2021 New York Virtual
Information Security Forum

#IANSNY #IANSEvents

Thursday, April 22, 2021 | 9:00 AM - 3:30 PM ET
Web Conference, New York, NY

The New York Forum is designed for information security practitioners across all industries to dive deep on specific topics, share insights, and network with peers in a virtual environment. This one-day event incorporates breakouts with IANS Faculty, spotlight sessions on emerging technologies, and opportunities to network with your peers. Topics fall into five tracks:

  • Security Operations
  • Security Architecture
  • Threats and Vulnerabilities
  • Governance, Risk Management, and Compliance
  • Leadership and Career Development

IANS Forum content is geared toward the entire security function. Attendees include but are not limited to CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Let your colleagues know you're coming!

This event has ended.

Check out our other upcoming events!

View All Events
*Receive 1 CPE credit for every hour of attendance at our events.

Agenda

peter-kuper

Peter Kuper

IANS Faculty

Peter is the Managing Director at ClearSky Security, an information security solutions firm that focuses on threat intelligence services. He also serves as the Managing Partner at HypAdvisor Consulting, LLC, an advisory firm for technology companies. He is also an Advisor to the Pacific Northwest National Lab. Formerly, as the Lead Software Analyst for Morgan Stanley, he published industry-leading investment reports and led over 18 public transactions. In total, Peter was a Wall Street analyst for 15 years, which offered him the opportunity to work top executives in both public and private companies. As a visible voice for the software industry, Kuper is an active speaker to many professional and government groups.

9:00 AM - 9:30 AM

Be a Startup: The Necessity to Embrace Innovation or Fail

with Peter Kuper

The threat landscape surrounding infosec teams is constantly evolving, with attackers developing new tactics faster than the vendor climate can keep up. In response, security teams that can operate with a startup-like innovation cycle can position themselves to better adapt to ever-shifting threats. In this session, IANS Faculty member Peter Kuper will discuss:

  • How applying a startup mentality can help security teams accelerate problem-solving.
  • Why startups have gained so much traction in the vendor space and how to benefit from this market dynamic.
  • Ways to structure your operations to be nimble in response to changing market conditions.

Startups drive innovation and accelerate growth in industries. Expect to come away from this session with tangible insights on how to apply a startup mentality to your environment.

9:35 AM - 10:20 AM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

10:20 AM - 11:00 AM Security Architecture

Building a Better Security Champion Program

with George Gerchow

Small security teams lack the staff and tools to communicate and enforce application security best practices across the organization. Security champion programs open lines of communication between security and the rest of the organization, leading to better support, accelerated alert cycles and stronger business/security alignment. This session will provide the necessary guidance to:

  • Properly identify and recruit champions from each developer, IT and operations team
  • Train champions to find and communicate problems quickly and accurately
  • Delegate some of the meatier security work to the champions
  • Identify, obtain and deploy metrics/KPIs to track the program’s effectiveness
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Security Operations

Incident Response: Fixing What’s Wrong with Crisis Management

with Mike Rothman

Security teams are getting better at the technical side of incident response, but crisis management is still a pain point. This session details how to quickly and efficiently manage a crisis when the crush is on. This session explores:

  • Tips to help first responders take charge, including the art of speaking in short sentences and keeping a journal
  • Case study: What we can learn from the SEAL team approach
  • How integrating OODA (observe, orient, decide and act) Loop principals across the culture results in a faster, more effective crisis response
  • How agreed-on values and beliefs guide decision-making when pressure is extreme
  • How leaders’ character, substance and style impact those around them
dave-lewis

Dave Lewis

IANS Faculty

Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

Threats & Vulnerabilities

Phishing and Ransomware: Defense and Recovery Tactics for 2021

with Dave Lewis

Ransomware and phishing attack methods continue to evolve, as do protection techniques. Security teams seek updates on what has changed this past year. This session will explore:

  • Case studies from the news: What victims did wrong and what they did right
  • Tools and techniques to use if an initial attack is successful
  • A look at how tactics differ for small teams vs. large teams
  • How to account for ransomware attacks -- including ransomware denial-of-service -- in your incident response plan
11:05 AM - 11:50 AM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.

mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

11:50 AM - 12:30 PM Security Architecture

Making Sense of SASE

with Mike Rothman

Security teams are trying to make sense of Secure Access Service Edge (SASE) – an emerging concept for network security in the cloud. They want to know what SASE is and why it matters, how the pieces fit together and what the current adoption rate looks like across industries. This session will address those questions and help attendees understand:

  • The broader implications for how SASE impacts different teams and technologies
  • Where Zero Trust, CASB and other solutions can help
  • How to build a roadmap to plan for the transition to SASE and measure success
Sounil Yu

Sounil Yu

IANS Faculty

Sounil Yu has over 30 years of hands-on experience creating, breaking and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, teaches Cybersecurity Technologies as an adjunct professor, co-chairs Art into Science: A Conference on Defense, and advises many security startups. His specialties include leading innovation programs, intern programs, and a thriving startup culture to meet emerging cybersecurity needs. He often serves as a challenge function and change agent to drive unconventional thinking and alternative approaches to hard problems in security.

