Detroit SecureWorld

2015 Agenda
Open Sessions
Conference Pass
SecureWorld Plus
VIP / Executive
View All

Day 1

  • 7:00am - 3:00pm16 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:15am16 Executive Advisory Board Breakfast: (VIP / INVITE ONLY)

    Executive Advisory Board Breakfast: VIP / INVITE ONLY

    3
  • 8:00am - 9:30am16 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    2
    Dan Lohrmann
  • 8:00am - 9:30am16 SecureWorld Plus: Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This 3-part course focuses on the essential requirements, design, implementation, operations, testing and management of a corporate cybersecurity program. The program is based on the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”), which was issued on February 12, 2014, as directed by President Obama in Executive Order 13636. The Executive Order calls for the development of a voluntary Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk.

    Lesson 1: The drivers, components and structure of a cybersecurity program
    Lesson 2: Designing a cybersecurity program
    Lesson 3: Building a cybersecurity program

    2
    Larry Wilson
  • 8:30am - 9:15am16 Searching for the Silver Bullet

    We continue to look for that “silver bullet” that will help us defend against cyber-attacks. We began with firewalls and intrusion detection but, as the sophistication of attacks grew, our defenses became less effective. Today’s silver bullets include software-defined networks (SDN) and threat intelligence systems. This presentation will discuss whether these and other current solutions are providing us with successful defenses. Have we finally found our silver bullets?

    1
    Barbara L. Ciaramitaro
  • 8:30am - 9:15am16 Understanding the Processes of Stolen Data Markets

    Data breaches have become commonplace, though research on the sale of data is in its infancy. This introductory, non-technical presentation will explore the economy and organizational composition of stolen data markets hosted on both the open web and Tor to aid CISOs, security directors and anyone interested in cybercrime markets.

    1
    Thomas J. Holt
  • 9:00am - 3:00pm16 Exhibit Floor Open

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    0
  • 9:30am - 10:15am16 OPENING KEYNOTE: Insanity – Cyberspace 3.0 is Coming Your Way

    Major disruption in cyberspace is happening at ridiculous speed and the bad actors are taking advantage of this. We must learn to act at market speed and think 10x innovation as work to develop solutions and approaches to mitigate risk in this dynamic, lightning speed environment. This discussion focuses on those disruptive changes, the challenges we face, and how we must shift our thinking and accelerate our pace.

    Room: Keynote Theater
    0
    James Beeson
  • 10:15am - 11:15am16 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm16 Executive Roundtable - (INVITE ONLY)

    VIP / INVITE ONLY

    3
  • 11:15am - 12:00pm16 Play IT Security Jeopardy Please check back for presentation details.
    1
  • 11:15am - 12:00pm16 Radware: War Stories from the Trenches – Information Security Survival

    Cyber-attacks are becoming increasingly complex and persistent, making it difficult for security professionals to protect their organizations as they head into the virtualized, IoT era. In this session, Radware will share real world experiences gathered by its Emergency Response Team and discuss how leading enterprises are using Radware’s integrated Attack Mitigation Systems to successfully defend against the latest generation of attacks.

    0
    Jeff Dolence
  • 11:15am - 12:00pm16 Selling Security to Management Please check back for presentation details.
    1
  • 12:00pm - 1:00pm16 Executive Roundtable - (VIP / Invite Only)

    Executive Track- VIP / INVITE ONLY
    Lunch Served at Noon

    3
  • 12:15pm - 1:00pm16 LUNCH KEYNOTE: Radware - Safety, Sanctuary and Security: The Societal Impact of Ever-Permeating Connectivity

    Every day, we network-enable more aspects of our professional and personal lives. We make conscious decisions to adopt technologies in the pursuit of convenience or an apparent need to feel connected. Often the decisions are thrust upon us by employers, service providers or even those we’ve come to rely on in the physical world. Each step towards deeper and total connectivity comes with consequences; risks associated with our personal privacy, the security of our business and even our safety. In this session, Radware will explore the changes we’ve already allowed into our lives, where things are leading and portents for personal, business and public security.

    0
    Carl Herberger
  • 1:15pm - 2:15pm16 Industry Expert Panel: Emerging Threats

    The number of cybersecurity threats is growing every day forcing the need for thorough security assessment and analysis. Join industry leaders discussing emerging threats in the industry for the opportunity to learn what is next in the future of cybersecurity.

     

     

    0
  • 1:15pm - 2:15pm16 Industry Expert Panel: Protecting Your Data as it Roams

    Today your data moves fast and across platforms. Security professionals are charged with protecting valuable information as it moves from data centers to employee devices and into third party networks. Join this discussion on the technologies and policies that can help you manage these risks while still allowing business productivity. Ask our experts at this educational panel discussion.

