The Newest Element of Risk Metrics: Social Media

In order to identify, measure and track the risk exposure that different elements of social media have on an organization, organizations require a threat metric framework to evaluate a network’s current risk posture. Learn how to take an ocean of data and distill it to the most critical risk indicators.

Speakers

Ian Amit ( @iiamit ) 

Amit, Vice President at ZeroFox, has over a decade of experience in hands-on and strategic roles, working across a diversity of security fields: business, industry, marketing, technical and research. At ZeroFOX, Amit leads the company’s customer solutions offerings and strategy, and runs ZeroFOX’s New York offices. Previously, Amit served as Director of Services at IOActive. His career also includes time at Security-Art, Aladdin, Finjan and Datavantage, as well as speaking at conferences such as BlackHat, DefCon and InfoSecurity. He founded the Tel-Aviv DefCon chapter (DC9723) and also was a founding member of the Penetration Testing Execution Standard (PTES).

Detailed Presentation:

Building an Effective Supply Chain Security Program

We’ve realized that the supply chain in most organizations is a potential weak spot for security controls and awareness. The time has come to shore up our approaches to supply chain management, incorporating security best practices at all stages. This talk will break down exactly how to get started, what to look for, and how to better secure your supply chain across the board.

Speakers

Dave Shackleford ( @daveshackleford ) 

Dave Shackleford is Lead Faculty at IANS, Owner and Principal Consultant at Voodoo Security and a SANS Senior Instructor and Course Author. He has consulted with hundreds of organizations in the areas of security, compliance and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He previously worked as CTO at IANS, CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies. Shackleford is the author of Virtualization Security: Protecting Virtualized Environments, currently serves on the Board of Directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.

Detailed Presentation:

Bridging the Gap Between Threat Intelligence and Risk Management

Here's an overview of the presentation: Bridging Risk & IR in Verizon's DBIR; Building Understanding; Finding Common Ground; Bridging the Gap; Crossing the Divide

Speakers

Wade Baker ( @wadebaker )

Detailed Presentation:

Integrating Cybersecurity into Supply Chain Risk Management

Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This session will present case study research from NIST on cutting-edge practices and tools that today’s industry leaders in supply chain risk management are deploying to secure their supply chains from end to end.

Speakers

Jon Boyens 

Jon Boyens is a Senior Advisor for Information Security in the Information Technology Laboratory, within the Department of Commerce’s National Institute of Standards and Technology (NIST). He leads NIST’s Cyber Supply Chain Risk Management Program and works on various policy and technical projects. Boyens helps develop and coordinate the department's cybersecurity policy among the department’s bureaus. He represents the department in the administration’s interagency cybersecurity policy process. Boyens has worked on various White House–led initiatives, including those on trusted identities, botnets, supply chain and, most recently, the Cybersecurity Executive Order and related work on Cybersecurity Incentives, Government Acquisition Policy and the Cybersecurity Framework and Roadmap. 

Detailed Presentation:

Are You Thinking about IT Outsourcing? Top Reasons, Risks and Rewards

There is more to outsourcing than just the bottom line and running lean. Any organization embarking on this journey needs to (1) clearly identify and articulate the compelling narrative for steering in this direction, (2) have risk transparency on associated risks when someone else is running your critical part of the business and (3) enumerate the benefits expected to be reaped.

Speakers

Lakshmi Hanspal ( @lakshmihanspal )

Lakshmi Hanspal is a Leader of Information Security and Risk Management with PayPal. She is a persuasive champion of information security, providing transformational leadership with emphasis on payment security, risk and privacy management. Prior to joining PayPal, Hanspal was SVP with Bank of America, and held leadership roles across Strategy and Architecture. Her career spans across 20+ years in Information Security and risk management, with 16+ years in the financial and payment space. Hanspal is a post graduate of Boston University with a master’s in computer science. She is actively sought after advisor for Silicon Valley startups and currently serves in the Advisory Board for Cipher Cloud. She lives in the Bay Area with her family and is an active volunteer with the community.

Detailed Presentation:

Adjusting Your Security Controls: It’s the New Normal

Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.

