Day 1

  • 7:00am - 3:00pm16 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am16 Executive Advisory Board Breakfast: (VIP / INVITE ONLY)

    Executive Advisory Board Breakfast: VIP / INVITE ONLY

    Room: Lookout
    3
    James Beeson
  • 8:00am - 9:30am16 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    Room: 203A
    2
    Dan Lohrmann
  • 8:00am - 9:30am16 SecureWorld Plus: Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This 3-part course focuses on the essential requirements, design, implementation, operations, testing and management of a corporate cybersecurity program. The program is based on the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”), which was issued on February 12, 2014, as directed by President Obama in Executive Order 13636. The Executive Order calls for the development of a voluntary Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk.

    Lesson 1: The drivers, components and structure of a cybersecurity program
    Lesson 2: Designing a cybersecurity program
    Lesson 3: Building a cybersecurity program

    Room: 106
    2
    Larry Wilson
  • 8:30am - 9:15am16 Cybersecurity Integration - A New Approach For Linking Everything That Matters

    Organizations today are faced with an increasing number of challenges related to securely running their operations. Every day seems to bring to light new security dangers related to people, processes and technology. This presentation will explore some of the ways organizations can gain better visibility into its security posture and risks by integrating traditional security operations information with IT Governance, Risk & Compliance / Analytics tools.

    Room: 103
    1
    Jeff Recor Brian Gawne
  • 8:30am - 9:15am16 Searching for the Silver Bullet

    We continue to look for that “silver bullet” that will help us defend against cyber-attacks. We began with firewalls and intrusion detection but, as the sophistication of attacks grew, our defenses became less effective. Today’s silver bullets include software-defined networks (SDN) and threat intelligence systems. This presentation will discuss whether these and other current solutions are providing us with successful defenses. Have we finally found our silver bullets?

    Room: Suite 3
    1
    Barbara L. Ciaramitaro
  • 8:30am - 9:15am16 Understanding the Processes of Stolen Data Markets

    Data breaches have become commonplace, though research on the sale of data is in its infancy. This introductory, non-technical presentation will explore the economy and organizational composition of stolen data markets hosted on both the open web and Tor to aid CISOs, security directors and anyone interested in cybercrime markets.

    Room: Theater
    1
    Thomas J. Holt
  • 9:00am - 3:00pm16 Exhibit Floor Open

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    0
  • 9:30am - 10:15am16 OPENING KEYNOTE: Insanity – Cyberspace 3.0 is Coming Your Way

    Major disruption in cyberspace is happening at ridiculous speed and the bad actors are taking advantage of this. We must learn to act at market speed and think 10x innovation as work to develop solutions and approaches to mitigate risk in this dynamic, lightning speed environment. This discussion focuses on those disruptive changes, the challenges we face, and how we must shift our thinking and accelerate our pace.

    Room: Keynote Theater
    0
    James Beeson
  • 10:15am - 11:15am16 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm16 Executive Roundtable: Incident Response - Manage The Damage (INVITE ONLY)

    VIP / INVITE ONLY

    Room: Executive Boardroom
    3
  • 11:15am - 12:00pm16 Always be Pen Testing

    Ethan will be presenting on Domino’s approach to ethical hacking. In a nutshell, an organization should either be planning for, starting, or responding to the findings of a penetration test. This should be a 12 month a year exercise. Ethan will focus on Domino’s overall strategy and design to its Black Operations program. He will give details on the different techniques Domino’s uses to help understand their risk profile. Ethan will review their “Capture the Flag” exercises where we divide up the security organization into two teams; red team and blue team. The red team leverages their extensive knowledge of the Domino’s environment to simulate an attack while the SOC functions as a blue team and defends the network. Ethan will also cover the other techniques Domino’s uses such as third parties ethical hacks, social engineering exercises and is even considering contracting former hackers to ensure that all door handles are turned and all locks are shaken.

    Room: 103
    0
    Ethan Steiger
  • 11:15am - 12:00pm16 Radware: War Stories from the Trenches – Information Security Survival

    Cyber-attacks are becoming increasingly complex and persistent, making it difficult for security professionals to protect their organizations as they head into the virtualized, IoT era. In this session, Radware will share real world experiences gathered by its Emergency Response Team and discuss how leading enterprises are using Radware’s integrated Attack Mitigation Systems to successfully defend against the latest generation of attacks.