Threats & Vulnerabilities

Using the DIE Triad for Better Resiliency

with Sounil Yu

Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. IANS clients have inquired about the DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience. This session will provide guidance to:

  • Ensure you fully understand the concept and components, and whether your infrastructure supports it
  • Identify and adopt capabilities such as serverless functions, containers, cloud infrastructure and privacy technology
  • Find and adopt privacy-enhancing technologies that make data useful to the recipient without revealing too much to adversaries
  • Create more data cattle (multi-party computation, privacy-enhancing tools) and have fewer data pets (SSNs, financial details you would submit when going for a loan, things you don’t want publicly disclosed)
Bryson Bort

Bryson Bort

IANS Faculty

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, as well as Co-Founder of ICS Village, a nonprofit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute and DHS/CISA. Prior to that, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.

Security Operations

Embrace the Sysmon Approach to Logging

with Bryson Bort

Security teams are concerned that their logging techniques are outdated, such as the arduous practice of scouring Active Directory to find needles in haystacks. They seek guidance to identify more sophisticated tools they should use, and many of the answers lie in an approach based around Microsoft System Monitoring (Sysmon) and Elasticsearch (ELK stack) tools. This session will provide attendees with a path forward, including:

  • Better understanding what Sysmon is and how it works
  • Identifying/using the high-fidelity logging tools Sysmon offers
  • Advancements in ELK stack that allow for more effective log aggregation and visualization
  • Determining how best to apply these tools in your environment

12:55 PM - 1:40 PM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

1:40 PM - 2:00 PM Leadership

Ask Me Anything: Promoting Inclusivity through Management

with George Gerchow

Diversity has become a critical issue in infosec, and functional managers can promote inclusivity in how they engage with the team members they supervise. In this “Ask Me Anything” session, we’ll address your questions on tangible ways security managers can promote diversity in various forms, including identifying and addressing implicit bias and eliminating language that can exclude team members from conversations.

mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Leadership

Ask Me Anything: Managing Your Team Through an Incident

with Mike Rothman

The immediate aftermath of an incident puts a strain on teams, and managing the stress is critical in returning to a normal state as effectively as possible. In this “Ask Me Anything” session, we’ll address your questions on setting and adjusting work/life boundaries in the aftermath of an incident, identifying signs of excessive strain among team members and creating processes that position you to take care of your people.

dave-lewis

Dave Lewis

IANS Faculty

Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

Threats & Vulnerabilities

Ask Me Anything: The Future of Deepfakes/Disinformation

with Dave Lewis

Deepfakes and other kinds of disinformation continue to get more believable and harder to detect by both people and technology. In this “Ask Me Anything” session, we’ll address your questions on what deepfakes are, the likely threats they may pose to your business in the next couple of years and key ways to mitigate their impact.

2:05 PM - 2:50 PM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.

Bryson Bort

Bryson Bort

IANS Faculty

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, as well as Co-Founder of ICS Village, a nonprofit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute and DHS/CISA. Prior to that, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.

2:50 PM - 3:30 PM Threats & Vulnerabilities

Adversarial Emulation: Perfecting a Purple Team Holy Grail

with Bryson Bort

Security teams seek guidance to perfect the art of walking in the enemy’s shoes using the Purple Team Exercise Framework (an open-sourced purple team process), Cyber Threat Intelligence (CTI) research and CTI mapped to Adversary Behaviors/TTPs. This session will explore how to understand and more effectively use:

  • Attack infrastructure
  • Client/Blue Team planning techniques
  • Targeting systems
  • Purple Team exercise Flow
  • Tools that track the exercise and show value to upper management
Sounil Yu

Sounil Yu

IANS Faculty

Sounil Yu has over 30 years of hands-on experience creating, breaking and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, teaches Cybersecurity Technologies as an adjunct professor, co-chairs Art into Science: A Conference on Defense, and advises many security startups. His specialties include leading innovation programs, intern programs, and a thriving startup culture to meet emerging cybersecurity needs. He often serves as a challenge function and change agent to drive unconventional thinking and alternative approaches to hard problems in security.

