2021 Boston Virtual
Information Security Forum

#IANSBoston #IANSEvents

Wednesday, June 16, 2021 | 9:00 AM - 3:30 PM ET
Web Conference, Boston, MA

The Boston Forum is designed for information security practitioners across all industries to dive deep on specific topics, share insights, and network with peers in a virtual environment. This one-day event incorporates breakouts with IANS Faculty, spotlight sessions on emerging technologies, and opportunities to network with your peers. Topics fall into five tracks:

  • Security Operations
  • Security Architecture
  • Threats and Vulnerabilities
  • Governance, Risk Management, and Compliance
  • Leadership and Career Development

IANS Forum content is geared toward the entire security function. Attendees include but are not limited to CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Let your colleagues know you're coming!

This event has ended.

Check out our other upcoming events!

View All Events
*Receive 1 CPE credit for every hour of attendance at our events.

Agenda

Summer Fowler

Summer Fowler

IANS Faculty

Summer Craze Fowler is an accomplished CSuite executive and cybersecurity expert with over 20 years of experience developing technical strategies and leading engineering teams to achieve aggressive technical goals while also in hyper-growth mode. Summer’s strong technical background is rooted in a business-minded approach supporting her proven ability to effectively disposition cyber security as one of many business risks. She is an experienced board governance professional through her work with both corporate and non-profit boards. Summer was named as one of the Top 25 Women in Cyber Security by The Software Report (2021).

Summer is the Chief Information Officer and Chief Information Security Officer for Argo AI, an artificial intelligence company focused on self-driving vehicle technology. In this role she develops and leads the strategy and execution of both the IT and cyber security teams. Summer also leads Facilities, Logistics, and Physical Security at Argo. She led the technical activities of the successful international acquisition of a 300+ person company in the EU. She is an expert in business continuity and cyber crisis management.

9:00 AM - 9:30 AM

Building Your Personal Board of Directors

with Summer Fowler

Organizations have been using a Board of Directors to govern and advise for hundreds of years starting with the Dutch East India Company early in the 17th century. We have not, however, seen this concept translate officially to individuals as they advance in their careers. This keynote will introduce the idea of your PERSONAL Board of Directors, the advantages of having one, the importance of fostering relationships with your directors, and provide some actionable advice on how to get started building your Board of Directors today.

9:35 AM - 10:20 AM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.

Aaron Turner

IANS Faculty

Aaron Turner is the Founder & CEO of Siriux Security, a SaaS posture management company which partners with IANS on M365 security consulting projects. He is also a member of the board and security advisor to HighSide and CTO of Integricell. Aaron is a long-serving member of the RSA Conference Program Committee, helping select educational content presented at the annual RSA Conference.

10:20 AM - 11:00 AM Security Architecture

Remedies for Your Azure AD Nightmares

with Aaron Turner

Security teams struggle to solve a raft of Azure AD nightmares: global admin account takeovers, SAML token phishing attacks, lateral movement and privilege escalation. Guidance in this session will include how to:

  • Move beyond Azure AD default settings to better protect themselves
  • Better understand Azure AD red team tools and techniques
  • Better understand Azure AD configuration drift and change detection
  • Incorporate separation of duties and “4 eyeballs principles” into their approach
jake-williams

Jake Williams

IANS Faculty

Jake is the Founder, President, and Principal Analyst of Rendition Infosec, an information security consultancy. He also sits on the Vulnerability Review Board at Peerlyst, a startup social networking platform exclusively for security professionals. Jake is a prolific speaker and instructor on a variety of information security topics such as reverse engineering malware, memory forensics, threat intelligence, and advanced exploit development.