Speakers

Jim Routh ( @jmrouth1 )

Jim Routh is the Chief Information Security Officer and leads the Global Information Security function for Aetna. He is the Chairman of the National Health ISAC and a Board Member of the FS-ISAC. He was formerly the Global Head of Application & Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express and has over 30 years of experience in information technology and information security as a practitioner. He is the Information Security Executive of the Year winner for the Northeast in 2009 and the Information Security Executive of the Year in 2014 in North America for Healthcare. He has published several white papers including the FS-ISAC 3rd Party Software Security Controls paper and leads several cross functional information security working groups.

Detailed Presentation:

Vendor Security Practices: Turn the Rocks Over Early and Often

Too often security is reviewed at the end of the vendor selection process. It ends up blocking projects moving forward as you identify issues with already selected vendors. Reverse the process with security considered early and business teams can avoid investing precious time on unsuitable vendor candidates and get rankings for suitable ones. This session will show you how using real examples.

Speakers

Martin Andrews; Michael Hammer ( @MichaelHammer ) 

Director of Web Operations, American Greetings

Martin Andrews has spent over 20 years managing computer environments and negotiating with wily vendors. When not dealing with vendors he prefers promoting collaboration and application performance management. Andrews currently leads the web operations team at American Greetings, where he ensures the reliability of sites that create happiness, laughter and love.

Michael Hammer ( @MichaelHammer ) 

Web Operations Security, AG Interactive/American Greetings 

Mike Hammer has been with AG for 16 years and is responsible for overall security, email operations, anti-phishing/fraud and compliance such as PCI-DSS at AG Interactive, the online division of American Greetings. Hammer is responsible for AGI-CSIRT and managing incident response for AGI. His 25+ years of online experience includes stints at the American Marketing Association and Advanstar Communications. While at AMA he helped develop their Code of Ethics for Online Marketers. He is a longtime participant in IETF working groups developing mail authentication standards such as SPF, DKIM and ADSP. He represents American Greetings at DMARC.org, is Co-Chair of the Brand SIG at the Messaging Anti-Abuse Working Group and was 2012 Member of the Year of the Online Trust Alliance.

Detailed Presentation:

From Cave Man to Business Man, the Evolution of the CISO to CIRO

The CISO is evolving to CIRO. Successful IT security leaders are transforming their skills to meet the demands for today and future needs of their organization. A CIRO understands how to prepare board presentations, information risk management, third-party risk and regulatory requirements, and how to balance those with the needs of the business. Earn your seat at the table by becoming a CIRO!

Speakers

James Christiansen ( @Riskydata ) 

VP, Third Party Risk Programs, Optiv

James Christiansen is a seasoned business leader with deep technical expertise and is recognized as a global thought leader. As the VP, Third Party Risk Programs for Optiv, he is responsible for developing and delivering a comprehensive suite of strategic services and solutions to help CISO’s and IT executives change their security strategies through innovation. Prior to joining Optiv, Christiansen was Chief Information Risk Officer for Evantix and CSO for Experian Americas. He joined Experian after serving as CISO for General Motors where his responsibilities included worldwide implementation of security plan for the largest financial (GMAC) and the largest manufacturing corporation in the world. He also served as SVP and Division Head of Information Security for Visa International.

Detailed Presentation:

The Measure of Success: Security Metrics to Tell Your Story

Information Security as a problem is rather complex and it gets more difficult in terms of quantification. This presentation helps us with some metrics that will help us make security more understandable.

Speakers

Julie Bernard ( @juliein10A ); Wendy Frank; Lisa Lee ( @lisainmiami )

Detailed Presentation:

Partnership with a CFO: On the Front Line of Cybersecurity

'Many CFO's know that they need to spend more on cyber risk management', many such facts can help us understand the cyber security industry today. Communicating properly to the CFO can solve many pain points and this presentation helps us do so. Learn about Drivers, Compelling Arguments and more.

Speakers

Dr. Christopher Pierson ( @DrChrisPierson ); Terry Ragsdale

Detailed Presentation:

Security Program Development for the Hipster Company

Cloud services have evolved and can now replace nearly every facet of traditional infrastructure. This movement has enabled rapid scale while introducing a considerable element of risk. This session will discuss a framework for getting started building a security program in an organization that is built purely on cloud services, covering the contradictions and opportunities of that business model.

Speakers

Robert Wood ( @robertwood50 )

CISO, Nuna Health, Inc.

Robert Wood runs the security team at Nuna Health. Coming originally from a consulting background, Wood has experience with threat modeling, red teaming, incident response, static analysis and penetration testing, having been engaged in these capacities across many industries and business types. His background, coupled with a keen interest in cloud security, has enabled Wood to build and execute a strategy and a team at Nuna Health that is aimed at protecting and managing the risk around it’s core assets. Prior to joining Nuna Health, Wood was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with strategic clients across the United States in an advisory capacity.

Detailed Presentation:

How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience

This presentation gives you an understanding of the present security industry with key insights and also a roadmap to move ahead, threat landscape etc.

Speakers

Jan Nys ( @Jankbc777 )

Detailed Presentation:

Super CISO 2020: How to Keep Your Job

This presentation gives some great insights on the present 2016 security scenario. Find content like security leadership in leading organizations, the C-Level stakeholders CISO needs to balance with, the workforce today, behavioral trends & more.

Speakers

Todd Fitzgerald ( @securityfitz )

Detailed Presentation: 

Data Science Transforming Security Operations

Data science brings a huge promise to IT security and accordingly to the sprouting of DS teams across all enterprises, and numerous vendors. Indeed DS has the potential to transform the way security is done—yet, the secret sauce is how to do it in a way that actually provides clear value, embedded into the security workflow, and leverages the human knowledge in combined with the data.

Speakers

Alon Kaufman 

Dr. Alon Kaufman is currently RSA's Director of Data Science and Innovation globally, leading data science for RSA across the full portfolio. Prior to this role, within RSA, he was Head of Research for the fraud risk analytics products. Prior to joining RSA, Kaufman held several managerial and research positions in Israeli hi-tech companies, dealing with various aspects of data mining and data science. All in all, he has over 20 years of experience in technology and innovation management. He holds a Ph.D. in computational neuroscience and machine learning from the Hebrew University and an MBA from the Tel Aviv University. He teaches data science courses in Israeli universities, and is a public speaker on Big Data and data science, cybercrime, security and innovation.

Detailed Presentation:

Cloud Breach – Preparation and Response

Your next breach or insider attack will most likely have you digging for evidence in the cloud. Are you prepared? The old styles of imaging disks and tapping networks won't work! It won’t scale! This session will discuss response scenarios for cloud-enabled and cloud-dependent enterprises, a model for preparing for cloud response, and will show examples of cloud breach investigations.

Speakers

Monzy Merza ( @monzymerza )

Monzy Merza serves as the Chief Security Evangelist at Splunk, Inc. He has over 15 years of tactical and cybersecurity research experience in government and commercial organizations. His experience has included vulnerability management, security product testing, penetration testing, adversary modeling, cybertools and infrastructure development. He has also served as content developer and instructor for cyber-trainings and red/blue team exercises. Merza has been an invited speaker at government and open conferences. Merza’s current research is focused on integrated approaches to human driven and automated responses to targeted cyberattacks.

Detailed Presentation:

Make IR Effective with Risk Evaluation and Reporting

Today, determining risk of a cyberattack is the generic vulnerability or malware rating ignoring aspects of how the business is impacted. Understanding the vulnerability state of the network, reputational risk, business loss, cost of IR and reconstitution cost are rarely understood. This presentation will show a data-driven approach to IR prioritizing response based on risk and business impact.

Speakers

Justin Monti; Mischel Kwon ( @MKAsays )

Justin Monti is Sr. VP, Security Engineering at MKACyber focusing on managing technical security services including security architecture, remote monitoring and security program consulting. He assists MKACyber clients in applying technology to successfully execute holistic security programs, protecting the organization’s mission and draws on over 15 years of IT and InfoSec experience in the private and public sector. Prior to MKACyber, he served in numerous capacities at NetWitness as it grew from a small startup to acquisition by EMC in 2011. Prior to NetWitness, Monti supported government financial management systems as a system architect and information system security officer (ISSO). Monti holds a bachelor’s in computer science and business economics from Brown University.

Mischel Kwon is a recognized IT security leader with 32 years of experience in technical security operations, incident response and information assurance as well as building and managing organizational and national level SOC, CERT and IR Teams. Kwon currently serves as the President and CEO of MKACyber, a security consulting firm specializing in Technical Defensive Security, Security Operations and Information Assurance. Kwon has held senior roles in the U.S. Government, including Director of US-CERT where she coordinated national-level IR activities and at the U.S. Department of Justice where she established and managed the Justice Security Operations Center (JSOC). Kwon holds an M.S. degree in computer science and a graduate certificate in Computer Security and Information Assurance.

Detailed Presentation:

The Rise of the Purple Team

As attacker tactics, techniques and procedures evolve, so must the defenses and strategy used to defend against them. Traditional red teaming presents an opportunity to find gaps in security, but leaves more valuable information unabsorbed. Results and methodologies used in red team assessments can drive protections in place use by blue teams and a larger program and vice versa.

Speakers

Robert Wood ( @robertwood50 ); William Bengtson ( @waggie2009 ) 

Robert Wood runs the security team at Nuna Health. Coming originally from a consulting background, Wood has experience with threat modeling, red teaming, incident response, static analysis and penetration testing, having been engaged in these capacities across many industries and business types. His background, coupled with a keen interest in cloud security, has enabled Wood to build and execute a strategy and a team at Nuna Health that is aimed at protecting and managing the risk around it’s core assets. Prior to joining Nuna Health, Wood was a Principal Consultant at Cigital where he founded and led the red team assessment practice and worked with strategic clients across the United States in an advisory capacity.

William Bengtson is an information security professional with over eight years of experience in a variety of roles including red teaming, network security, architecture risk analysis lead, software security, exploit development, security architect lead, application developer and certification lead. Bengtson comes to Nuna as the Senior Security Program Manager from Lockheed Martin as a Core Cyber Security Lead, Cigital as a Senior Security Consultant, and Raytheon as a Cyber-Professional having studied anti-tamper, reverse engineering and exploit development (on both standard and non-standard systems). Bengtson has worked in numerous industries providing support and expertise creating a proactive stance on security within the industries.

Detailed Presentation:

The Incident Response Playbook for Android and iOS

What is your mobile device incident response plan? If you cannot answer that question, you should attend this session. The session will cover the challenges in mobile, how and why it is different from traditional incident response, and the building blocks you can use to craft your own mobile incident response plan.

Speakers

Andrew Hoog ( @ahoog42 ) 

Andrew Hoog is a top industry mobile forensics and security expert, computer scientist and is the CEO and Co-founder of NowSecure, a leading mobile security company. He found his passion in exploring mobile security; be it conducting original research that debunks common security assumptions, providing mobile security solutions or creating smarter technology to ensure your private information remains private and not exposed to unnecessary risks. Hoog has one issued and two pending patents in the areas of forensics and data recovery, is the author of two books on mobile forensics and security, has presented on forensics and mobile security at conferences such as RSAC, Cisco’s CIO Summit and OWASP AppSec USA, and is an expert witness.

Detailed Presentation:

Cloud Breach – Preparation and Response

Your next breach or insider attack will most likely have you digging for evidence in the cloud. Are you prepared? The old styles of imaging disks and tapping networks won't work! It won’t scale! This session will discuss response scenarios for cloud-enabled and cloud-dependent enterprises, a model for preparing for cloud response, and will show examples of cloud breach investigations.

Speakers

Monzy Merza ( @monzymerza )

Monzy Merza serves as the Chief Security Evangelist at Splunk, Inc. He has over 15 years of tactical and cybersecurity research experience in government and commercial organizations. His experience has included vulnerability management, security product testing, penetration testing, adversary modeling, cybertools and infrastructure development. He has also served as content developer and instructor for cyber-trainings and red/blue team exercises. Merza has been an invited speaker at government and open conferences. Merza’s current research is focused on integrated approaches to human driven and automated responses to targeted cyberattacks.

Detailed Presentation:

Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware

This session will cover two key trends in mobile malware observed over the past 12 months and explore the evolution in fraud-linked mobile malware where criminals are developing credential theft tools that attempt to duplicate the successes of Windows malware in modifying victim interactions with targeted services. Also a look at mobile ransomware variants becoming more numerous and damaging.

Speakers

John Miller 

John Miller leads iSIGHT Partners’ ThreatScape Cyber Crime product, which provides actionable intelligence on financially motivated cyberthreat activity. In this role, Miller directs analysis on topics such as credential theft malware, payment card abuse, ransomware, money laundering and mobile device threats; this analytical work draws from the expertise of iSIGHT Partners’ globally-distributed researcher network. Prior to managing this product, Miller worked in threat intelligence analyst roles focused on multiple others issues, such as distributed denial-of-service (DDoS) threats and South America-based malicious activity.

Detailed Presentation: