2021 Dallas/Houston Virtual
Information Security Forum

#IANSDallas #IANSHouston #IANSEvents

Wednesday, May 26, 2021 | 9:00 AM - 3:30 PM CT
Web Conference, Dallas and Houston Metro Areas

The Dallas/Houston Forum is designed for information security practitioners across all industries to dive deep on specific topics, share insights, and network with peers in a virtual environment. This one-day event incorporates breakouts with IANS Faculty, spotlight sessions on emerging technologies, and opportunities to network with your peers. Topics fall into five tracks:

  • Security Operations
  • Security Architecture
  • Threats and Vulnerabilities
  • Governance, Risk Management, and Compliance
  • Leadership and Career Development

IANS Forum content is geared toward the entire security function. Attendees include but are not limited to CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Let your colleagues know you're coming!

This event has ended.

Check out our other upcoming events!

View All Events
*Receive 1 CPE credit for every hour of attendance at our events.

Agenda

Ed-Skoudis

Ed Skoudis

SANS Instructor and Fellow Founder, Counter Hack

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 20,000 cybersecurity professionals. He is a SANS Faculty Fellow and Instructor. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology. He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies. Ed earned an M.S. in Information Networking from Carnegie Mellon University, and his B.S. in Electrical Engineering from the University of Michigan, summa cum laude.

9:00 AM - 9:30 AM

From Cybersecurity Practitioner Up to The Board – Gaining Security Alignment Throughout an Organization

with Ed Skoudis

Given the rapidly escalating intensity of ransomware, breaches, and other major cyber attacks, Boards of Directors in many organizations are taking a far more active role in cybersecurity. Cybersecurity practitioners can be vastly more successful if they communicate effectively with their Boards and senior leadership about how they are prepared to defend against real-world attacks. In this lively session, Ed Skoudis will share specifics about:

  • What Boards of Directors are asking their organizations about cybersecurity.
  • Strategies and techniques for ensuring that an organization’s cybersecurity practices are in alignment across all levels, from Board to CISO to day-to-day security practitioner.
  • Common cybersecurity myths at the Board level and how to counter them with a fresh dose of reality from trenches.
  • Techniques and tips security practitioners can use to explain their work effectively to Boards and other senior leaders.
9:35 AM - 10:20 AM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
Tanya Janca

Tanya Janca

IANS Faculty

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

10:20 AM - 11:00 AM Security Architecture

Building a Better Security Champion Program

with Tanya Janca

Small security teams lack the staff and tools to communicate and enforce application security best practices across the organization. Security champion programs open lines of communication between security and the rest of the organization, leading to better support, accelerated alert cycles and stronger business/security alignment. This session will provide the necessary guidance to:

  • Properly identify and recruit champions from each developer, IT and operations team
  • Train champions to find and communicate problems quickly and accurately
  • Delegate some of the meatier security work to the champions
  • Identify, obtain and deploy metrics/KPIs to track the program’s effectiveness
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Security Operations

Incident Response: Fixing What’s Wrong with Crisis Management

with Mike Rothman

Security teams are getting better at the technical side of incident response, but crisis management is still a pain point. This session details how to quickly and efficiently manage a crisis when the crush is on. This session explores:

  • Tips to help first responders take charge, including the art of speaking in short sentences and keeping a journal
  • Case study: What we can learn from the SEAL team approach
  • How integrating OODA (observe, orient, decide and act) Loop principals across the culture results in a faster, more effective crisis response
  • How agreed-on values and beliefs guide decision-making when pressure is extreme
  • How leaders’ character, substance and style impact those around them
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Threats & Vulnerabilities

Phishing and Ransomware: Defense and Recovery Tactics for 2021

with Dave Shackleford

Ransomware and phishing attack methods continue to evolve, as do protection techniques. Security teams seek updates on what has changed this past year. This session will explore:

  • Case studies from the news: What victims did wrong and what they did right
  • Tools and techniques to use if an initial attack is successful
  • A look at how tactics differ for small teams vs. large teams
  • How to account for ransomware attacks -- including ransomware denial-of-service -- in your incident response plan
11:05 AM - 11:50 AM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

11:50 AM - 12:30 PM Security Architecture

Navigate the Multi-Cloud with Fewer Bumps

with George Gerchow

Security teams say it’s difficult to use alert/response techniques and policy controls consistently across multiple cloud environments and seek guidance to adapt their approach to cover the differences from one cloud to the next. This session will explore how to:

  • Focus on process rather than tools -- how they want to do this as opposed to what they should buy
  • Build a consistent monitoring capability across clouds
  • Develop key management and encryption approaches that will be better suited for multi-cloud
  • Apply consistent policy and controls
  • Apply one identity system across clouds
Tanya Janca

Tanya Janca

IANS Faculty

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Threats & Vulnerabilities

Building a Smart Bug Bounty Program

with Tanya Janca

Both small and large security teams need to ensure their bug bounty programs strike the right balance between what’s managed in-house and what’s outsourced. This session will provide a checklist of questions to keep vendors accountable, including:

  • How to tell if vendors are taking sufficient measures to combat white noise
  • How to handle the influx of commodity vulnerabilities vs. real-deal flaws
  • Whether or not certain bug bounty vendors do background checks on the researchers they use
  • How to handle the people/politics of managing bug bounty programs
  • Which elements of a bug bounty program belong in-house and which belong with the vendor
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

GRC

How to Automate Assessment/Enforcement in the Cloud

with Dave Shackleford

Manually conducting compliance assessment and enforcement procedures in the cloud is time consuming, inaccurate, painful and expensive for security teams, leading to missed problems that often lead to security incidents. This session will provide strategies for automation of these tasks and tools to do it with. Specifically, we'll address:

  • How to ID where things can be automated.
  • Strategies for automation that take advantage of cloud-based tools that are freely available.
  • When to stick with manual procedures and alerts.
12:30 PM - 12:55 PM

Networking Lunch

12:55 PM - 1:40 PM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

1:40 PM - 2:00 PM Leadership

Ask Me Anything: Promoting Inclusivity through Management

with George Gerchow Diversity has become a critical issue in infosec, and functional managers can promote inclusivity in how they engage with the team members they supervise. In this “Ask Me Anything” session, we’ll address your questions on tangible ways security managers can promote diversity in various forms, including identifying and addressing implicit bias and eliminating language that can exclude team members from conversations.
Tanya Janca

Tanya Janca

IANS Faculty

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Security Architecture

Ask Me Anything: The Future of Supply Chain Security

with Tanya Janca The SolarWinds attack illustrated how vulnerable our software supply chains are, and we can expect more such attacks in the future. In this “Ask Me Anything,” session, we’ll answer your questions about how supply chain threats will evolve – and how to prepare.
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Leadership

Ask Me Anything: Managing Your Team Through an Incident

with Mike Rothman The immediate aftermath of an incident puts a strain on teams, and managing the stress is critical in returning to a normal state as effectively as possible. In this “Ask Me Anything” session, we’ll address your questions on setting and adjusting work/life boundaries in the aftermath of an incident, identifying signs of excessive strain among team members and creating processes that position you to take care of your people.
2:05 PM - 2:50 PM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

2:50 PM - 3:30 PM Security Operations

Optimizing a SOC via Automation and Visualization

with George Gerchow

Security teams that have shifted their SOCs to the cloud seek guidance on how to choose and implement the automation/visualization tools now available to them. This session will provide attendees with a path forward, including:

  • A look at the automation/visualization tools being used in the most advanced SOCs
  • Case studies from faculty on their own SOC challenges and successes when choosing and implementing tools
  • Common mistakes organizations make on the path to better SOC automation/visualization and how to avoid them
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

GRC

Bringing Business Units and Third Parties into Your Risk Management Orbit

with Mike Rothman

Legal, human resources and privacy teams tend to be risk averse while the business side is usually pro-risk, leaving infosec stuck in the middle and often blamed for workflow hold-ups. Security teams need to master the mediator role and ensure accountability is spread out among teams. This session will explore how to:

  • Manage internal and external risks under one team
  • Better understand how other organizations quantify vulnerability risk
  • Adopt a per-application view of vulnerability management and bundling it into an application risk rating with an umbrella perspective
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Security Architecture

Email and File Security: Advanced Tools and Techniques

with Dave Shackleford

Employees and contractors still end up with advanced file access permissions when they shouldn’t. Security teams need to know what they’re doing wrong in file and email security and what tools/techniques can help them fix this problem. This session explores:

  • How to reduce your attack surface more effectively
  • How to marry security objectives with compliance/business objectives when setting file access perimeters
  • Key considerations for cloud and mobile
3:30 PM - 4:00 PM

“Security Hot Topics” Networking Reception

After a day of topic-driven sessions, join your peers to discuss:

  • The day's news: We'll unwind from the day and have a free-flowing discussion about the security news making headlines this day.
  • How today went: What was your favorite faculty session? Your favorite tabletop or vendor spotlight? What could have been better?