    Room: Suite 3
    0
    Jeff Dolence
  • 12:00pm - 1:00pm16 Executive Roundtable: Managing / Auditing 3rd Party Partnerships - (VIP / Invite Only)

    Executive Track- VIP / INVITE ONLY
    Lunch Served at Noon

    Room: Executive Boardroom
    3
  • 12:15pm - 1:00pm16 LUNCH KEYNOTE: Radware - Safety, Sanctuary and Security: The Societal Impact of Ever-Permeating Connectivity

    Every day, we network-enable more aspects of our professional and personal lives. We make conscious decisions to adopt technologies in the pursuit of convenience or an apparent need to feel connected. Often the decisions are thrust upon us by employers, service providers or even those we’ve come to rely on in the physical world. Each step towards deeper and total connectivity comes with consequences; risks associated with our personal privacy, the security of our business and even our safety. In this session, Radware will explore the changes we’ve already allowed into our lives, where things are leading and portents for personal, business and public security.

    Room: Keynote Theater
    0
    Carl Herberger
  • 1:15pm - 2:15pm16 Industry Expert Panel: Protecting Your Data as it Roams

    Today your data moves fast and across platforms. Security professionals are charged with protecting valuable information as it moves from data centers to employee devices and into third party networks. Join this discussion on the technologies and policies that can help you manage these risks while still allowing business productivity. Ask our experts at this educational panel discussion.

    SafeNet / Gemalto 

    Optiv

    Absolute Software

     

    Room: Suite 3
    0
  • 1:15pm - 2:15pm16 Industry Expert Panel: The Emerging Threat Landscape

    The number of cybersecurity threats is growing every day forcing the need for thorough security assessment and analysis. Join industry leaders discussing emerging threats in the industry for the opportunity to learn what is next in the future of cybersecurity.

    Radware - Carl Herberger

    LogRhythm

    OpenDNS

    Click Security

    Zscaler

     

     

    Room: Keynote Theater
    0
  • 2:15pm - 3:00pm16 Conference Dessert Break / Exhibitor Product Demonstrations Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm16 Cybersecurity: Past, Present and Future

    The threat landscape has evolved. Cybersecurity is of major concern now to both the public and private sector, and organizations are working tirelessly trying to defend their entire enterprise from a breach. This presentation will cover some of the most significant breaches from 2014, and discuss present day threats to organizations and how we can best prepare for mitigating against future attacks.

    Room: 105
    1
    Alex Kayayian, MS
  • 3:00pm - 3:45pm16 Proactive Incident Management

    This presentation will introduce a framework to build a proactive incident management program that is supported by the four pillars of planning, preparing, practicing, and measuring. This framework has also been designed to be compliant with multiple standards, including PCI, ISO, NIST, NERC, and HIPPA.

    Room: Theater
    1
    Owen C. Creger
  • 3:00pm - 4:30pm16 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    Room: 203A
    2
    Dan Lohrmann
  • 3:00pm - 4:30pm16 SecureWorld Plus: Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This 3-part course focuses on the essential requirements, design, implementation, operations, testing and management of a corporate cybersecurity program. The program is based on the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”), which was issued on February 12, 2014, as directed by President Obama in Executive Order 13636. The Executive Order calls for the development of a voluntary Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk.

    Lesson 1: The drivers, components and structure of a cybersecurity program
    Lesson 2: Designing a cybersecurity program
    Lesson 3: Building a cybersecurity program

    Room: 106
    2
    Larry Wilson
  • 3:00pm - 3:45pm16 Security and Privacy: The Connected Vehicle Credential Management System

    Vehicle-to-Vehicle (V2V) communication requires both security and privacy which are often opposing goals. Learn about the current state and future directions of the proposed certificate management system for V2V communications.

    Room: 103
    1
    John Turner
  • 3:00pm - 3:45pm16 That Contract Says What? Vendor Requirements, Contracting Pitfalls & Insurance

    Vendors play an ever increasing role in every organization. But, vendor mistakes can damage customer trust and increase litigation and enforcement risks for everyone. This session will discuss key components of technology contracts including privacy, security and other regulatory concerns, data ownership, risk shifting strategies, and purchasing data breach insurance.

    Room: Suite 3
    1
    Tatiana Melnik
  • 3:15pm - 6:00pm16 Optiv & Partners Happy Hour

    Join Optiv and partners for hors d'oeuvres, drinks and magic show at The Outlook (located inside the Ford Motor Conference & Event Center) following the first day of SecureWorld.

