Risk Management and Information Security

It is often said that you cannot protect what you do not know. Visibility has become a primary focus of many information risk management security programs and professionals alike. Chief Information Security Officers (CISOs) often rate their lack of visibility in their data assets, insights and information infrastructure as one of their top concerns. Data and information assets are rarely constrained to an organization's internal electronic and physical boundaries. There are also more computing assets, network connections, and storage capabilities in use than ever before. This proliferation of data and expansion of infrastructure has created the perfect opportunity for adversaries and their attacks to go unnoticed and addressed until their damaging effects have already been realized by the organizations or individuals they have targeted.

The Interop Las Vegas 2013 Information Security and Risk Management track will bring together some of the industry's best and brightest thought leaders to provide their ideas and experiences on successfully addressing the visibility challenge. They will also discuss a number of other key concepts, considerations, and technologies that are essential to successfully defend today's organization from the well-motivated, equipped, and capable cyber adversary. Sessions in the track will cover a broad range of information risk management and security areas from both a business and technology perspective.

I hope you will join me in challenging both the speakers in this track and as well as each other to enhance our knowledge and capabilities in order to be more effective in winning the epic battle that we continue to fight to ensure the health and safety of our information infrastructure and data assets.

Track Chair

John P. Pironti
CGEIT, CISA, CISM, CISSP, ISSAP, ISSMP, President
IP Architects, LLC

John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management programs, business resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, energy, government, hospitality, aerospace, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). He is also a published author and writer, highly quoted and often interviewed by global media, and a frequent speaker on electronic business and security topics at domestic and international industry conferences.

Schedule

Open All Descriptions Close All Descriptions

Wednesday

Thursday

Friday

Open All Descriptions

Close All Descriptions

Wednesday, May 8
10:15 AM – 11:15 AM	Key Elements of an Information Risk Profile - Location: Lagoon E Information risk has become a top-of-mind issue for many business leaders and information risk management security (IRMS) professionals. These two groups have historically had challenges interacting … More ▶ Speaker - John Pironti, President, IP Architects, LLC John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. John has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). John frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.
11:30 AM – 12:30 PM	The Great Appsec Debate: Static Vs. Dynamic Vs. Manual Penetration Testing - Location: Lagoon E Software applications are an integral part of 21st century business processes. The majority of software is still installed in-house, either as specially developed custom applications or commercially a… More ▶ Speaker - Chris Wysopal, Chief Security and Technology Officer, Veracode Chris Wysopal, co-founder and chief technology officer of Veracode, is responsible for the security analysis capabilities of Veracode technology. Veracode was recently named #20 on the list of America’s Most Promising Companies by Forbes Magazine. Mr. Wysopal is recognized as an expert and a well known speaker in the information security field and was recently named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by the editorial staffs of eWeek. He has given keynotes at computer security events and has testified on Capitol Hill on the subjects of government computer security and how vulnerabilities are discovered in software. He also has spoken as the keynote at West Point, to the Defense Information Systems Agency (DISA) and before the International Financial Futures and Options Exchange in London. His opinions on Internet security are highly sought after and most major print and media outlets have featured stories on Mr. Wysopal and his work. Mr. Wysopal’s groundbreaking work in 2002 while at the company @stake was instrumental in developing industry guidelines for responsibly disclosing software security vulnerabilities. Mr. Wysopal, along with Steve Christey of MITRE, proposed an IETF RFC identified as the “Responsible Vulnerability Disclosure Process,” which became the foundation for the Organization for Internet Safety (OIS). Mr. Wysopal is a founder of OIS, which established industry standards for the responsible disclosure of Internet security vulnerabilities. Mr. Wysopal is co-author of the award winning password auditing and recovery application @stake LC (L0phtCrack) which is currently used by more than 6,000 government, military and corporate organizations worldwide. Mr. Wysopal began his career as a principal software engineer at Lotus Development Corporation where, in the mid 90’s, with the rise of the Internet, he realized the critical need for secure software. He and his colleagues then created the first security research think tank known as L0pht Heavy Industries, which was later acquired by @stake in 1999. He became the manager of @stake’s Research Group and later became @stake’s vice president of research and development where he led a world class team of security researchers tackling the problem of automating the process for finding and disclosing security vulnerabilities in software. He also managed @stake’s products group to develop new security tools focused on wireless, infrastructure and application security. In 2004, when @stake was acquired by Symantec, Mr. Wysopal became its director of development and was responsible for the engineering team that built binary analysis technology to find vulnerabilities in software. Mr. Wysopal wrote The Art of Software Security Testing: Identifying Security Flaws, published by Addison Wesley and Symantec Press in December 2006. Mr. Wysopal earned his Bachelor of Science Degree in Computer and Systems Engineering from Rensselaer Polytechnic Institute in Troy, New York.
2:30 PM – 3:30 PM	Three Pillars of Accelerating Security to Keep Up to Speed with the Business - Location: Lagoon E Your organization wants to move fast, but security is complex and you may often feel like you are slamming on the brakes. This is exacerbated by new paradigms for IT adoption, where users and non-tech… More ▶ Speaker - Tas Giakouminakis, CTO, Rapid 7 Tas is a Rapid7 co-founder and the chief architect of NeXpose and has been part of the Matthews and Devine team since 1990. Giakouminakis helped form Percussion Software in 1994 where he led the server development of Notrix, Percussion's first product. In addition, he led the server development team for Rhythmyx, Percussion's Enterprise Content Management system. Tas left Percussion to launch Rapid7 in 1998. Prior to his recent experiences, he worked in the financial services sector, developing software in the security and risk areas for CitiCorp.
3:45 PM – 4:45 PM	Mobile Vulnerability Assessment: There's an App for That! - Location: Lagoon E Conservative carriers frequently leave privilege escalation vulnerabilities unpatched for months and years on today's consumer mobile platforms, a far cry from the near-instant silent updates deli… More ▶ Speaker - Jon Oberheide, CTO, Duo Security Jon Oberheide is CTO of Duo Security, an Ann Arbor-based startup focused on two-factor authentication and mobile security. In his free time, Jon dabbles in kernel exploitation, abusing Android devices, and beer brewing.
Top of Page
Thursday, May 9
10:15 AM – 11:15 AM	Breaking Through the FUD – 10 Steps to Secure BYOD - Location: Lagoon E Over the past year, Bring-Your-Own-Device (BYOD) has quickly made the jump from industry trend to business imperative, and organizations are now feeling the pressure to open their networks to employee… More ▶ Speaker - Frank Andrus, CTO, Bradford Networks Andrus is the Chief Technology Officer at Bradford Networks. He is responsible for overseeing all strategic technology functions, which include the evolution of the company’s flagship network access control platform, Network Sentry, new products and services, and setting the R&D strategy for the company’s network access control and BYOD solutions and integrations. An active leader in the network and mobile security space, Andrus has extensive speaking experience and has presented at many IT security events across the globe. Andrus has more than 20 years of experience in developing software solutions for enterprise and telecommunication network management applications. Andrus’ professional background includes assignments as a Senior Architect at Aprisma Management Technologies, where he designed and developed large-scale systems delivering advanced management services for multi-vendor networks. He also held senior engineering positions at Cabletron Systems and delivered secure, highly available, network management solutions including patented automated device discovery methodologies.
11:30 AM – 12:30 PM	When Networks Attack: Big Data Security Tackles Incident Response - Location: Lagoon E Millions of packets traverse modern networks every second of every day, and it's virtually guaranteed that some of those packets are the result of nefarious behavior. Even the most effective preve… More ▶ Speaker - Brian Contos, World Wide Vice President of Sales Engineering, Solera Networks Brian Contos, CISSP, Chief Security Officer and Worldwide VP Field Engineering at Solera Networks. He is a recognized security expert with nearly two decades of security engineering and management experience. He is the author of several books, including Enemy at the Water Cooler—Real-Life Stories of Insider Threats and Physical and Logical Security Convergence, which he co-authored with former NSA Deputy Director William Crowell. Brian has worked with government organizations and Forbes Global 2000 companies in over 40 countries throughout North, Central and South America, the Caribbean, Europe, Africa, the Middle East, and Asia. He is an invited speaker at leading industry events like RSA, Interop, GFIRST, SANS, and OWASP and has written for and been interviewed by industry and business press such as CBS News, Bloomberg, Forbes, NY Times, and the London Times. He also helped build several successful security companies. Brian was formerly senior director for emerging markets at McAfee, chief security strategist at Imperva, chief security officer at ArcSight, and director of engineering at Riptech. In addition, he has held security positions at Bell Laboratories, Tandem Computers, and the Defense Information Systems Agency (DISA). Brian is a Ponemon Institute Distinguished Fellow and graduate of the University of Arizona. Speaker - Andrew Brandt, Director of Threat Research, Solera Networks Andrew Brandt, Solera Networks' Director of Threat Research, is an ex-journalist-turned-malware-analyst. At Solera Networks, Brandt uses his knowledge about the behavior of malicious software to profile identifiable characteristics of undesirable or criminal activity. Chronicled on the company's Threat Blog, his analysis techniques seek to identify the perpetrators of cybercrime, as well as to determine general principles that can help analysts and defenders rapidly and comprehensively identify the root cause of infection and data loss, putting real-time network data analysis at the front line of prevention.
2:30 PM – 3:30 PM	What’s Next? Emerging Trends in Information Risk Management and Security - Location: Lagoon E Information risk management and security is an ever changing and evolving concept and challenge. The threats that are posed to organizations and the risks they create are constantly changing and beco… More ▶ Moderator - John Pironti, President, IP Architects, LLC John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. John has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). John frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences. Panelist - Gus Anagnos, Director, Information Security, PayPal Gus is an executive with broad experience developing, implementing, and leading global Information Security, Business Continuity and Crisis Management programs. He has over fifteen years industry experience in a variety of risk based leadership roles. He is known as an industry leader: through hands-on implementation experience, publications, visits on CNBC, speaking at industry conferences, authorship of cutting-edge models, consulting achievements and international advisory roles. Panelist - Michael A. Davis, President, External IT, Savid Technologies Over the years, Michael A. Davis has earned a reputation as one of the nation's leading authorities on information technology. The list of organizations that rely on his council includes AT&T, Sears, Exelon, the US Department of Defense, and Discover Financial. Mr. Davis is President of External IT, a national managed IT services, cloud services, and IT security provider that focuses on unifying the business IT experience. In 2005, Mr. Davis founded Savid Technologies, an IT security consulting firm. He led Savid to be the 23rd fastest growing company in Chicago as measured by Inc. magazine, and by 2010, Savid was ranked 611 on the Inc. 5000 list of fastest growing companies in America. As an entrepreneur he was voted one of the “Top 25 under 25” by BusinessWeek, semi-finalist of the Ernst and Young “Entrepreneur of the Year” award, and a “Web 2.0 Wonderkid” for his online marketing capabilities. In 2012, Savid was acquired by External IT. Mr. Davis is an author of the No. 1 computer security book in the world, Hacking Exposed, as well as Hacking Exposed: Malware and Rootkits, and he is a frequent contributor to industry and business publications including InformationWeek and The Wall Street Journal. Much of his time is spent lecturing, and conferences and conventions that know him well include Black Hat, Interop, SuperStrategies, and InfoSecWorld. The phrase "I can't" is the most powerful force of negation in the human psyche. When done properly, IT enables the business to say "we can". Panelist - Scott Emo, Head of Software Blade Product Marketing, Check Point Software Technologies Inc. Scott Emo has over 20 years of experience in the high tech industry in aspects of product marketing, product management and technology marketing. Emo has managed a vast number of enterprise technology areas including, Endpoint Security, Network Security, Data and Mobile Security, Managed Services, Network Infrastructure, Co-location, Microprocessor Architecture, Unix Servers and Network Adapters. He has held leadership roles in many of Silicon Valley’s elite companies including Check Point, McAfee, Symantec, Exodus Communications, Cable & Wireless, Savvis, and HP. Panelist - John Shier, Senior Security Expert, Sophos John Shier is a Senior Security Expert at Sophos. John provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics through Sophos and Channel Partner sponsored events. He also provides technical sales support and product education to Sophos partners and customers.
3:45 PM – 4:45 PM	A CISO's Perspective - Enhancing Visibility and Response to Provide More Effective Information Risk Management and Security - Location: Lagoon E Despite all of the investments that organizations have made in their information risk and security programs in recent years, there are typically two profiles that exist in the world today - those who … More ▶ Speaker - Jay Leek, Chief Information Security Officer, Blackstone Mr. Jay Leek serves as Chief Information Security Officer - Information Technology at The Blackstone Group LP. Mr. Leek joined Blackstone in May 2012. Prior to Blackstone, Mr. Leek established, built, and headed up global information risk and security programs for Equifax and Nokia. Mr. Leek served as a Product Manager for Information Security Vendors and Consultant to numerous telecommunications companies, government agencies and financial institutions, assisting them with business development, strategic planning and architectural design required to meet their information risk and security objectives for 19 years. Mr. Leek has a Bachelor of Science in Information Assurance and Security summa cum laude from Capella University. He is a Certified Information Security Manager, Certified Information Systems Security Professional and Certified Information Systems Auditor.
Top of Page
Friday, May 10
9:00 AM – 10:00 AM	E-Discovery in 2013 - Location: Lagoon E This session will cover the practical considerations that security managers or practitioners should be aware of regarding the current state of E-discovery law, from both pre-litigation policy and post… More ▶ Speaker - Nolan Goldberg, Senior Counsel, Proskauer LLP Nolan M. Goldberg is an IP & Technology Counsel in Proskauer's Litigation & Dispute Resolution Department and a member of the Patent Law Group, resident in the New York office. As an intellectual property litigator, his practice focuses on patent and trade secret litigation and counseling. As a founding member of the Litigation Department's Electronic Discovery Task Force, Mr. Goldberg is often called upon to develop e-discovery strategies to be used in all types of litigations, with a particular focus on managing the overall burden and cost of the electronic discovery process and obtaining often overlooked electronic evidence, including computer forensics. Mr. Goldberg's complete professional bio can be found at http://www.proskauer.com/professionals/nolan-goldberg/ Speaker - Jim Vaughn, Managing Director, iDiscovery Solutions Mr. James D. Vaughn, a Managing Director in the Costa Mesa office of iDiscovery Solutions, Inc (“iDS”), is a court-recognized expert who has given testimony in nearly 65 cases involving topics such as evidence preservation, documentation of events, and computer forensic methodologies and procedures. In addition to being an EnCase Certified Examiner (EnCE), Mr. Vaughn is certified by the International Association of Computer Investigative Specialists (IACIS) as a Certified Forensic Computer Examiner (CFCE). Mr. Vaughn has trained hundreds of law enforcement officers, attorneys, and other examiners on computer forensics and high-technology related issues involving best practices and methodologies. He has 16 years law enforcement experience, has co-developed computer forensic courses for the California Department of Justice, and has been involved in high profile cases throughout his career. Mr. Vaughn has extensive experience working on litigation and consulting matters involving computer forensics, e-Discovery and other high technology issues. He serves his clients through the litigation or consulting lifecycle by assisting them with important issues like data scoping, preserving, gathering, processing, hosting, review and production, as well as deeper diving issues uncovered through the use of computer forensics. Mr. Vaughn’s matters have widely varied and span across diverse areas such as misappropriation of trade secrets, intellectual property issues, contract disputes, fraud investigations, alleged hacking, and employment disputes, among others. He has served clients on the plaintiff side, the defendant side, and has served as a third party neutral on several occasions. Mr. Vaughn can be reached at: iDiscovery Solutions 535 Anton Boulevard, Suite 850 Costa Mesa, CA 92626
10:15 AM – 11:15 AM	Five Essential Steps to Mitigating Insider Threats - Location: Lagoon E This talk gives the findings of the first-ever global insider threat study that catalogs common practices used by leading organizations across numerous verticals and geographies. We detail how leading… More ▶ Speaker - Rob Rachwald, Senior Director of Market Research, FIreEye Rob Rachwald researches and analyzes data security trends from a business perspective. Prior to joining FIreEye, Rob worked at Intel in the early days of e-commerce, helping to convert the chip maker’s procurement and supply chain system into one of the largest online transaction systems worldwide. He is a graduate of the University of California, Berkeley, and received his MBA from Vanderbilt University.
11:30 AM – 12:30 PM	Curbing the Impact of DDos Attacks - Location: Lagoon E As businesses continue to move critical operations online, Distributed Denial of Service (DDoS) attacks are increasing in frequency, sophistication and range of targets. In 2011, 63% of respondents to… More ▶ Speaker - Sean Leach, VP of Strategy and Technology, Verisign Sean is Vice President of Technology for the Verisign Network Intelligence and Availability (NIA) group where he is responsible for product and technical architecture and strategy for the Group’s DNS, security and threat intelligence, and DDoS protection services. He has previously served as CTO of name.com, a “top 20” domain registrar and hosting company; Senior technologist at Neustar; and Director of Engineering at UltraDNS. Prior to that, he ran engineering and operations at several ISP and hosting providers. Sean is a sought after subject matter expert in DDOS, DNS, and cyber security, and has participated in the last two DHS sponsored Cyberstorm (cyber warfare simulation) events.
Top of Page

Vendor Sessions

For additional sessions on this track topic, check out our Vendor Sessions which are open to all attendees.

Wednesday

Open All Descriptions

Close All Descriptions

Wednesday, May 8
12:00 PM – 12:45 PM	Information Security Adaptation: Survival in an Evolving Threat Landscape - Presented by Radware - Location: Mandalay Bay L A new breed of carefully orchestrated, multi-vector assaults are overwhelming the security infrastructure and overpowering typical network security measures of enterprises worldwide. Traditional count… More ▶ Speaker - Carl Herberger, VP of Security, Radware As Vice President of Security Solutions at Radware, Mr. Herberger is responsible for developing, managing, and increasing the company’s security practice and the primary corporate spokesperson in the Americas. Since 2010, Mr. Herberger has lead Radware’s security business product leadership & growth. Frequent guest of Fox Business News, CNN and Bloomberg Broadcast News along with numerous NYT, WSJ and Washington Post citations, Mr. Herberger is considered a foremost expert on the problems and solutions surrounding Cyber Attacks. Before joining Radware, Carl served as V.P., Security & Compliance, a major East Coast Cloud Security provider based in Philadelphia. While at Evolve IP, was responsible for all aspects of the company’ $MM managed and professional service security offerings including P&L, marketing, pricing, delivery, technology selection and staffing. Before joining Evolve IP, Carl served as President and Co-founder of Allied InfoSecurity, Inc. – an international provider of best-of-class security consulting and technical compliance services. Prior to his tenure at Allied InfoSecurity, Inc., Carl served as the Information Security Officer for Barclaycard US. In this role, he was responsible for the entire information security program. From 2002 to 2006, Mr. Herberger was the senior executive in charge of the SunGard Professional Services IT Security Practice which was recognized as one of the top-five IT security consulting organizations in the U.S. in 2005.
Top of Page

Wednesday, May 8

12:00 PM – 12:45 PM

Information Security Adaptation: Survival in an Evolving Threat Landscape - Presented by Radware - Location: Mandalay Bay L

Top of Page