GRC

Building an Information Security and Risk Roadmap

with Sounil Yu

The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their risks and create roadmaps to move their programs from current to enhanced states. Security teams that haven’t achieved this level seek guidance to get there. This session will explore how to:

  • Control the chaos, be more organized and pursue a strategic agenda
  • Prioritize needed changes
  • Market the enhancement roadmap to get it funded and supported at all levels
  • What not to include in a roadmap
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Security Operations

Optimizing a SOC via Automation and Visualization

with George Gerchow

Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them. This session will provide attendees with a path forward, including:

  • A look at the automation/visualization tools being used in the most advanced SOCs
  • Case studies from faculty on their own SOC challenges and successes when choosing and implementing tools
  • Common mistakes organizations make on the path to better SOC automation/visualization and how to avoid them

2021 New York Virtual Speakers

Bryson Bort

Bryson Bort

IANS Faculty

Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, as well as Co-Founder of ICS Village, a nonprofit advancing awareness of industrial control system security. He is a Senior Fellow for Cybersecurity and National Security at R Street and the National Security Institute and an Advisor to the Army Cyber Institute and DHS/CISA. Prior to that, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain.

Presentations
  • Embrace the Sysmon Approach to LoggingAgenda11:50 AM - 12:30 PM
  • Adversarial Emulation: Perfecting a Purple Team Holy GrailAgenda2:50 PM - 3:30 PM
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Presentations
  • Building a Better Security Champion ProgramAgenda10:20 AM - 11:00 AM
  • Ask Me Anything: Promoting Inclusivity through ManagementAgenda1:40 PM - 2:00 PM
  • Optimizing a SOC via Automation and VisualizationAgenda2:50 PM - 3:30 PM
peter-kuper

Peter Kuper

IANS Faculty

Peter is the Managing Director at ClearSky Security, an information security solutions firm that focuses on threat intelligence services. He also serves as the Managing Partner at HypAdvisor Consulting, LLC, an advisory firm for technology companies. He is also an Advisor to the Pacific Northwest National Lab. Formerly, as the Lead Software Analyst for Morgan Stanley, he published industry-leading investment reports and led over 18 public transactions. In total, Peter was a Wall Street analyst for 15 years, which offered him the opportunity to work top executives in both public and private companies. As a visible voice for the software industry, Kuper is an active speaker to many professional and government groups.

Presentations
  • Be a Startup: The Necessity to Embrace Innovation or FailAgenda9:00 AM - 9:30 AM
dave-lewis

Dave Lewis

IANS Faculty

Dave is a Global Advisory CISO for Duo Security, a Cisco subsidiary. He has almost two decades of industry expertise with extensive experience in IT operations and management. Dave is the Founder of the security news site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He is also the Director & Co-Founder of OpenCERT Canada, Canada’s first open national Computer Emergency Response Team. Dave has worked finance, healthcare, entertainment, manufacturing, and critical infrastructure verticals. He also has experience consulting for federal organizations working as a Security Consultant and defense contractor to the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

Presentations
  • Phishing and Ransomware: Defense and Recovery Tactics for 2021Agenda10:20 AM - 11:00 AM
  • Ask Me Anything: The Future of Deepfakes/DisinformationAgenda1:40 PM - 2:00 PM
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Presentations
  • Incident Response: Fixing What’s Wrong with Crisis ManagementAgenda10:20 AM - 11:00 AM
  • Making Sense of SASEAgenda11:50 AM - 12:30 PM
  • Ask Me Anything: Managing Your Team Through an IncidentAgenda1:40 PM - 2:00 PM
Sounil Yu

Sounil Yu

IANS Faculty

Sounil Yu has over 30 years of hands-on experience creating, breaking and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, teaches Cybersecurity Technologies as an adjunct professor, co-chairs Art into Science: A Conference on Defense, and advises many security startups. His specialties include leading innovation programs, intern programs, and a thriving startup culture to meet emerging cybersecurity needs. He often serves as a challenge function and change agent to drive unconventional thinking and alternative approaches to hard problems in security.

Presentations
  • Using the DIE Triad for Better ResiliencyAgenda11:50 AM - 12:30 PM
  • Building an Information Security and Risk RoadmapAgenda2:50 PM - 3:30 PM

Web Conference

Registrants will receive a logistics email with web conference meeting information one day prior to the event.

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 6 credits through our partnership with (ISC)2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process, then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum opens at 8:30, with the Keynote kicking off at 9:00am.

What's the registration deadline?
You can register for and IANS event up to the day of the event.

Onsite Questions

Are the presentations available for viewing after the Forum?

All IANS Faculty sessions presentation decks will be available after the Forum.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located on the lobby page under Resources.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please follow us on Twitter.

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers throughout the day. Please use the direct messaging feature with the platform to connect with and chat with colleagues

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for information security practitioners across all industries. Attendees include CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Interested in Forum Sponsorship? Learn More.

Check out IANS other upcoming events