    SafeNet / Gemalto 

    0
  • 1:15pm - 2:00pm16 Stories of Malicious Code in Action Please check back for presentation details.
    0
  • 2:15pm - 3:00pm16 Conference Dessert Break / Exhibitor Product Demonstrations Please check back for presentation details. Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm16 Cyber Insurance: How to Investigate the Right Coverage for Your Company

    Practitioner’s view of how to evaluate your cyber insurance needs. How do you select an insurance broker? What to expect during the process of purchasing cyber insurance along with a set of questions to ask insurance brokers. Insight into the process of working with and meeting with an insurance broker.

    1
    Dr. Faith Heikkila
  • 3:00pm - 3:45pm16 Proactive Incident Management

    This presentation will introduce a framework to build a proactive incident management program that is supported by the four pillars of planning, preparing, practicing, and measuring. This framework has also been designed to be compliant with multiple standards, including PCI, ISO, NIST, NERC, and HIPPA.

    1
    Owen C. Creger
  • 3:00pm - 4:30pm16 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    2
    Dan Lohrmann
  • 3:00pm - 4:30pm16 SecureWorld Plus: Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This 3-part course focuses on the essential requirements, design, implementation, operations, testing and management of a corporate cybersecurity program. The program is based on the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”), which was issued on February 12, 2014, as directed by President Obama in Executive Order 13636. The Executive Order calls for the development of a voluntary Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk.

    Lesson 1: The drivers, components and structure of a cybersecurity program
    Lesson 2: Designing a cybersecurity program
    Lesson 3: Building a cybersecurity program

    2
    Larry Wilson
  • 3:00pm - 3:45pm16 That Contract Says What? Vendor Requirements, Contracting Pitfalls & Insurance

    Vendors play an ever increasing role in every organization. But, vendor mistakes can damage customer trust and increase litigation and enforcement risks for everyone. This session will discuss key components of technology contracts including privacy, security and other regulatory concerns, data ownership, risk shifting strategies, and purchasing data breach insurance.

    1
    Tatiana Melnik
  • 3:15pm - 6:00pm16 FishNet Security Happy Hour Please check back for presentation details.
    0

Day 2

  • 7:00am - 3:00pm17 Registration Open

    Click here to view registration types and pricing.

    Room: Registration Desk
    0
  • 8:00am - 9:30am17 SecureWorld Plus: Building a Successful Information Security Awareness Program (SecureWorld Plus Registrants ONLY)

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and changes employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.
    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this SecureWorld Plus-session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Dan Lohrmann offers an interactive, engaging style that is both fun and informative. The 4.5-hour workshop covers these essential topics:

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing? Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    2
    Dan Lohrmann
  • 8:00am - 9:30am17 SecureWorld Plus: Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework (SecureWorld Plus Registrants ONLY)

    This 3-part course focuses on the essential requirements, design, implementation, operations, testing and management of a corporate cybersecurity program. The program is based on the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”), which was issued on February 12, 2014, as directed by President Obama in Executive Order 13636. The Executive Order calls for the development of a voluntary Cybersecurity Framework that provides a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” for assisting organizations responsible for critical infrastructure services to manage cybersecurity risk.

    Lesson 1: The drivers, components and structure of a cybersecurity program
    Lesson 2: Designing a cybersecurity program
    Lesson 3: Building a cybersecurity program

    2
    Larry Wilson
  • 8:30am - 9:15am17 Changing Culture: A Framework and Methodology

    Today’s security leaders are business leaders who manage culture. Culture separates security awareness from secure behaviors, and passive compliance from active engagement. In this session, we will discuss the Security Culture Framework (SCF) and present on its impact on awareness, vendor risk management, and Governance / Risk / Compliance (GRC).

    1
    J Wolfgang Goerlich
  • 8:30am - 9:15am17 SANS 20 and Business Context: Finding Your Way Through The Woods

    No matter which control set is used as a basis for your security program, choosing what to implement first can be overwhelming. This presentation explores the process of combining SANS 20 Critical Security Controls and business context to optimize the organization’s time, effort and budget while improving its security posture.

    1
    Jen Fox
  • 9:00am - 3:00pm17 Exhibit Floor Open Please check back for presentation details.
    0
  • 10:15am - 11:15am17 Conference Break / Exhibitor Product Demonstration Please check back for presentation details.
    0
  • 11:00am - 12:00pm17 Executive Roundtable - (VIP / Invite Only)

    Executive Track - VIP/Invite Only

    3
  • 11:15am - 12:00pm17 Certes Network: Crypto Chaos - Why Hackers Love Fragmented Data Traffic Security

    Poor security of networked applications was a common issue in the wave of recent data breaches. A hodgepodge of VPNs, IPsec, VLANs, and SSL makes fully securing networked applications immensely complicated, forcing dangerous trade-offs between security and performance. But emerging best practices simplify data traffic security to reduce breach risks.

    0
    Satyam Tyagi
  • 11:15am - 12:00pm17 Cybersecurity Challenges and Practical Remedies in Healthcare Please check back for presentation details.
    1
  • 11:15am - 12:00pm17 Cybersecurity is NOT a Technology Problem

    We need to rethink our approach to cybersecurity that is commonly viewed as a technology problem relegated to specific IT teams and dedicated technologies. But we are missing the point! Cybersecurity is much more than a technology problem. It is a management, finance and human resource problem. Technology may help in finding solutions but it cannot solve the problem alone. This presentation will discuss the business side of cybersecurity.

    1
    Barbara L. Ciaramitaro
  • 11:15am - 12:00pm17 NICE and the Critical Infrastructure Framework – What They Are and How They Work Together

    This session will present the basics of two important NIST Frameworks for cybersecurity, The NICE Workforce Framework (NICE) and the Critical Cybersecurity Infrastructure Framework (CSF). These two are meant to work together. What they are and how they can be used to create a secure organization will be presented and discussed.

    1
    Dan Shoemaker
  • 12:00pm - 1:00pm17 Executive Roundtable - (VIP / INVITE ONLY)

    Executive Track-VIP/Invite ONLY
    Lunch Served at Noon

    3
  • 1:15pm - 2:15pm17 Industry Expert Panel: Identifying Risk - Are You Vulnerable?

    As the sophistication of bad actors increases, data expands exponentially, and more and more devices are brought into the enterprise environment. Education and awareness become increasingly important. Join this panel of experts as they discuss the use of technology and smart policies to effectively protect your organization. 

    0
  • 1:15pm - 2:15pm17 Industry Expert Panel: Incident Response-Are You Prepared?

    The current threat landscape is continually changing and security professionals are being tasked with keeping the company’s data safe. Inevitably it happens – someone lost their tablet or their smartphone was stolen at the local coffee shop, or the network was compromised. Organizations must move from the mindset of hoping the incident doesn’t happen to them to a mindset of what will our plan of action be when it does happen? The goal of an Incident Response program is to handle the issue in a way that limits the damage, reduces the recovery time and costs, and helps to mitigate the risk to their clients. Join our experts as they look at the challenges security teams are facing, tools and initiatives that are working for them, and guidance in creating a program that will work for your organization.

     

    0
  • 1:15pm - 2:00pm17 Intelligence Driven Security Please check back for presentation details.
    0
  • 2:15pm - 3:00pm17 Conference Dessert Break / Exhibitor Product Demonstrations

    Located on the SecureWorld Exhibit floor.

    0
  • 2:30pm - 2:45pm17 Dash for Prizes & CyberHunt

    Be sure to leave your business card* with any participating exhibitor. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    Room: SecureWorld Exhibit Floor
    0
  • 3:00pm - 3:45pm17 IOT – Challenges Within Automotive

    A new world of connected vehicles is on its way and its increasing reliance on interacting systems and connectivity is opening up new attack surfaces and a completely new area of consumer risk. The automotive industry faces increased challenges regarding safety, liability and privacy.

    1
    Martin Bally
  • 3:00pm - 3:45pm17 Microsoft’s Free Security Tool EMET Overview

    EMET – Enhanced Mitigation Experience Toolkit, an overview of Microsoft’s free security tool for enhanced Windows platform security. EMET can be an addition layer of security you can add to your environment at zero cost.

    1
    Frank Klimczak
  • 3:00pm - 3:45pm17 The Art of Hacking a Human

    This presentation will focus on being successful interacting with others in your work space. People have their own firewalls and we setup the interaction rules. Do we want to allow or block this person in our comfort zone? I will go over security techniques on how to navigate different personalities using traditional hacking techniques.
    - Determine what "operating system" they are running
    - What patches are in place
    - What vulnerabilities can you exploit?
    - What configuration issues does this person have?
    Which then result in being able to work with different personalities based on what the hacking results tell you?

    1
    Zee Abdelnabi
  • 3:00pm - 3:45pm17 The National Framework for Cybersecurity Work Please check back for presentation details.
    1

Session Information

Description: