Focus on IT Security at the Leading Business Technology Conference
Information security continues to evolve beyond traditional technologically-focused controls into meaningful risk-oriented, business-aligned capabilities and information risk management. You can no longer rely on technology alone to protect information and information infrastructure, and require a business-aligned approach to information risk management, governance and compliance to be successful.
IT Security Conference Sessions
Key Considerations in Business ResiliencyTuesday, May 19 — 10:15–11:15 AM
Business Resiliency is the maturation and amalgamation of the individual processes of crisis management, incident response, business continuance and disaster recovery into one succinct set of processes and capabilities that work collectively instead of independently. This combination allows organizations to have minimal disruption in the event of a business-impacting incident that affects the entire organization instead of one that involves specific information infrastructure areas. When evaluating these capabilities, it is important to understand that they only are as effective as the proactive planning and considerations that go into their development. Too often, planning accounts for only the most obvious considerations and does not incorporate crucial and essential considerations that have the most impact. This session will discuss the key elements of business resiliency and the considerations which should be made when developing or maturing this capability.
Business Resiliency is the maturation and amalgamation of the individual processes of crisis management, incident response, business continuance and disaster recovery into one succinct set of processes and capabilities that work collectively instead of independently. This combination allows organizations to have minimal disruption in the event of a business-impacting incident that affects the entire organization instead of one that involves specific information infrastructure areas. When evaluating these capabilities, it is important to understand that they only are as effective as the proactive planning and considerations that go into their development. Too often, planning accounts for only the most obvious considerations and does not incorporate crucial and essential considerations that have the most impact. This session will discuss the key elements of business resiliency and the considerations which should be made when developing or maturing this capability.
Speaker - John Pironti, President, IP Architects, LLC.
John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security programs, business resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, energy, government, hospitality, aerospace, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). He is also a published author and writer, highly quoted and often interviewed by global media, and a frequent speaker on electronic business and security topics at domestic and international industry conferences.
Dude - Where's My Data? Making a Case for Data-Centric Security SolutionsTuesday, May 19 — 11:30 AM–12:30 PM
Organizations today would never consider conducting business without the protection of network firewalls. The problem is that the "threatscape" has changed and it's the Wild West for nefarious individuals armed with as little as a Web browser. Application-layer attacks such as circumventing authentication mechanisms, identity impersonation, code injection, and logic flaws, as well as various database vulnerabilities are pervasive. Simply put, network security solutions aren't designed to address these data-centric issues.During this presentation three areas will be covered:
1. Making a business case for data-centric security solutions
2. Exploring key technologies: ? Data Discovery Solutions ? Application and Database Vulnerability Scanners ? Web Application Firewalls (WAF) ? Database Firewalls ? Database Activity Monitoring (DAM) Solutions
3. Demonstrating through multiple use cases how these technologies, especially when working in concert, can improve an organization's overall security posture beyond that of traditional network security solutions.
Organizations today would never consider conducting business without the protection of network firewalls. The problem is that the "threatscape" has changed and it's the Wild West for nefarious individuals armed with as little as a Web browser. Application-layer attacks such as circumventing authentication mechanisms, identity impersonation, code injection, and logic flaws, as well as various database vulnerabilities are pervasive. Simply put, network security solutions aren't designed to address these data-centric issues.During this presentation three areas will be covered:
1. Making a business case for data-centric security solutions
2. Exploring key technologies: ? Data Discovery Solutions ? Application and Database Vulnerability Scanners ? Web Application Firewalls (WAF) ? Database Firewalls ? Database Activity Monitoring (DAM) Solutions
3. Demonstrating through multiple use cases how these technologies, especially when working in concert, can improve an organization's overall security posture beyond that of traditional network security solutions.
Speaker - Brian Contos, Chief Security Strategist, Imperva
Mr. Contos has over fourteen-years of real-world security engineering and management expertise developed in some of the most sensitive and mission-critical environments in the world. As the chief security strategist for Imperva he advises government organizations and Global 2,000s on security strategy related to data-centric security while being an evangelist for the security space. He has written several security books including Enemy at the Water Cooler - Real Life Stories of Insider Threats as well as Physical and Logical Security Convergence which was co-authored with the former Deputy Director of the NSA - Bill Crowell. He has delivered countless speeches, webcasts, podcasts, and magazine articles for Forbes, the London Times, Computerworld, Sarbanes-Oxley Compliance Journal, SC Magazine and many others. Mr. Contos has held management and engineering positions at ArcSight, Riptech, Lucent Bell Labs, Compaq Computers and the Defense Information Systems Agency (DISA).
Security By Compliance: Information Risk Management's Greatest ChallengeTuesday, May 19 — 2:45–3:45 PM
When most organizations think about information protection, compliance is the top issue today. This new level of consciousness has become a great benefit to information security professionals, as well as their greatest nightmare. The leadership of many organizations are now falling into the trap of "security by compliance"—which has created a false sense of security for them. They believe that if they meet their legal and regulatory compliance requirements, they have fulfilled their requirements for information risk management and protection. This panel will discuss the challenge of taking advantage of the benefits created by new compliance requirements, while also overcoming the challenge of this new operating procedure.
When most organizations think about information protection, compliance is the top issue today. This new level of consciousness has become a great benefit to information security professionals, as well as their greatest nightmare. The leadership of many organizations are now falling into the trap of "security by compliance"—which has created a false sense of security for them. They believe that if they meet their legal and regulatory compliance requirements, they have fulfilled their requirements for information risk management and protection. This panel will discuss the challenge of taking advantage of the benefits created by new compliance requirements, while also overcoming the challenge of this new operating procedure.
Moderator - John Pironti, President, IP Architects, LLC.
John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security programs, business resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, energy, government, hospitality, aerospace, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). He is also a published author and writer, highly quoted and often interviewed by global media, and a frequent speaker on electronic business and security topics at domestic and international industry conferences.
Speaker - Khalid Kark, Principal Analyst , Forrester Research
Khalid is a leading expert in the areas of information security services, strategy and IT GRC (Governance Risk and Compliance). Khalid's research focuses on building and maintaining effective security programs and making (CISOs) Chief Security Officers more successful in their role. . His research focuses on the strategies, operational processes, and organizational structures for developing and maintaining effective security programs. Khalid covers information risk management, information security strategy, best practices and metrics. He also covers security governance topics such as roles and responsibilities, policies, awareness, training and reporting for the security organization. Khalid has been widely quoted in the press, including such media outlets as Boston Globe and the Wall Street Journal. Khalid is a frequent keynote speaker at national and international executive conferences. During his career, Khalid has worked in both the consulting and enterprise sectors. Prior to joining Forrester, he worked for a global insurance company where he provided leadership and direction for the information security program. Previously, Khalid consulted organizations in healthcare, finance, entertainment and communication industries on information security strategy and architecture. Khalid holds a master's degree in telecommunications management from University of Pennsylvania and a bachelor's degree in business and economics from University of Texas at Austin. Khalid is also a Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM), and a Certified Information Security Auditor (CISA).
Speaker - Paul Stamp, Senior Product Manager , RSA
Paul Stamp is the Senior Manager of Product Marketing for the Information and Event Management Group at RSA. In this role, Paul is responsible for reinforcing RSA's position as a market leader in the Security Information and Event Management space. Paul has been active in the information security industry for the past 11 years, and is regularly featured in the media, including NPR Marketplace, Wall Street Journal, New York Times, Washington Post and a host of industry publications. Prior to joining RSA, Paul was Principal Analyst for Forrester Research, covering security information and event management and data security, and a security architect with Unisys Corporation. Paul holds an MA (Oxon) in Mathematics from Oxford University.
Speaker - Tom Murphy, Chief Strategist , Bit9, Inc.
Tom Murphy is the chief strategist at Bit9, Inc, the pioneer and leader in application whitelisting. In this role, Murphy is responsible for evangelizing the use of enterprise application whitelisting worldwide and determining strategic direction for Bit9. Prior to his work at Bit9, he led efforts to create broad industry awareness for Relicore, a security company recently acquired by Symantec. Murphy has also held posts at Verita, BMC Software and GTE Government Systems Corporation. In 2007 he was named CxO of the year by the Massachusetts Technology Leadership Council.
Speaker - Troy Leach, CISSP, CISA, Technical Director, PCI Security Standards Council
Troy Leach is the Technical Director for the PCI Security Standards Council (SSC). In his role with the Council, Leach is developing and implementing a comprehensive Quality Assurance Program to promote consistency within the Council's QSA, ASV, PA-DSS, and PED programs. Prior to joining the Council, he led the incident response program at American Express. In this position, he reviewed more than 300 cases where account data has been compromised. Over the past 15 years, he has held positions in systems administration, network engineering, IT management, security assessment and forensic analytics. Leach holds a Master of Science in Telecommunications & Network Management as well as a graduate degree in Information Security Management from Syracuse University.