    Room: The Outlook
    0

Day 2

  • 7:00am - 3:00pm17 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am17 InfraGard Breakfast Meeting - Members Only

    InfraGard Chapter Meeting for members only
    Keynote Speaker: Matt LaVigna from National Cyber Forensics Training Alliance (NCFTA)
    Continental Breakfast Served

    Room: Keynote Theater
    3
    Matt LaVigna
  • 8:00am - 9:30am17 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    Room: 203A
    2
    Dan Lohrmann
  • 8:00am - 9:30am17 SecureWorld Plus: Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This 3-part course focuses on the essential requirements, design, implementation, operations, testing and management of a corporate cybersecurity program. The program is based on the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”), which was issued on February 12, 2014, as directed by President Obama in Executive Order 13636. The Executive Order calls for the development of a voluntary Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk.

    Lesson 1: The drivers, components and structure of a cybersecurity program
    Lesson 2: Designing a cybersecurity program
    Lesson 3: Building a cybersecurity program

    Room: 106
    2
    Larry Wilson
  • 8:30am - 9:15am17 Changing Culture: A Framework and Methodology

    Today’s security leaders are business leaders who manage culture. Culture separates security awareness from secure behaviors, and passive compliance from active engagement. In this session, we will discuss the Security Culture Framework (SCF) and present on its impact on awareness, vendor risk management, and Governance / Risk / Compliance (GRC).

    Room: Suite 3
    1
    J Wolfgang Goerlich
  • 8:30am - 9:15am17 Risk Management – What Went Wrong?

    The session will cover some practical examples of risk management and how to leverage risk management to help with cybersecurity risk and exploit schemes.

    Room: 105
    1
    Jane Harper
  • 8:30am - 9:15am17 SANS 20 and Business Context: Finding Your Way Through The Woods

    No matter which control set is used as a basis for your security program, choosing what to implement first can be overwhelming. This presentation explores the process of combining SANS 20 Critical Security Controls and business context to optimize the organization’s time, effort and budget while improving its security posture.

    Room: Theater
    1
    Jen Fox
  • 9:00am - 3:00pm17 Exhibit Floor Open Please check back for presentation details.
    0
  • 9:30am - 10:15am17 OPENING KEYNOTE: U.S. Secret Service Capabilities in Cyber Investigations & the Emerging Trends in Cyber Crime Please check back for presentation details. Room: Keynote Theater
    0
    Grady Marshall
  • 10:15am - 11:15am17 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm17 Executive Roundtable: Locking Down the Endpoints - (VIP / Invite Only)

    Executive Track - VIP/Invite Only

    Room: Executive Boardroom
    3
  • 11:15am - 12:00pm17 Absolute: Hedging Your Bets - A Layered Approach to Security

    Ten years ago it was all about keeping things out with most organizations focused on firewalls, anti-virus and encryption. Today it’s a given that many risks have already made it past the front door – which, with mobility, can be accessed from just about anywhere in the world. As a result, many organizations have upped their game, employing a strong playbook involving multiple players so they can tackle and respond to each play as it happens – and with significant back-up if a player goes down. Join Ali Solehdin from Absolute for an insightful presentation on the strategic benefits of applying a layered approach to security. The session will include examples of security incidents that could have been avoided if this approach had been in place.

    Room: 103
    0
    Ali Solehdin
  • 11:15am - 12:00pm17 Certes Network: Crypto Chaos - Why Hackers Love Fragmented Data Traffic Security

    Poor security of networked applications was a common issue in the wave of recent data breaches. A hodgepodge of VPNs, IPsec, VLANs, and SSL makes fully securing networked applications immensely complicated, forcing dangerous trade-offs between security and performance. But emerging best practices simplify data traffic security to reduce breach risks.

    Room: 105
    0
    Satyam Tyagi
  • 11:15am - 12:00pm17 Cybersecurity is NOT a Technology Problem

    We need to rethink our approach to cybersecurity that is commonly viewed as a technology problem relegated to specific IT teams and dedicated technologies. But we are missing the point! Cybersecurity is much more than a technology problem. It is a management, finance and human resource problem. Technology may help in finding solutions but it cannot solve the problem alone. This presentation will discuss the business side of cybersecurity.