2021 Dallas/Houston Virtual Speakers

george-gerchow

George Gerchow

IANS Faculty

George is Chief Security Officer at Sumo Logic, a secure, cloud-native, machine data analytics service provider. George has extensive experience in board and executive communications serving as a Board Member for ANTIVIUM, Inc., a cloud monitoring and analytic startup, and VENZA, a data protection company. Likewise, George is an Adjunct Faculty member at University of Denver and Cloud Academy, in addition to a Participant in the US Technical Advisory Group: Privacy by Design, which aims to define an international standard for consumer protection as part of ISO Project Committee 317.

Presentations
  • Navigate the Multi-Cloud with Fewer BumpsAgenda11:50 AM - 12:30 PM
  • Ask Me Anything: Promoting Inclusivity through ManagementAgenda1:40 PM - 2:00 PM
  • Optimizing a SOC via Automation and VisualizationAgenda2:50 PM - 3:30 PM
Tanya Janca

Tanya Janca

IANS Faculty

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Presentations
  • Building a Better Security Champion ProgramAgenda10:20 AM - 11:00 AM
  • Building a Smart Bug Bounty ProgramAgenda11:50 AM - 12:30 PM
  • Ask Me Anything: The Future of Supply Chain SecurityAgenda1:40 PM - 2:00 PM
mike-rothman

Mike Rothman

IANS Faculty

Mike is the President of Securosis, an information security research and advisory firm, as well as Co-Founder and President of DisruptOps, a cloud detection and response company. His breadth of experience in the information security space and bold perspectives are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike started practicing and advising on security topics over 25 years ago, and he’s been trying to get out of the business ever since…to no avail.

Presentations
  • Incident Response: Fixing What’s Wrong with Crisis ManagementAgenda10:20 AM - 11:00 AM
  • Ask Me Anything: Managing Your Team Through an IncidentAgenda1:40 PM - 2:00 PM
  • Bringing Business Units and Third Parties into Your Risk Management OrbitAgenda2:50 PM - 3:30 PM
dave-shackleford

Dave Shackleford

IANS Faculty

Dave is the Founder and Principal Consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a Senior Instructor, Analyst, and Course Author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as Co-Chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture, and engineering. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Presentations
  • Phishing and Ransomware: Defense and Recovery Tactics for 2021Agenda10:20 AM - 11:00 AM
  • How to Automate Assessment/Enforcement in the CloudAgenda11:50 AM - 12:30 PM
  • Email and File Security: Advanced Tools and TechniquesAgenda2:50 PM - 3:30 PM
Ed-Skoudis

Ed Skoudis

SANS Instructor and Fellow Founder, Counter Hack

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 20,000 cybersecurity professionals. He is a SANS Faculty Fellow and Instructor. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.

Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology. He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies. Ed earned an M.S. in Information Networking from Carnegie Mellon University, and his B.S. in Electrical Engineering from the University of Michigan, summa cum laude.

Presentations
  • From Cybersecurity Practitioner Up to The Board – Gaining Security Alignment Throughout an OrganizationAgenda9:00 AM - 9:30 AM

Web Conference

Registrants will receive a logistics email with web conference meeting information one day prior to the event.

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 6 credits through our partnership with (ISC)2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process, then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum opens at 8:30, with the Keynote kicking off at 9:00am.

What's the registration deadline?
You can register for and IANS event up to the day of the event.

Onsite Questions

Are the presentations available for viewing after the Forum?

All IANS Faculty sessions presentation decks will be available after the Forum.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located on the lobby page under Resources.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please follow us on Twitter.

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers throughout the day. Please use the direct messaging feature with the platform to connect with and chat with colleagues

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Attendee Contact

ians@iansresearch.com

Check out IANS other upcoming events