• About
  • Theme
  • Who Attends
  • Who To Contact
  • Members Circle
• Registration
• Agenda & Sessions
  • Agenda at a Glance
  • Keynote Speakers
  • Session Catalog
  • Personal Scheduler
  • Daily Schedule
  • Speaker Catalog
  • Peer2Peer Sessions
  • Track Descriptions
  • Session Classifications
  • One Day Tutorials
  • Two Day Tutorials
  • Monday Seminars
  • Activities
• Expo
  • Interactive Floor Plan
  • Exhibitor List
• Travel & Venue
  • Hotel Information & Shuttle Service
  • Facilities
  • Directions and Parking
  • International Travel
  • Exploring San Francisco
• Sponsors
• Connect

• For Speakers
• For Sponsors & Exhibitors
  • Why Sponsor or Exhibit
  • Become a Sponsor
  • Become a Global Sponsor
  • Become an Exhibitor
  • 2010 Floor Plan
  • Sales Contacts & Contracts
• For Press
  • Press Releases

• Join the Mailing List
• Contact Us
• Green Initiatives

One Day Tutorials

There are several one-day pre-Conference immersive sessions to select from:
    • Smart Cards and Identity Management for Public and Private Enterprises
    • Foundations for Success: Enterprise Identity Management Architecture
    • Application Security Awareness (Hands-on)
    • Security Basics Boot Camp

TUT-M11

Smart Cards and Identity Management for Public and Private Enterprises

Date & Time:
Monday March 1st
9:00am – 5:00pm

Tutorial Overview:
This tutorial will detail the use of smart cards in Identity Management. Security professionals are changing the way they think about security, identity management, and authentication. The session includes ways of establishing an identity, transforming identity attributes into digital credentials, assigning privileges associated with that identity, and methods for presenting those credentials in a secure, authenticated manner for physical and logical access use cases.

Part 1: Overview of Smart Cards Usage in Government and Commercial IT

9:00

This session begins with a market overview of smart cards in secure identification and authentication implementations in government and commercial projects worldwide.       Speaker:       Randy Vanderhoof, Executive Director, Smart Card Alliance

10:00

This session will explain the practical application of identity management and its usage of digital credentials stored on smart cards, and how they are issued, managed and revoked. The U.S. Government Federal Identity, Credential and Access Management (ICAM) committee has released a roadmap for the usage of millions of PIV compliant credentials, and many corporate enterprises are issuing PIV compatible smart card ID badges for the convergence of physical and logical access control and to cross-federate in some cases with the federal government ID systems. Because interoperable credentials make good security and fiscal sense, this session will look at how these new credentials are moving outside of the initial domain of federal agencies and into the commercial enterprise market.       Speaker:       Bryan Ichikawa, Vice President, Identity Solutions, Federal       Systems, UNISYS

Part 2: Identity, Privilege, and Person

11:00	This session begins by exploring the independence and interrelationships between the concepts of Identity, Privilege and Person in relation to privacy, consent, and authentication in the context of government and non-government issued IDs. Examples are presented on how specific smart card technologies are utilized to implement these concepts in well-known application contexts.       Speaker:       Gerald Smith, Senior Consultant, ID Technology Partners
12:00	Lunch
1:00	This session will conclude with an overview of the latest technology innovations in smart cards for IT. Advances in application and content management capabilities are shown that create flexibility for how smart cards are applied in IT environments.       Speaker:       Stephen Howard, Vice President of Operations, Certipath
2:30	Break

Part 3: Use Case for Large Scale ID Systems

3:00	This session will look at large scale smart card deployments that exemplify the value of secure, interoperable, and scalable smart card-enabled identity solutions that take a systematic approach to managing identity and integrating the physical and logical access needs for organizations of all types and sizes.       Speakers:       Keith Ward, TSCP Outreach Director and Director of Enterprise       Security and Identity Management, Northrop Grumman       Chris Williams, Corporate IT Security Controls, SAIC
4:30	Wrap Discussion and Q&A – Review of Tutorial All Speakers
5:00	Session Adjourns

 

TUT-M21

Foundations for Success: Enterprise Identity Management Architecture

Date & Time:
Monday March 1st
9:00am – 5:00pm

Speakers:
Dan Houser, Identity Architect, Cardinal Health
Erik T. Heidt Information Security Architect, Assistant Vice President Fortune 500 Financial

Abstract:
Identity and Access Management is the foundation for access controls in the Enterprise, a mission-critical IT function that is both the lifeblood of your business, and a frustrating and difficult beast to tame. Your IdM infrastructure is more complicated, with more moving parts, and more partners across the enterprise, than any other security related service.

