Monday, March 23
10:00 AM - 11:00 AM
Jonathan Cogley CEO, Thycotic
•
What kinds of trusted insiders have access to privileged account credentials
What kinds of trusted insiders have access to privileged account credentials•How many breaches, both internal and external, are related to privileged credentials
How many breaches, both internal and external, are related to privileged credentials•How to protect privileged account credentials used on your network and in cloud services
How to protect privileged account credentials used on your network and in cloud services11:15 AM - 12:15 PM
Jerod Brennen CISSP, CTO & Principal Security Consultant, Jacadis
•Overview of the Penetration Testing Execution Standard (PTES)
Overview of the Penetration Testing Execution Standard (PTES)•Walkthrough of the penetration testing process, from pre-engagement interactions to reporting
Walkthrough of the penetration testing process, from pre-engagement interactions to reporting•Review of effective pen testing techniques
Review of effective pen testing techniques•Survey of pen testing tools, both open source and commercial
Survey of pen testing tools, both open source and commercial•Ideas for how to prepare a business case for pen testing to present to leadership
Ideas for how to prepare a business case for pen testing to present to leadership1:30 PM – 2:30 PM
Jay Jacobs, Security Data Scientist, Cybersecurity Research & Innovation, Verizon Enterprise Solutions
Bob Rudis, Security Data Scientist, Cybersecurity Research & Innovation, Verizon Enterprise Solutions
•Data Science is all about people, supported by technology
Data Science is all about people, supported by technology•Many lessons can be learned with the right mindset and freely available software
Many lessons can be learned with the right mindset and freely available software•Visualizing data can be quick and easy and provide a lot of insight
Visualizing data can be quick and easy and provide a lot of insight•Statistics can help avoid many common mistakes and missteps
Statistics can help avoid many common mistakes and missteps•The basic concepts of machine learning and how it will open up possibilities
The basic concepts of machine learning and how it will open up possibilities3:15 PM – 4:15 PM
Ben Rothke, CISSP, Information Security Manager, Wyndham Worldwide Corp.
•Overview of Barnaby Jack’s groundbreaking work
Overview of Barnaby Jack’s groundbreaking work•How medical device makers are often oblivious to infosec and privacy
How medical device makers are often oblivious to infosec and privacy•How we got to where we insecurely are
How we got to where we insecurely are•Real-world horror stories (including one manufacturer who thought they knew it all after an hour with an expert)
Real-world horror stories (including one manufacturer who thought they knew it all after an hour with an expert)•Why things will get worse before they get better
Why things will get worse before they get better•What it takes to make IMD secure and safe
What it takes to make IMD secure and safeTuesday, March 24
8:30 AM – 9:45 AM
G5 The Seven Secrets of Social Engineering CASE STUDY
Steve Hunt, CPP, CISSP, Principal Analyst, SecurityCurrent
•Keys to sneaking in to your own office
Keys to sneaking in to your own office•Techniques like pre-texts, social engineering, lock and alarm bypassing, targeted telephone calls, and even disguises
Techniques like pre-texts, social engineering, lock and alarm bypassing, targeted telephone calls, and even disguises•How measuring improvement reduces risk
How measuring improvement reduces risk•How to make physical security fun for the whole company
How to make physical security fun for the whole company10:00 AM – 11:00 AM
Jahan Moreh, Chief Security Architect, Michigan Group, Inc.
•The evolution of identity management and the latest trends
The evolution of identity management and the latest trends•Evaluate business demands and whether cloud-based identity management solutions are appropriate for specific use cases
Evaluate business demands and whether cloud-based identity management solutions are appropriate for specific use cases•Assess identity providers and their role in the overall identity management process
Assess identity providers and their role in the overall identity management process•Choose identity federation patterns that can help address specific use cases
Choose identity federation patterns that can help address specific use cases2:00 PM – 3:00 PM
Jennifer Minella, VP of Engineering and Consulting CISO, Carolina Advanced Digital, Inc.
•The Gates (Access control for people and data)
The Gates (Access control for people and data) oAccess rights and network segmentation
Access rights and network segmentation•The Lost and Found (Undocumented assets)
The Lost and Found (Undocumented assets) oFinding data stores, network devices, and switches
Finding data stores, network devices, and switches oKnowing your environment
Knowing your environment •The Kaizen (Upkeep of people and systems)
The Kaizen (Upkeep of people and systems) oPersonnel and resource limitations
Personnel and resource limitations oMaintenance and upkeep
Maintenance and upkeep3:30 PM – 4:30 PM
Ruperto MacQuhae, AM IT Program Manager, DHL Express
•What translates, and is effective, from IT audit to IT practitioners and vice versa
What translates, and is effective, from IT audit to IT practitioners and vice versa•Key elements that give you credibility as IT audit
Key elements that give you credibility as IT audit•Apply audit and assessment techniques to program management processes
Apply audit and assessment techniques to program management processes•Security considerations that regularly take a back seat
Security considerations that regularly take a back seat•Bridge the gap between IT security, IT audit and IT practitioners
Bridge the gap between IT security, IT audit and IT practitionersWednesday, March 25
9:45 AM – 10:45 AM
James Jardine, Principal Consultant, Secure Ideas
Kevin Johnson, CEO, Secure Ideas
•Explore how security testing and remediation can be done within any agile or fast iteration development process
Explore how security testing and remediation can be done within any agile or fast iteration development process•See real-life issues uncovered during pen tests
See real-life issues uncovered during pen tests•Learn solution sets to assess the security of applications
Learn solution sets to assess the security of applications•Understand how to better support rapid development and deployment
Understand how to better support rapid development and deployment11:00 AM – 12:00 PM
Philip Lieberman, President and CEO, Lieberman Software
•Zero-day vulnerabilities and implications
Zero-day vulnerabilities and implications•APTs and Pass-the-Hash: how do they work
APTs and Pass-the-Hash: how do they work•Architectural changes to minimize intrusion losses
Architectural changes to minimize intrusion losses•Removing passwords, keys, certificates from users via bastions/RemoteApp
Removing passwords, keys, certificates from users via bastions/RemoteApp•Automatic rotation of passwords and other cryptographic elements
Automatic rotation of passwords and other cryptographic elementsAPPLIED SECURITY
Top-notch training. Compelling speakers. Meaningful interactions.
Join the conversation using #InfoSecWorld
Contact Us
Registration/General Inquiries:
Customer Service
(508) 879-7999 ext. 501
Speaking Opportunities:
Katherine Teitler
Director of Content Development
[email protected] or (508) 532-3624
Exhibit Sales:
Vendors A-L
CJ Oliveri
Director of Sales, Conference Division
[email protected] or (508) 532-3609
Vendors M-Z
Howard Weinman
Director of Sales, Conference Division
[email protected] or (508) 532-3652