Security Operations

Incident Response: Fixing What’s Wrong with Crisis Management

with Jake Williams

Security teams are getting better at the technical side of incident response, but crisis management is still a pain point. This session details how to quickly and efficiently manage a crisis when the crush is on. This session explores:

  • Tips to help first responders take charge, including the art of speaking in short sentences and keeping a journal
  • Case study: What we can learn from the SEAL team approach
  • How integrating OODA (observe, orient, decide and act) Loop principals across the culture results in a faster, more effective crisis response
  • How agreed-on values and beliefs guide decision-making when pressure is extreme
  • How leaders’ character, substance and style impact those around them
Sounil Yu

Sounil Yu

IANS Faculty

Sounil Yu has over 30 years of hands-on experience creating, breaking and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, teaches Cybersecurity Technologies as an adjunct professor, co-chairs Art into Science: A Conference on Defense, and advises many security startups. His specialties include leading innovation programs, intern programs, and a thriving startup culture to meet emerging cybersecurity needs. He often serves as a challenge function and change agent to drive unconventional thinking and alternative approaches to hard problems in security.

Threats & Vulnerabilities

Using the DIE Triad for Better Resiliency

with Sounil Yu

Security teams face increased attacks against their security architecture and seek a better approach to stay ahead of the bad guys. IANS clients have inquired about the DIE Triad (distributed, immutable, and ephemeral) model of adversarial resilience. This session will provide guidance to:

  • Ensure you fully understand the concept and components, and whether your infrastructure supports it
  • Identify and adopt capabilities such as serverless functions, containers, cloud infrastructure and privacy technology
  • Find and adopt privacy-enhancing technologies that make data useful to the recipient without revealing too much to adversaries
  • Create more data cattle (multi-party computation, privacy-enhancing tools) and have fewer data pets (SSNs, financial details you would submit when going for a loan, things you don’t want publicly disclosed)
11:05 AM - 11:50 AM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
wolfgang-goerlich

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

11:50 AM - 12:30 PM Security Architecture

Combining RBAC and ABAC for Tighter IAM

with Wolfgang Goerlich

Security teams have full directories of users who have been around for 10-20 years and sprawl has led to a patchwork of privileges that allow for excessive access. They seek guidance to reign in excess privileges and modernize access control by combining the best of role-based access control (RBAC) and attribute-based access control (ABAC). This session will help attendees better understand:

  • Best practices of world-class access control implementations
  • How to plan and execute on a role-engineering effort
  • Which tools will help them combine RBAC and ABAC
  • Strategies for reducing access without reducing productivity
Sounil Yu

Sounil Yu

IANS Faculty

Sounil Yu has over 30 years of hands-on experience creating, breaking and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, teaches Cybersecurity Technologies as an adjunct professor, co-chairs Art into Science: A Conference on Defense, and advises many security startups. His specialties include leading innovation programs, intern programs, and a thriving startup culture to meet emerging cybersecurity needs. He often serves as a challenge function and change agent to drive unconventional thinking and alternative approaches to hard problems in security.

GRC

Building an Information Security and Risk Roadmap

with Sounil Yu

The strongest security organizations move beyond merely reacting to incidents and fighting fires. They are self-aware, recognize their risks and create roadmaps to move their programs from current to enhanced states. Security teams that haven’t achieved this level seek guidance to get there. This session will explore how to:

  • Control the chaos, be more organized and pursue a strategic agenda
  • Prioritize needed changes
  • Market the enhancement roadmap to get it funded and supported at all levels
  • What not to include in a roadmap
jake-williams

Jake Williams

IANS Faculty

Jake is the Founder, President, and Principal Analyst of Rendition Infosec, an information security consultancy. He also sits on the Vulnerability Review Board at Peerlyst, a startup social networking platform exclusively for security professionals. Jake is a prolific speaker and instructor on a variety of information security topics such as reverse engineering malware, memory forensics, threat intelligence, and advanced exploit development.

Threats & Vulnerabilities

Phishing and Ransomware: Defense and Recovery Tactics for 2021

with Jake Williams

Ransomware and phishing attack methods continue to evolve, as do protection techniques. Security teams seek updates on what has changed this past year. This session will explore:

  • Case studies from the news: What victims did wrong and what they did right
  • Tools and techniques to use if an initial attack is successful
  • A look at how tactics differ for small teams vs. large teams
  • How to account for ransomware attacks -- including ransomware denial-of-service -- in your incident response plan
12:30 PM - 12:55 PM

Networking Lunch

12:55 PM - 1:40 PM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.
wolfgang-goerlich

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

1:40 PM - 2:00 PM Security Architecture

Ask Me Anything: Beyond Passwords: The Next Two Years

with Wolfgang Goerlich Wolf will take your questions on where the authentication market is headed when it comes to password alternatives.
jake-williams

Jake Williams

IANS Faculty

Jake is the Founder, President, and Principal Analyst of Rendition Infosec, an information security consultancy. He also sits on the Vulnerability Review Board at Peerlyst, a startup social networking platform exclusively for security professionals. Jake is a prolific speaker and instructor on a variety of information security topics such as reverse engineering malware, memory forensics, threat intelligence, and advanced exploit development.