    Room: Suite 3
    1
    Barbara L. Ciaramitaro
  • 11:15am - 12:00pm17 NICE and the Critical Infrastructure Framework – What They Are and How They Work Together

    This session will present the basics of two important NIST Frameworks for cybersecurity, The NICE Workforce Framework (NICE) and the Critical Cybersecurity Infrastructure Framework (CSF). These two are meant to work together. What they are and how they can be used to create a secure organization will be presented and discussed.

    Room: Theater
    1
    Dan Shoemaker
  • 12:00pm - 1:00pm17 Executive Roundtable: Blurring of Business / Personal Use of Technology - (VIP / INVITE ONLY)

    Executive Track-VIP/Invite ONLY
    Lunch Served at Noon

    Room: Executive Boardroom
    3
  • 12:00pm - 1:00pm17 ISSA Chapter Meeting - Members Only

    ISSA Chapter meeting, open to members only.
    Lunch Served

    Room: Lookout
    3
    Andrea Hoy
  • 12:15pm - 1:00pm17 LUNCH KEYNOTE: Gaining Visibility, Meaningful Information Security and Fraud Data in Seconds

    A big data case study on using a risk-based approach for Information Security and Fraud analytics to protect a company brand, intellectual property, and customer data. This case study is based on Laz' four years experience as a CISO for a Fortune 100 retailer. Laz will discuss the build out of the Information Security program in an agile environment while using big data for Information Security and Fraud Analytics to make better decisions faster. This case study has been referred to by Gartner in their areas of research with Big Data analytics.

    Room: Keynote Theater
    0
    Demetrios Lazarikos (Laz)
  • 1:15pm - 2:15pm17 Industry Expert Panel: Cybersecurity - The Human Factor

    As the sophistication of bad actors increases and data expands exponentially we will see more and more at risk devices brought into the enterprise environment. Education and awareness have become increasingly important. Join this panel of experts as they discuss the use of technology and smart policies to effectively educate and inform the humans.

    Optiv

    Zscaler

    TrendMicro

    Room: Suite 3
    0
  • 1:15pm - 2:15pm17 Industry Expert Panel: Incident Response

    The current threat landscape is continually changing and security professionals are being tasked with keeping the company’s data safe. Inevitably it happens – someone lost their tablet or their smartphone was stolen at the local coffee shop, or the network was compromised. Organizations must move from the mindset of hoping the incident doesn’t happen to them to a mindset of what will our plan of action be when it does happen? The goal of an Incident Response program is to handle the issue in a way that limits the damage, reduces the recovery time and costs, and helps to mitigate the risk to their clients.

    Online Tech

    Room: Keynote Theater
    0
  • 2:15pm - 3:00pm17 Conference Dessert Break / Exhibitor Product Demonstrations

    Located on the SecureWorld Exhibit floor.

    0
  • 2:30pm - 2:45pm17 Dash for Prizes & CyberHunt

    Be sure to leave your business card* with any participating exhibitor. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm17 Effectively Managing Information Risk

    A core component of information security programs is an effective process to manage information risk. In this session, Doug Copley will articulate the interdependencies in managing information risk and outline some of the methods he’s found useful to manage information risk.

    Room: 105
    1
    Doug Copley
  • 3:00pm - 3:45pm17 IOT – Challenges Within Automotive

    A new world of connected vehicles is on its way and its increasing reliance on interacting systems and connectivity is opening up new attack surfaces and a completely new area of consumer risk. The automotive industry faces increased challenges regarding safety, liability and privacy.

    Room: Theater
    1
    Martin Bally
  • 3:00pm - 3:45pm17 Microsoft’s Free Security Tool EMET Overview

    EMET – Enhanced Mitigation Experience Toolkit, an overview of Microsoft’s free security tool for enhanced Windows platform security. EMET can be an addition layer of security you can add to your environment at zero cost.

    Room: Suite 3
    1
    Frank Klimczak
  • 3:00pm - 3:45pm17 The Art of Hacking a Human

    This presentation will focus on being successful interacting with others in your work space. People have their own firewalls and we setup the interaction rules. Do we want to allow or block this person in our comfort zone? I will go over security techniques on how to navigate different personalities using traditional hacking techniques.
    - Determine what "operating system" they are running
    - What patches are in place
    - What vulnerabilities can you exploit?
    - What configuration issues does this person have?
    Which then result in being able to work with different personalities based on what the hacking results tell you?

    Room: 103
    1
    Zee Abdelnabi

Session Information

Description: