2020 Minneapolis Virtual
Information Security Forum

#IANSMinneapolis #IANSEvents

August 20, 2020
Web Conference, Minneapolis, MN

Thursday, August 20, 2020 | 9:00 AM - 3:00 PM
Web Conference, Minneapolis, MN

The Minneapolis Forum is designed for information security practitioners across all industries to dive deep on specific topics, share insights, and network with peers in a virtual environment. This one-day event will feature keynote speeches, IANS Faculty presentations, ‘Ask Me Anything’ topic lounges, and ‘Explore the Floor’ sessions to engage with solution providers.

IANS Forum content spans the depth and breadth of the entire security function. Attendees include but are not limited to CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Please note: This virtual event is intended for practitioners from the Minneapolis metro area. For people outside of the region who wish to join, attendance is subject to capacity. We will inform out-of-metro registrants on the status of their registration one week in advance of the event.

 

Let your colleagues know you're coming!

Register Now

* Required Fields
*Receive 1 CPE credit for every hour of attendance at our events.

Agenda

9:00 AM - 3:00 PM

Keynote Interview

More information coming soon.

Explore the Floor

Check out and network with the information security solution providers sponsoring the Virtual Forum. You’ll have the opportunity to view videos, ask questions, live chat, and download case studies and other materials – all while earning points for the leaderboard.

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Threats & Vulnerabilities

Application Security: Fixing the Legacy App Problem

with Aaron Turner

Large companies – especially post-M&A – tend to ignore legacy apps in favor of implementing new technology. This results in old apps sitting on the network with vulnerabilities attackers easily exploit. This session explores how to:

  • Protect legacy apps long enough to either come up with a graceful transition or update them
  • Design a more effective, advanced and automated inventory process
  • Get a better sense for how to triage the most troublesome apps
  • Better optimize unused features in older apps before rushing to new apps
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Security Operations

Incident Response: Fixing What’s Wrong with Crisis Management

with Dave Kennedy

Security teams are getting better at the technical side of incident response, but crisis management is still a pain point. This session details how to quickly and efficiently manage a crisis when the crush is on. This session explores:

  • Tips to help first responders take charge, including the art of speaking in short sentences and keeping a journal
  • Case study: What we can learn from the SEAL team approach
  • How integrating OODA (observe, orient, decide and act) Loop principals across the culture results in a faster, more effective crisis response
  • How agreed-on values and beliefs guide decision-making when pressure is extreme
  • How leaders’ character, substance and style impact those around them
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Security Operations

SIEM Alert Overload: Cutting Through the Noise

with Mike Rothman

Overwhelmed by SIEM alerts? Then it’s time to focus on better-defined logging and fine-tuning your alert triggers. This session explores:

  • Specific network activities to log
  • What requires an alert and what doesn’t
  • Creating a step-by-step action plan to better tune your SIEM
  • Using security orchestration, automation and response (SOAR) and user and entity behavior analytics (UEBA) to enhance detection

Explore the Floor

Check out and network with the information security solution providers sponsoring the Virtual Forum. You’ll have the opportunity to view videos, ask questions, live chat, and download case studies and other materials – all while earning points for the leaderboard.

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

GRC

Ask Me Anything: Compliance Challenges in the Coming Year

with George Gerchow

In this topic lounge, you’ll have the opportunity to ask questions in real time via chat to George Gerchow.

dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Threats & Vulnerabilities

Ask Me Anything: Threat Landscape for T2 2020

with Dave Kennedy

In this topic lounge, you’ll have the opportunity to ask questions in real time via chat to Dave Kennedy.

mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Leadership

Ask Me Anything: Maintaining Security in a Pandemic and Downturn

with Mike Rothman

In this topic lounge, you’ll have the opportunity to ask questions in real time via chat to Mike Rothman.

Explore the Floor

Check out and network with the information security solution providers sponsoring the Virtual Forum. You’ll have the opportunity to view videos, ask questions, live chat, and download case studies and other materials – all while earning points for the leaderboard.

Networking Lunch

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Threats & Vulnerabilities

Building a Smart Bug Bounty Program

with George Gerchow

Both small and large security teams need to ensure their bug bounty programs strike the right balance between what’s managed in-house and what’s outsourced. They also need a checklist of questions to keep vendors accountable. This session focuses on those details, including:

  • How to tell if vendors are taking sufficient measures to combat white noise
  • How to handle the influx of commodity vulnerabilities vs. real-deal flaws
  • Whether or not certain bug bounty vendors do background checks on the researchers they use
  • How to handle the people/politics of managing bug bounty programs
  • Which elements of a bug bounty program belong in-house and which belong with the vendor

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Security Operations

Using AI/ML to Optimize SecOps

with Aaron Turner

AI/ML technology can help them make more accurate decisions, but only if security teams feed the right data into the machine. This session explains how to grab and input the right data from five primary log data sources:

  • Network (traffic flows)
  • Infrastructure (servers)
  • Database
  • Applications
  • Identity and access management (IAM)/people

From there, we explore what clean, relevant, actionable and business-driven data truly looks like.

dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Threats & Vulnerabilities

Ransomware: Defense and Recovery Tactics for 2020

with Dave Kennedy

AI/ML technology can help them make more accurate decisions, but only if security teams feed the right data into the machine. This session explains how to grab and input the right data from five primary log data sources:

  • Network (traffic flows)
  • Infrastructure (servers)
  • Database
  • Applications
  • Identity and access management (IAM)/people

From there, we explore what clean, relevant, actionable and business-driven data truly looks like.

Explore the Floor

Check out and network with the information security solution providers sponsoring the Virtual Forum. You’ll have the opportunity to view videos, ask questions, live chat, and download case studies and other materials – all while earning points for the leaderboard.

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Security Architecture

IAM and File Security: Advanced Tools and Techniques

with Aaron Turner

Employees and contractors still end up with advanced file access permissions when they shouldn’t. Security teams need to know what they’re doing wrong in file security and what tools/techniques can help them fix this problem. This session explores:

  • How to reduce your attack surface more effectively
  • How to marry security objectives with compliance/business objectives when setting file access perimeters
  • Key considerations for cloud and mobile
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Security Architecture

Successful DevSecOps: Understanding the Business Cases

with George Gerchow

Companies still struggle to get developers and security on the same page. It’s time to learn from those who’ve notched DevSecOps successes. This session explores:

  • Case studies of DevSecOps done right
  • How to measure your maturity for DevSecOps (Phase 1 to Phase 5)
  • Putting the “Shift Left” DevSecOps workflow in place
  • How DevSecOps creates secure cloud deployments
  • How to use DevSecOps to improve internet-of-things (IoT) security at the development stage
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

GRC

Managing Privacy and Risk in the Social Media Age

with Mike Rothman

Facebook, Twitter and LinkedIn aren’t going anywhere. Security teams need the latest best practices for monitoring and effectively locking down employee social media use to avoid being an easy target for attackers. This session explores:

  • Where current methods of tracking employee social media use fail and how to fix it
  • Tools and techniques to quickly find and eradicate malware injected into company networks via social media usage
  • How well (or not so well) cloud-based email systems interact with social media platforms

2020 Minneapolis Virtual Speakers

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Presentations
  • Ask Me Anything: Compliance Challenges in the Coming YearAgenda11:15 AM - 11:45 AM
  • Building a Smart Bug Bounty ProgramAgenda12:45 PM - 1:30 PM
  • Successful DevSecOps: Understanding the Business CasesAgenda2:00 PM - 2:45 PM
dave-kennedy

Dave Kennedy

IANS Faculty

Dave is the Founder and Owner of TrustedSec, an information security consulting firm, and Binary Defense, a Managed Security Service Provider (MSSP) that detects attackers early to prevent large-scale invasions. In addition to creating several widely popular open-source tools, including 'The Social-Engineer Toolkit' (SET), PenTesters Framework (PTF), and Artillery. David has also released security advisories, including zero-days, with a focus on security research.

Prior to his work in the private sector, Dave served in the United States Marine Corps (USMC), focusing on cyber warfare and forensics analysis activities, including two tours to Iraq. He also served on the board of directors for (ISC)2, which is one of the largest security collectives and offers certifications such as the CISSP.

Presentations
  • Incident Response: Fixing What’s Wrong with Crisis ManagementAgenda10:00 AM - 10:45 AM
  • Ask Me Anything: Threat Landscape for T2 2020Agenda11:15 AM - 11:45 PM
  • Ransomware: Defense and Recovery Tactics for 2020Agenda12:45 PM - 1:30 PM
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Presentations
  • SIEM Alert Overload: Cutting Through the NoiseAgenda10:00 AM - 10:45 AM
  • Ask Me Anything: Maintaining Security in a Pandemic and DownturnAgenda11:15 AM - 11:45 AM
  • Managing Privacy and Risk in the Social Media AgeAgenda2:00 PM - 2:45 PM

Aaron Turner

IANS Faculty

Aaron Turner is the President & Chief Security Officer of HighSide, a distributed identity and secure collaboration technology company. He is also President and CEO of Integricell, an information security consulting firm which focuses on helping customers better manage the risks associated with global-scale business. Aaron also serves on the RSA Program Committee, helping select the educational content presented at the yearly RSA Conference.

Presentations
  • Application Security: Fixing the Legacy App ProblemAgenda10:00 AM - 10:45 AM
  • Using AI/ML to Optimize SecOpsAgenda12:45 PM - 1:30 PM
  • IAM and File Security: Advanced Tools and TechniquesAgenda2:00 PM - 2:45 PM

Web Conference

Registrants will receive a logistics email with web conference meeting information one day prior to the event.

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 16 credits through our partnership with (ISC)2. Attendees must check in at registration each morning to receive their 8 credits for Day 1 and Day 2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum officially begins on at 9:00am and ends at 2:45pm.

What's the registration deadline?
You can register for and IANS event up to the day of the event.

Day-of Questions

Are the presentations available for viewing after the Forum?

All roundtable sessions will be available after the Forum. Many presentations are uploaded to the Mobile App prior to the Forum.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located in the middle of your program. Please drop off your survey at the registration desk before you leave.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please download the IANS Mobile App or follow us on Twitter.

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

Photography, Audio & Video Recording

IANS Forums are held in a public venue; therefore, IANS does not prohibit participants, sponsors, or other companies from photographing or taking videos. IANS reserves the right to use images taken at IANS Forums with your photograph and/or likeness in marketing materials.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for information security practitioners across all industries. Attendees include CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Interested in Forum Sponsorship? Learn More.

Check out IANS other upcoming events