-end for snort analysis) as well as Samurai WTF live DVD (live environment focused on web pen testing). Two additional projects Kevin founded are Yokoso and Laudanum, which are focused on exploit delivery. In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion (Star Wars charity group).

Dave Kennedy

CEO, TrustedSec & IANS Faculty

Dave is the President and CEO of TrustedSec, an information security consulting company. David was a Chief Security Officer for an international Fortune 1000 company located in over 77 countries with over 18,000 employees. David developed a global security program with a large dedicated team. He is considered a thought leader in the security field and has presented at many conferences worldwide and had guest appearances on FoxNews, BBC, and other high-profile media outlets. David is the Founder of DerbyCon, a large-scale security conference in Louisville, KY. He also authored Metasploit: The Penetration Testers Guide, which was number one on Amazon.com in security for over 6 months. David is a founding member of the "Penetration Testing Execution Standard (PTES)," the industry leading methodologies and guidelines for performing penetration tests. Dave received a BA of Arts from Malone University in Ohio. Dave has many certifications including OSCE, QSA, OSCE, OSCP, CISSP, ISO 27001, GSEC, and MCSE. Dave also served in the Marines for five years working on intelligence related missions. He enjoys scuba diving, handy work, Destiny, fine bourbons and getting away to the country without cell reception.

District Hall

75 Northern Ave, Boston, MA 02210

Attendee Qualification

This Symposium is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Symposium to any entity or individual. IANS’ receipt of a registration application does not constitute acceptance. Individuals from Information Security Solution Providers (software, hardware, and consulting companies) are not eligible to attend. Symposiums are open to IANS clients that are Credential Holders and qualified Information Security Practitioners identified by IANS.

Attendee Contact


Check out IANS other upcoming events