This interactive session, taught by experienced IdM veterans and practitioners, provides an architectural view to resolving identity challenges, and will provide detailed and informative discussions on directory services, web access management, Single Sign-on, federated identity, authorization, provisioning and more. The morning session will provide an overview of the foundations of IdM, while the afternoon will provide a customized, detailed and interactive session to focus on the specific identity disciplines they find most challenging.

This workshop will cover:

• Principles of Identity and Access Management and implementation strategies
• Infrastructure architecture -- critical underlying processes to run a successful enterprise
• Web-based authentication & Web Access Management
• Selling Identity strategy in the C-suite
• Directory Services – Enterprise, meta-directories and virtual directories
• Provisioning - managing the processes of Identity and Access Management
• Identity mapping and roll-up
• Detailed Single Sign-on strategies: Getting off Identity islands
• Detailed Federated Identity discussion and case studies
• Gritty Reality of Federation SSO: Lessons learned from 14 major federation projects
• Multi-factor authentication: biometrics, tokens & more
• Functional IDs - real world considerations of this often forgotten access control
• User Access Audit: Proving only authorized users have access
• Auditing the identity systems

Key Learning Objectives:
Participants should have a basic background in Information Security, IT systems, and identity management. After the class, participants should feel well grounded in identity management, understand the broad landscape from both a technical as well as a business perspective, and have gained practical insight into the strategies which will enable them to meet identity challenges in their organization.

 

TUT-M31

Application Security Awareness (Hands-on)

Date & Time:
Monday March 1st
9:00am – 5:00pm

Speaker:
Nish Bhalla, Founder, Security Compass

Tutorial Overview:
Students will understand the basics of application security attacks and defenses, along with hands-on examples of common attacks. Complete and detailed high level technical explanations on how attacks work, what they do and the risks posed to your business will be given. Concepts of application security will be discussed in the context of the demonstrated attacks and principles of secure development and risk analysis clearly illustrated. Defensive strategies will be compared and contrasted and reasons for certain security choices will be clearly differentiated.

Key Learning Objectives:

• Understand major web application security vulnerabilities
• Learn how to execute some of the most popular attacks for manual penetration testing
• Articulate basic defense mechanisms
• Learn how to further knowledge in particular areas of interest for application security

 

TUT-M51

Security Basics Boot Camp

Date & Time:
Monday March 1st
8:30am – 5:00pm

Abstract:
Security Basics Boot Camp is a new day long course that explains some of the most important security principles and technologies. Designed for practitioners with less than three years of information security experience or those new to the field, Boot Camp will create a foundation of essential concepts to enhance your understanding of the more advanced security sessions during the week. Taught by the “who’s who” in the security industry, Security Basics Boot Camp is not to be missed. Topics and speakers include:

• Business of Security
       •  Hugh Thompson, Chief Security Strategist, People Security
• Intrusion detection and data loss prevention
       •  Kevin Rowney, Founder, Symantec DLP, Symantec Corporation
• Viruses/Malware/Spam
       •  Vinny Guilloto, Microsoft
• Crypto 101/Encryption basics/SSL & certificates
       •  Josh Rosenthol, Consultant Product Manager, RSA, The Security Division
          of EMC
• Introduction to Security Architecture
       •  Jeff Bardin, VP, Chief Security Officer, ITSolutions
• Firewalls and Perimeter Protection
       •  Bill Cheswick, Lead Member of Technical Staff, AT&T Labs - Research
• External Hackers and Insider Threats
       •  George Kurtz, Worldwide Chief Technology Officer & Executive
          Vice President, McAfee, Inc. and Dr. Eric Cole, McAfee
• Authentication Technologies
       •  Bret Hartman, CTO, RSA, The Security Division of EMC and
          John Linn, Sr. Technologist, RSA, The Security Division of EMC
• Application Security
       •  Jason Rouse, Cigital

 

Back to Top