Monday Events

8:30 a.m. - Introduction & the Business of Security

• Speaker: Hugh Thompson, Chief Security Strategist, People Security

9:30 a.m. - Crypto 101/Encryption Basics, SSL & Certificates

• Speaker: Ivan Ristic, Director of Engineering, Qualys, Inc.

10:30 a.m. - Break

10:45 a.m. - Authentication Technologies

• Speaker: Bill Duane, Distinguished Engineer, Office of the CTO, RSA, The Security Division of EMC

11: 45 a.m. - Lunch

12:45 p.m. - Application Security

• Speaker: Jason Rouse, Principal Consultant, Cigital, Inc.

1:45 p.m. - Viruses, Malware and Threats

• Speaker: Vinny Gullotto, General Manager, Malware Protection Center, Microsoft Corporation

2:45 p.m. - Break

3:00 p.m. - Firewalls and Perimeter Protection

• Speaker: William Cheswick, Lead Member of Technical Staff, AT&T Labs Research

4:00 p.m. - Governance, Risk and Compliance

• Speaker: Steve Schlarman, eGRC Solution Manager, RSA, The Security Division of EMC

Moderator: Kathy Kriese, Senior Product Manager, RSA, The Security Division of EMC

8:30 a.m. - Truth or Fiction: The rise of software vulnerabilities and the impact the vulnerabilities have on organizations

• Speaker: Kathy Kriese, Senior Product Manager, RSA, The Security Division of EMC

8:40 a.m. - Security in the Software Development Lifecycle: For each lifecycle stage, what are the activities and responsibilities?

• Speaker: Steve Lipner, Senior Director of Security Engineering Strategy, Microsoft Corporation

9:25 a.m. - Break

9:40 a.m. - Secure Design Principles: Defense in depth, least privilege, compartmentalization, guest/tenant isolation, reduction of attack surface, fail-secure, no reliance on client-enforced security, secure interoperability, secure-by-default

• Speaker: Alberto Revelli, Senior Consultant, Cigital, Inc.

10:30 a.m. - Secure Coding: Demonstrate issues and illustrate prevention/remediation techniques - part 1

• Speakers: Jacob West, Director of Security Research Group, Fortify, an HP Company
  Brian Chess, Founder and Chief Scientist, Fortify, an HP Company

12:00 p.m. - Lunch

1:00 p.m. - Secure Coding: Demonstrate issues and illustrate prevention/remediation techniques - part 2

2:30 p.m. - Security Testing: Fuzzing, threat modeling, benefits/limitations of testing techniques, source code scanning, vulnerability scanners

• Speaker: Chris Eng, Senior Director of Research, Veracode, Inc.

3:45 p.m. - Break

4:00 p.m. - Vulnerability Response: Representatives for defined roles, third-party tracking, regression testing, root cause analysis, patches - creation and communication

• Speaker: Reeny Sondhi, Director, Product Security, EMC Corporation

4:45 p.m. - Security Resources: CERT, NIST, RSA Labs, RSA Share Community, (ISC)2 and more

• Speaker: Kathy Kriese, Senior Product Manager, RSA, The Security Division of EMC

4:55 p.m. - Close

8:30 a.m. - Building Blocks of a Security Program

• First 6 Months on the Job
  The morning starts off with a walkthrough of what you might expect during your first 6 months on the job. Learn where to spend your time and resources to be most effective without introducing more change than the organization can absorb. Think you should drop a 100 page vulnerability report on the CEO's desk on day 2? Think again. These long-time security leaders will point out the pitfalls to avoid as a new information security officer, and share their tips for building a strong program foundation.
  • Speaker: Dennis Devlin, CISO, Brandeis University
• Organizational Structure, What Works
  Once you have gotten past the first few months, you will be presented with several important decisions, like how to organize your team. Attendees will hear several approaches to handling critical security functions such as governance, operations, privacy, and incident investigations. There are so many ways to integrate information security responsibilities into the organization, and security officers are meeting the modern day challenges by evolving their program into a more decentralized group spread across various business units.
  • Speaker: Evan Wheeler, Director InfoSec, Omgeo
• Security Evangelism
  If you don't like politics, than CISO is probably not the job for you. On any given day you may find yourself negotiating with regulators, balancing a severe security exposure against a critical business initiative, and being grilled demanding customer due diligence questions. A critical skill for any security leader is knowing how to shape and improve the security posture of your organization without clashing with the company's culture. Learn from the experiences of a leading CISO how to promote a culture of security in your own organization.
  • Speaker: Bruce Bonsall, CISO, Mass Mutual

9:30 a.m. - Making Regulations & Audit Work for You

• Audit is Your Friend & Strategies for Working with the Regulators
  No matter what industry you are in these days it seems that you have to deal with some level of regulation. If you know how to approach it, you can really use this to your advantage to improve the security posture of your organization. The key is to really understand the audit function, their role and charter, and how to best maximize the relationship with them whether it be an internal audit group or an external assessor. Learn how to "manage" the audit process, and you will transform yourself from someone who dreads audit to an audit lover.
  • Speaker: Justin Peavey, CISO, Omgeo

10:00 a.m. - Break

10:30 a.m. - Managing the Breach

• The Long Walk to the CEO's Office
  No matter how good you are, you will someday experience the humbling effects of a data breach. Not only can how you handle the first few minutes, hours, and days of this experience make or break your career, also how you prepare for this event will often determine your tenure with the organization. Attendees will get a rare look into the mind of a CISO as he/she walks down the hall to the CEO's office. Can you guess what is on top of the list?
  • Speaker: Ron Baklarz, CISO, Amtrak
• Law School in 20 Minutes or Less
  If you aspire to lead a security program of any size, then this session is a must attend for you. More and more these days the CISO is called upon to provide guidance about the security, privacy, compliance requirements and constraints of various (and often conflicting) international laws. This crash course in legal must-know topics will give you a great place to start with your legal education.
  • Speaker: David Thomas, Shareholder, Greenberg Traurig, LLP
• Investigative and Forensic Considerations: Interaction with Law Enforcement
  Don't miss this unique experience to hear from a senior law enforcement agent what you can expect when you make the call to bring in help on an investigation. Law enforcement can be an invaluable resource to help you through a major breach, but you need to help them to help you. Preserving forensic evidence and coordinating resource are just some of the topics that will be covered.
  
  For those attendees who are lucky enough to have never had a serious breach that required law enforcement assistance, this session will conclude with a simulated meeting between a CISO, his legal counsel, and an FBI agent to discuss a new breach investigation. What better way to learn what to expect and how to prepare than to see it all in action. There may even be some unexpected developments in the investigation to really keep things interesting.
  • Speaker: James Burrell , Assistant Special Agent in Charge, Federal Bureau of Investigation

12:30 p.m. - Introductions

• Speakers: Mike Gentile, Founder and President, CISOHandbook.com
  Lee Kushner, President, LJ Kushner and Associates

12:40 p.m. - Trends Impacting the Sec. Skills Orgs Need & the Jobs People Want
The current characteristics of the information security domain have created a dynamic and challenging landscape for the development of the security professionals that participate within it. Some of these considerations or trends include the unique and demanding needs of the organizations that require security talent, the available training and certification mechanisms to attain these skills, extreme demand for a limited supply of talent, and the overall immaturity of the information security discipline. This panel will illustrate some unique perspectives on this topic, as well as, provide some practical tips to leverage these considerations in your day to day security travels.

• Speakers: Michael Assante, President and CEO, NBISE
  Chris Chock, Security Lead, Orange County Transportation Authority
  Mike Gentile, Founder and President, CISOHandbook.com (Moderator)
  Jeff Moss, Founder of Black Hat and DEF CON, Homeland Security Advisory Council Member
  Kevin Richards, President, ISSA International and Vice President, Risk & Security Services, Neohapsis

1:30 p.m. - Break

1:50 p.m. - Career Architecture - Building a Career Plan From the Ground Up
The battle for information security leadership jobs becomes more fierce each year. It is important that the Information Security professional prepare himself/herself to compete in this industry. This session will teach you to effectively plan for future success in your career, setting appropriate goals and targets and understanding your own skills and where you need to develop further.

• Speaker: Michael Murray, Co-Founder, Infosec Leaders

2:30 p.m. - Making the A-list - Differentiating Yourself as an Information Security Professional
Most security professionals are great at what they do, but fall short when it comes to presenting themselves for a career opportunity. This session will:

• Give an overview on how hiring managers and recruiters evaluate potential candidates
• Help define the qualities that make candidates stand out from the competition
• Provide insights on how to "product manage" one's professional assets.

• Speaker: Jeff Combs, Owner, J. Combs Search Advisors

3:10 p.m. - Break

3:30 p.m. - The CISO of the Future - Building a Competitive Skill Matrix
As companies look to select their information security leaders of the future, they will be more demanding. To be both effective and respected, the CISO will need to build a comprehensive skills matrix that places them on the same level as other senior executives. Attendees will learn which key skills and attributes companies search for when selecting their CISO's and how to acquire them.

• Speaker: Lee Kushner, President, LJ Kushner and Associates

4:10 p.m. - The Top of the Pyramid - Real Lessons from Today's Security Leaders
A diverse panel of recognized information security leaders, representing different perspectives and industries, will speak about their backgrounds and their career paths. Discussion points will include items such as how they achieved their success, the criteria that they utilize for their personal career decisions, recognizing and developing talent, as well as where they are heading next. Attendees will leave the session with ideas to apply to their own careers, in pursuit of their long term career goals. The session would allow for audience questions and answers.

• Speakers: Patrick Heim, CISO, Kaiser Permanente
  John Kirkwood, Global CISO, Royal Ahold
  Lee Kushner, President, LJ Kushner and Associates (Moderator)
  Stephen Scharf, CSO, Experian
  

9:00 a.m. – Keynote

• Speakers: Marc Benioff, CEO, Salesforce.com

9:40 a.m. – Cloudnomics: Securing the Cloud within Market Realities

• Speakers: Christopher Hoff, Director, Cloud & Virtualization Solutions, Cisco Systems, Inc.

10:10 a.m. – The Future of Cloud Technology

• Moderator: Liam Lynch, Chief Security Strategist, eBay
• Panelists: Dave Asprey, Sr Director, Cloud Security, Trend Micro
  Patrick Harding, Chief Technology Officer, Ping Identity
  Scott Chasin, Chief Technology Officer, Content & Cloud Business, McAfee
  Eddie Schwartz, Chief Security Officer, NetWitness Corporation

11:00 a.m. – Break

11:10 a.m. – The CSA Roadmap

• Speaker: Archie Reed, Chief Technologist for Cloud Security, HP
  Ken Biery, Professional Services Manager, Security Consulting, Verizon Business
  Michael Sutton, Vice President, Security Research, Zscaler
  Vikas Jain, Director, Product Management, Cloud Identity and Security, Intel

11:50 a.m. – GRC in the Cloud – Today and Tomorrow

• Moderator: Tim Mather, Author, Cloud Security & Privacy
• Panelists: Arti Arora Raman, Vice President Products & Alliances, Agiliance
  Eran Feigenbaum, Director of Security, Google Apps, Google
  Bill Pennington, Chief Strategy Officer, WhiteHat Security
  Pamela Fusco, Vice President Industry Solutions, Solutionary

12:40 p.m. – The Road Ahead in the Cloud – A New and Promising Journey for the Security Professional

• Speaker: Philippe Courtot, CEO, Qualys, Inc.

11:00 a.m. – Welcome and Introduction

• Speaker: Steve Hanna, TNC Co-Chair and Distinguished Engineer, Juniper Networks

11:10 a.m. – Keynote Address – Leveraging TPM for Low Cost, Strong Authentication at PwC

• Speakers: Karl Wagner, Director of Global Networking, PriceWaterhouseCoopers

11:40 a.m. – Lunch and Demonstration Showcase

12:10 p.m. – Deployment Models for Your Future Network Security Solutions

• Moderator: Eric Ogren, Founder and Principal Analyst, Ogren Group
• Panelists: Paul Bartock, Technical Director for Information Assurance Transformation, Vulnerability Analysis and Operation Group, U.S. National Security Agency
  Michael Lindskoy, Senior Manager and Enterprise Architect, CUNA Mutual Group

12:50 p.m. – Demonstration Showcase Break

1:05 p.m. – Eliminating Risk and Reducing Costs with TPM

• Moderator: Roger Kay, Founder, Endpoint Technologies
• Panelists: Brian Berger, EVP Marketing & Sales, Wave Systems Corp
  Boudewiin Kilian, Solution Architect, PriceWaterhouseCoopers
  Jeremy Wyant, High Assurance Systems Engineer, General Dynamics

1:45 p.m. – Demonstration Showcase Break
2:00 p.m. – Faster, Lower Costs and High Assurance – The Role of Encrypted Hard Drives

• Moderator: Derek Brink, CISSP, Vice President and Research Fellow, Aberdeen Group
• Panelists: David Bowers, Manager, LE Client Technologists, Dell
  Jeff Kam, Information Technology Asset Manager, Dendreon Corporation
  Stan Potter, Emerging Technologies Lead, NCSC Trusted Computing Division, U.S. National Security Agency

2:40 p.m. – Demonstration Showcase Break

3:00 p.m. – Closing Remarks