Leadership

Ask Me Anything: Managing Your Team Through an Incident

with Jake Williams The immediate aftermath of an incident puts a strain on teams, and managing the stress is critical in returning to a normal state as effectively as possible. In this “Ask Me Anything” session, we’ll address your questions on setting and adjusting work/life boundaries in the aftermath of an incident, identifying signs of excessive strain among team members and creating processes that position you to take care of your people.

Aaron Turner

IANS Faculty

Aaron Turner is the Founder & CEO of Siriux Security, a SaaS posture management company which partners with IANS on M365 security consulting projects. He is also a member of the board and security advisor to HighSide and CTO of Integricell. Aaron is a long-serving member of the RSA Conference Program Committee, helping select educational content presented at the annual RSA Conference.

Threats & Vulnerabilities

Ask Me Anything: The Future of Deepfakes/Disinformation

with Aaron Turner Deepfakes and other kinds of disinformation continue to get more believable and harder to detect by both people and technology. In this “Ask Me Anything” session, we’ll address your questions on what deepfakes are, the likely threats they may pose to your business in the next couple of years and key ways to mitigate their impact.
2:05 PM - 2:50 PM

Sponsor Tabletops & Technology Spotlight Sessions

Visit the Live Sessions Page to join topic-specific Technology Spotlight Sessions.

Aaron Turner

IANS Faculty

Aaron Turner is the Founder & CEO of Siriux Security, a SaaS posture management company which partners with IANS on M365 security consulting projects. He is also a member of the board and security advisor to HighSide and CTO of Integricell. Aaron is a long-serving member of the RSA Conference Program Committee, helping select educational content presented at the annual RSA Conference.

2:50 PM - 3:30 PM Security Operations

Alternatives and Enhancements to SIEM

with Aaron Turner

Security teams are concerned that their incident/event management needs have grown beyond the scope and sophistication of mainstream SIEM tools. They seek a better understanding of alternative options or major enhancements available in the marketplace. This session will explore:

  • Important changes in the SIEM space, including advancements in how some vendors combine EDR and NDR
  • Alternative to SIEM (example: signing on with an MSSP)
  • Mindsets that must change (example: what you use to build an on-prem box will not scale, future of SIEM is a cloud-based analytics engine)
  • Improve efficiency and move faster using security analytics, NDR and EDR and better understand what the tools are
  • Identify and incorporate attack frameworks to keep an eye on every element of swirling chaos
wolfgang-goerlich

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Security Architecture

Zero Trust: Demonstrating Success

with Wolfgang Goerlich

With their Zero Trust implementation off the ground, security teams seek the best tools/techniques to measure and ensure that their implementations are functioning at optimum levels. This session will explore how to:

  • Develop the right KPIs to identify where they have achieved success
  • Make improvements where deficiencies are found
  • Develop a long-term roadmap that builds upon the foundation laid in year one
Sounil Yu

Sounil Yu

IANS Faculty

Sounil Yu has over 30 years of hands-on experience creating, breaking and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, teaches Cybersecurity Technologies as an adjunct professor, co-chairs Art into Science: A Conference on Defense, and advises many security startups. His specialties include leading innovation programs, intern programs, and a thriving startup culture to meet emerging cybersecurity needs. He often serves as a challenge function and change agent to drive unconventional thinking and alternative approaches to hard problems in security.

Security Architecture

Making Sense of SASE

with Sounil Yu

Security teams are trying to make sense of Secure Access Service Edge (SASE) – an emerging concept for network security in the cloud. They want to know what SASE is and why it matters, how the pieces fit together and what the current adoption rate looks like across industries. This session will address those questions and help attendees understand:

  • The broader implications for how SASE impacts different teams and technologies
  • Where Zero Trust, CASB and other solutions can help
  • How to build a roadmap to plan for the transition to SASE and measure success
3:30 PM - 4:00 PM

“Security Hot Topics” Networking Reception

After a day of topic-driven sessions, join your peers to discuss:

  • The day's news: We'll unwind from the day and have a free-flowing discussion about the security news making headlines this day.
  • How today went: What was your favorite faculty session? Your favorite tabletop or vendor spotlight? What could have been better?

2021 Boston Virtual Speakers

Summer Fowler

Summer Fowler

IANS Faculty

Summer Craze Fowler is an accomplished CSuite executive and cybersecurity expert with over 20 years of experience developing technical strategies and leading engineering teams to achieve aggressive technical goals while also in hyper-growth mode. Summer’s strong technical background is rooted in a business-minded approach supporting her proven ability to effectively disposition cyber security as one of many business risks. She is an experienced board governance professional through her work with both corporate and non-profit boards. Summer was named as one of the Top 25 Women in Cyber Security by The Software Report (2021).

Summer is the Chief Information Officer and Chief Information Security Officer for Argo AI, an artificial intelligence company focused on self-driving vehicle technology. In this role she develops and leads the strategy and execution of both the IT and cyber security teams. Summer also leads Facilities, Logistics, and Physical Security at Argo. She led the technical activities of the successful international acquisition of a 300+ person company in the EU. She is an expert in business continuity and cyber crisis management.

Presentations
  • Building Your Personal Board of DirectorsAgenda9:00 AM - 9:30 AM
wolfgang-goerlich

Wolfgang Goerlich

IANS Faculty

Wolf is an Advisory CISO of Duo Security, the leading provider of unified access security and multi-factor authentication delivered through the cloud. He has held senior management roles in IT and IT security in the financial services and healthcare verticals. In addition, Wolf has held senior leadership roles in consulting firms specializing in identity and access management, governance risk and compliance, and security programs. Wolf advises clients primarily in risk management, incident response, business continuity, and secure development.

Presentations
  • Combining RBAC and ABAC for Tighter IAMAgenda11:50 AM - 12:30 PM
  • Ask Me Anything: Beyond Passwords: The Next Two YearsAgenda1:40 PM - 2:00 PM
  • Zero Trust: Demonstrating SuccessAgenda2:50 PM - 3:30 PM

Aaron Turner

IANS Faculty

Aaron Turner is the Founder & CEO of Siriux Security, a SaaS posture management company which partners with IANS on M365 security consulting projects. He is also a member of the board and security advisor to HighSide and CTO of Integricell. Aaron is a long-serving member of the RSA Conference Program Committee, helping select educational content presented at the annual RSA Conference.

Presentations
  • Remedies for Your Azure AD NightmaresAgenda10:20 AM - 11:00 AM
  • Ask Me Anything: The Future of Deepfakes/DisinformationAgenda1:40 PM - 2:00 PM
  • Alternatives and Enhancements to SIEMAgenda2:50 PM - 3:30 PM
jake-williams

Jake Williams

IANS Faculty

Jake is the Founder, President, and Principal Analyst of Rendition Infosec, an information security consultancy. He also sits on the Vulnerability Review Board at Peerlyst, a startup social networking platform exclusively for security professionals. Jake is a prolific speaker and instructor on a variety of information security topics such as reverse engineering malware, memory forensics, threat intelligence, and advanced exploit development.

Presentations
  • Incident Response: Fixing What’s Wrong with Crisis ManagementAgenda10:20 AM - 11:00 AM
  • Phishing and Ransomware: Defense and Recovery Tactics for 2021Agenda11:50 AM - 12:30 PM
  • Ask Me Anything: Managing Your Team Through an IncidentAgenda1:40 PM - 2:00 PM
Sounil Yu

Sounil Yu

IANS Faculty

Sounil Yu has over 30 years of hands-on experience creating, breaking and fixing computer and network systems. He is the creator of the Cyber Defense Matrix and the DIE Resiliency Framework, teaches Cybersecurity Technologies as an adjunct professor, co-chairs Art into Science: A Conference on Defense, and advises many security startups. His specialties include leading innovation programs, intern programs, and a thriving startup culture to meet emerging cybersecurity needs. He often serves as a challenge function and change agent to drive unconventional thinking and alternative approaches to hard problems in security.

Presentations
  • Using the DIE Triad for Better ResiliencyAgenda10:20 AM - 11:00 AM
  • Building an Information Security and Risk RoadmapAgenda11:50 AM - 12:30 PM
  • Making Sense of SASEAgenda2:50 PM - 3:30 PM

Web Conference

Registrants will receive a logistics email with web conference meeting information one day prior to the event.

Registration Questions

Can I earn continuing education credits for attending the forum?

Attendees may earn up to 6 credits through our partnership with (ISC)2. Attendees will receive a Certificate of Completion one week after the forum concludes for any other certification needs. If you have provided IANS with your CISSP # during the registration process, then we will automatically submit to (ISC)2.

What is the registration fee?

The Forum is complimentary and open to active Information Security Professionals from private and public sector corporations and organizations.

What time does the Forum begin and end?

The Forum opens at 8:30, with the Keynote kicking off at 9:00am.

What's the registration deadline?
You can register for and IANS event up to the day of the event.

Onsite Questions

Are the presentations available for viewing after the Forum?

All IANS Faculty sessions presentation decks will be available after the Forum.

How can I promote my involvement with the event?

Please share your thoughts and excitement using our event hashtags found at the top of this page.

How can I submit my feedback on the Forum?

We encourage you to fill out our general survey located on the lobby page under Resources.

What can I expect when I attend an IANS event?

When attending an IANS Information Security Forum, you will have the opportunity to take part in technical and strategic Roundtable sessions that discuss the latest issues and trends found in the market. These Roundtable discussions are led by IANS Faculty who are also long-time information security practitioners. You will also have the chance to network with industry peers and learn about the newest technologies and services during any one of our Technology Spotlight sessions.

What is the best way to stay updated before and during the Forum?

For all updates please follow us on Twitter.

Will there be opportunities to network with peers and sponsors?

There will be chances to network with your peers throughout the day. Please use the direct messaging feature with the platform to connect with and chat with colleagues

General Information

Cancellations

IANS requests that cancellations please be submitted two weeks prior to a Forum. Reserved seats are limited.

Terms and Conditions

This Forum is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Forum to any entity or individual. Attendance to the Forum is complimentary and open to active information security professionals from private and public-sector corporations and organizations.

Individuals from information security solution providers (software, hardware, and consulting companies) are not eligible to attend unless affiliated with a sponsoring organization.

IANS reserves the right to share attendee contact information with event sponsors and other attendees. IANS will provide on-site opt-out forms that enable you to remove your contact information from being shared as described herein. No contact information will be shared prior to the event.

IANS Code of Conduct

IANS is committed to providing a harassment-free conference experience for all attendees, sponsors, speakers and staff regardless of gender, sexual orientation, disability, physical appearance, national origin, ethnicity, political affliction or religion.

IANS expects all participants to behave in a professional manner. IANS will not condone any form of sexual language and imagery, verbal threats or demands, offensive comments, intimidation, stalking, sustained disruption of session or events, inappropriate physical contract, and unwelcomed sexual attention.

If any form of written, social media, verbal, or physical harassment is reported, participant will be asked to stop and expected to comply immediately. Offender will be subject to expulsion from the conference.

If you are being harassed or notice someone being harassed, please contact the event staff. In the event of an emergency situation, please contact local authorities immediately.

We expect participants to follow these rules at all event venues and event-related social activities.

Attendee Contact

ians@iansresearch.com

Who Should Attend?

IANS Forum content is designed for information security practitioners across all industries. Attendees include CISOs, VPs and Managing Directors of Information Security, Information Security Architects, and Information Security Engineers.

Interested in Forum Sponsorship? Learn More.

Check out IANS other upcoming events