Navigating Unchartered Waters: Best Practices for Managing a Governance, Risk and Compliance Architecture Across the EnterpriseTuesday, May 19 — 4:00–5:00 PM
Organizations are challenged with governance, risk and compliance (GRC) hurdles that require a new strategy. Beyond Sarbanes-Oxley, organizations are weary of increased regulatory actions, corporate litigation, demands of corporate social responsibility, as well as stakeholder pressure. Ensuring compliance is a daunting task. In today's fiercely competitive and risky business climate, Fortune 1000 companies can no longer tackle GRC challenges as single entities. A sustainable GRC architecture facilitates the mega-processes of enterprise governance, risk and compliance. Attendees will be empowered to manage the lifecycle of corporate and IT policies; consolidate business intelligence across divisions; and achieve effective governance throughout the organization.
Organizations are challenged with governance, risk and compliance (GRC) hurdles that require a new strategy. Beyond Sarbanes-Oxley, organizations are weary of increased regulatory actions, corporate litigation, demands of corporate social responsibility, as well as stakeholder pressure. Ensuring compliance is a daunting task. In today's fiercely competitive and risky business climate, Fortune 1000 companies can no longer tackle GRC challenges as single entities. A sustainable GRC architecture facilitates the mega-processes of enterprise governance, risk and compliance. Attendees will be empowered to manage the lifecycle of corporate and IT policies; consolidate business intelligence across divisions; and achieve effective governance throughout the organization.
Speaker - Jon Darbyshire, Founder, President and CEO, Archer Technologies
Jon Darbyshire founded Archer Technologies in 2000 with a vision to create enterprise-wide IT risk and compliance management solutions that would replace traditional manual processes and disparate point solutions. Jon's vision has evolved into Archer's award-winning enterprise governance, risk and compliance solutions built on the Archer SmartSuite Framework, which allows business users to create and tailor applications to meet their unique needs. Prior to founding Archer, Jon held senior executive positions within the Security and Risk Management practices of Ernst & Young and Price Waterhouse. Jon has more than 20 years of experience in the security, risk and compliance management space.
VoIP SecurityWednesday, May 20 — 10:15–11:15 AM
We're getting more reports of vulnerabilities being found in IP telephony products, but are any of these being exploited yet? What parts of an IP telephony system are most likely to be targeted, and how likely is it that attackers will succeed in damaging your system? This session will focus on the state of the art in voice over internet protocol (VoIP)/IP telephony/Unified Communications security.
We're getting more reports of vulnerabilities being found in IP telephony products, but are any of these being exploited yet? What parts of an IP telephony system are most likely to be targeted, and how likely is it that attackers will succeed in damaging your system? This session will focus on the state of the art in voice over internet protocol (VoIP)/IP telephony/Unified Communications security.
Speaker - Mark Collier, CTO & Vice President of Engineering , Securelogix
Virtual Reality: Understanding the Security and Compliance Implications of Server VirtualizationWednesday, May 20 — 10:15–11:15 AM
Server virtualization is hot! Whether your executives think green or simply want to save some green, everyone is deploying virtualizationm - the benefits are undeniable. As we embrace virtualization, we must strategically approach security and compliance from the start. Virtualization introduces new attack surfaces and a swath of new availability risks. This brave new world also impacts how we approach compliance, governance and risk management. Corman will explore best practices and real world successes in assuring virtualization benefits.
Server virtualization is hot! Whether your executives think green or simply want to save some green, everyone is deploying virtualizationm - the benefits are undeniable. As we embrace virtualization, we must strategically approach security and compliance from the start. Virtualization introduces new attack surfaces and a swath of new availability risks. This brave new world also impacts how we approach compliance, governance and risk management. Corman will explore best practices and real world successes in assuring virtualization benefits.
Speaker - Joshua Corman, Principal Security Strategist, IBM/ISS
Joshua Corman serves as Principal Security Strategist for IBM Internet Security Systems. With over a decade in security and IT, Corman drives security strategy for emerging issues and is responsible for IBM's Threat Mitigation Strategy. Corman is a highly coveted and engaging speaker and has spoken at leading industry events such as RSA, Interop, ISACA, InfoSec, Computerworld, and IT Security World. His thought leadership encourages strategic approaches for the Evolving Threat, Virtualization, Data Security, Security Cost & Complexity, and 7 Dirty Secrets of the Security Industry. He brings a rare balance of deep technical acumen, business context, and the ability to communicate in accessible ways. Networkworld magazine recently chose to recognize Corman as a top influencer of IT for 2009.
The Hows and Whys of Intrusion Detection Event CorrelationWednesday, May 20 — 11:30 AM–12:30 PM
Intrusion detection systems (IDSs) have improved over time, but they nevertheless miss attacks and also produce false alarms. Correlating the output of multiple IDSs and devices can compensate for this. This presentation explains how and why this should be done. The manner in which data are correlated is a critical consideration, however. This presentation will explain and critique the major approaches to event correlation, such as statistical correlation, Baysian correlation, alert fusion and rule-based event correlation. The advantages and limitations associated with each type of event correlation method will be explained. Finally, this presentation takes a look at intrusion detection analysis is likely to take in the future.
Intrusion detection systems (IDSs) have improved over time, but they nevertheless miss attacks and also produce false alarms. Correlating the output of multiple IDSs and devices can compensate for this. This presentation explains how and why this should be done. The manner in which data are correlated is a critical consideration, however. This presentation will explain and critique the major approaches to event correlation, such as statistical correlation, Baysian correlation, alert fusion and rule-based event correlation. The advantages and limitations associated with each type of event correlation method will be explained. Finally, this presentation takes a look at intrusion detection analysis is likely to take in the future.
Speaker - Gene Schultz, CTO, Emagined Security
Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, and has also written over 120 published papers. Gene was the Editor-in-Chief of _Computers and Security_ from 2002 - 2007, is currently on the editorial board for this journal, and is an associate editor of _Network Security_. He is also a SANS instructor, member of the SANS NewsBites, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. Additionally, Gene has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.
Are Virtual Infrastructures Secure? More or Less????Wednesday, May 20 — 2:00–3:00 PM
Before x86 virtualization, network switches provided a secure perimeter to the data center. When IT organizations implement virtualization, some switches move from physical perimeter devices to virtual switches inside a physical server. This shift is an example of the new paradigm of security within a virtual infrastructure. In addition, virtualization introduces new attack surfaces and a swath of new risks. As we embrace virtualization, we must strategically approach security from the start.
It is prudent to secure all infrastructures, virtual ones included. But how does the addition of a virtualization software layer affect securing the entire infrastructure from the application through the hardware? This session will explore the issues around securing a virtual infrastructure and highlight some of the tools available to assist with securing the entire environment.
Before x86 virtualization, network switches provided a secure perimeter to the data center. When IT organizations implement virtualization, some switches move from physical perimeter devices to virtual switches inside a physical server. This shift is an example of the new paradigm of security within a virtual infrastructure. In addition, virtualization introduces new attack surfaces and a swath of new risks. As we embrace virtualization, we must strategically approach security from the start.
It is prudent to secure all infrastructures, virtual ones included. But how does the addition of a virtualization software layer affect securing the entire infrastructure from the application through the hardware? This session will explore the issues around securing a virtual infrastructure and highlight some of the tools available to assist with securing the entire environment.
Moderator - Anne Skamarock, Research Director, FOCUS
Anne Skamarock has spent nearly 30 years in software engineering, consulting and technical marketing, as an end-user/administrator, vendor, industry analyst, and author, with Sun, Solbourne, StorageTek, SRI, and Enterprise Management Associates (EMA). For the past 10 years, she has focused on virtualization, systems, and storage management and the intersection points between them. Anne's expertise encompasses systems architecture; virtualization technologies; enterprise management software; data protection; and tape and disk storage. A frequent speaker at conferences, she co-chairs the Interop Virtualization Tracks, and previously chaired Interop's Network Storage Track. In addition to regular TechTarget and Network World columns, Anne also co-authored "Blade Servers and Virtualization: Transforming Enterprise Computing While Cutting Costs" as well as "Storage Solutions: a Buyer's Guide."
Speaker - Charu Chaubal, Senior Architect, Technical Marketing, VMWare
Charu Chaubal is a Senior Architect in Technical Marketing at VMware, where he is chartered with enabling customer adoption and driving key partnerships for datacenter virtualization. His areas of expertise include virtualization security, compliance and infrastructure management, and he has been responsible for defining and delivering VMware's prescriptive guidance on security hardening and operations. Previously, he worked at Sun Microsystems, where he had over 7 years experience with designing and developing distributed resource management and grid infrastructure software solutions. He holds several patents in the fields of datacenter automation and numerical price optimization. Charu received a Bachelor of Science in Engineering from the University of Pennsylvania, and a Ph.D. from the University of California at Santa Barbara, where he studied theoretical models of complex fluids
Speaker - Chris Orr, Sr. Systems Engineer/Business Development, Tripwire
Chris Orr joined Tripwire in October 2000 and serves as a Senior Inside Systems Engineer where he provides pre-sales technical assistance and solution designs for the sales force. As a holder of the ITIL Foundations certification and a CISA since 2005, Chris understands the need for Change Auditing in the post-Enron world. Prior to joining Tripwire, Chris worked as a Senior Systems Engineer for a Hawaii based Systems Integrator and has been in the industry since 1995. Prior Speaking Experience Virtualization West Interop IIA All Stars Conference Defense in Depth Taming the Windows Registry Layered Security Seminar 2007 Corporate Audit, Security & Compliance Conference
Speaker - Hezi Moore, CTO, Reflex Systems
Hezi Moore, the founder and Chief Technology Officer of Reflex Systems, brings more than 15 years experience in security, networking and entrepreneurial expertise to Reflex Systems. In his role of CTO, he is responsible for shaping the company's technology strategy and defining the roadmap for future design and development of innovative, virtualization infrastructure management and security solutions and delivering them to market. In 2006, Moore led the effort to develop the industry's first Virtual Security Appliance (VSA) that has since evolved into Reflex Systems' flagship product, Virtualization Management Center. Reflex VMC provides comprehensive visibility, management, and security for the virtual infrastructure. Moore has participated as a virtualization industry expert in various sessions, roundtables and panels including 451 ICE Summit, Sys-Con Virtualization Conference, and CSI and been published in multiple industry publications. Prior to founding Reflex Systems, Moore was president and co-founder of MicroTech Systems - a firm specializing in network design and configuration of point-of-sale systems - which was subsequently acquired by Retail Technologies International of Sacramento, California. He has also held such diverse occupations as a technical support and research analyst for GE Technology. Moore was a pioneer of the automated network intrusion response system, the concept out of which Reflex Systems grew. Hezi graduated with Honors from the Georgia Institute of Technology, in Atlanta, Georgia with a Bachelor of Science degree in Computer Engineering.
Speaker - Michael Berman, CTO, Catbird
Michael Berman is the CTO of Catbird, with over 20 years experience in system engineering, architecture, design and implementation of secure computing. Michael's experience includes implementation of C2 UNIX; Fortune 100 enterprise security; and expert support in the prosecution of computer crimes. He is a member of the Electronic Crimes Task Force and High-Tech Crime Investigation Association and a Certified Information Security Systems Professional (CISSP). Michael is a frequent speaker on the topic of virtualization and security and is currently coauthoring a book on virtualization security. Michael is also a member of the editing team for the Center for Internet Security's vmsecurity benchmark.
Network Access Control - Is It Ready For Prime Time?Wednesday, May 20 — 2:00–3:00 PM
Network access control (NAC) has been offered as the "Swiss Army knife" of IT security solutions. It promises to provide authentication, policy enforcement, identity and access management, ongoing security for the life of a connection, seamless usage in any NAC-enabled network, in addition to many other capabilities. If NAC is the answer, then what are the right questions to ask? This session will provide a realistic perspective on what NAC can and cannot provide in regards to information security. Concepts that will be discussed will include an update on vendor interoperability and standards; case studies of successful and not-so-successful implementations; an overview of what NAC truly can and cannot provide; discussion of both network and application requirements; and what the future holds for NAC.
Network access control (NAC) has been offered as the "Swiss Army knife" of IT security solutions. It promises to provide authentication, policy enforcement, identity and access management, ongoing security for the life of a connection, seamless usage in any NAC-enabled network, in addition to many other capabilities. If NAC is the answer, then what are the right questions to ask? This session will provide a realistic perspective on what NAC can and cannot provide in regards to information security. Concepts that will be discussed will include an update on vendor interoperability and standards; case studies of successful and not-so-successful implementations; an overview of what NAC truly can and cannot provide; discussion of both network and application requirements; and what the future holds for NAC.
Moderator - Mike Fratto, Managing Editor, Labs, Information Week
Mike is Managing Editor, Labs, for InformationWeek. He previously was a Senior Technology Editor with Network Computing and Executive Editor for Secure Enterprise. He has spoken at several conferences including NetWorld+Interop, MISTI, the Internet Security Conference, as well as to local groups. He also teaches a network security graduate course at Syracuse University. Prior to Network Computing, Mike was an independent consultant.
Speaker - Alok Agrawal, MANAGER, Product Marketing, Cisco
Alok Agrawal is Manager of Product Marketing for the Cisco NAC Appliance product line. Alok has deep NAC product knowledge with years of hands-on experience working with customer NAC deployments. In his current position, Alok leads the team to deliver the Cisco NAC solution to customers and to develop future technology and products. Alok previously led the Cisco NAC Technical Marketing team developing technical solutions and driving product architecture and features. He has a strong background in routing, switching, host security design and implementation. Alok holds a Master's degree in Electrical Engineering from the University of Southern California.
Speaker - Jennifer Jabbusch, CISO, Network Security Specialist, CAD, Inc.
Jennifer Jabbusch is a network security engineer and consultant with Carolina Advanced Digital, Inc. Jennifer has over 15 years experience working in various areas of the technology industry. Most recently, Ms. Jabbusch has focused in specialized areas of infrastructure security, including Network Access Control, 802.1X and Wireless Security technologies. In addition to being a CISSP, Jennifer holds several vendor-specific certifications such as HP Master ASE in Networking, Security & Mobility and Juniper JNCIA for Access Control. Her technical expertise with multiple vendor technologies gives her unique insight into the industry. Jennifer has consulted for a variety of government agencies, educational institutions and Fortune 100 and 500 corporations. In addition to her regular duties, she participates in a variety of courseware and exam writings and reviews, including acting as subject matter expert on Access Control, Business Continuity and Telecommunications, and lead subject matter expert in the Cryptography domains of the official (ISC)2 CISSP courseware (v9). You can find more security topics and musings on her security blog at http://SecurityUncorked.com.
Speaker - Khaja Ahmed, Windows Networking Security, Microsoft
Speaker - Mauricio Sanchez, Chief Security Architect, HP ProCurve Networking
Mauricio Sanchez is Chief Security Architect for HP ProCurve Networking. He is responsible for specifying ProCurve's security technology strategy across all product lines and leading ProCurve's security products and solutions business. Sanchez is currently representing ProCurve in IETF and TCG/TNC (Trusted Computing Group/Trusted Network Connect) standards bodies. In the IETF, he has edited a number of standards track RFCs in the realm of access control attributes for RADIUS that enable granular control of traffic. In the TNC, he led the definition of the IF-PEP interface, which standardizes control of policy enforcement devices by the network access server. He also was pivotal in the engagement and design of Virus Throttle in ProCurve products in conjunction with researchers from HP Labs. Sanchez joined ProCurve in 2000 as a Software Development Engineer responsible for design and development of switch fabric ASIC verification tools. He quickly expanded his focus from the low-level domain into the security domain by leading the design and implementation of several management security protocols offered in ProCurve products. The ensuing years have allowed him to obtain broad experience in the ongoing effort to meld network and security technologies that together are establishing the next generation in enterprise networking. Sanchez holds a B.S. in Computer Engineering, a minor in German and M.S. degree in Electrical Engineering all from Cal Poly, San Luis Obispo. He is registered as a CISSP and has one security patent and ten additional pending.
Speaker - Stephen Hanna, Distinguished Engineer, Juniper Networks
Steve Hanna is a Distinguished Engineer at Juniper Networks. He is co-chair of the Trusted Network Connect Work Group in the Trusted Computing Group and co-chair of the Network Endpoint Assessment Working Group in the Internet Engineering Task Force. Hanna is the author of several IETF RFCs and published papers, an inventor or co-inventor on 33 issued U.S. patents, and a regular speaker at industry events such as Interop and the RSA Conference. He holds a Bachelor's degree in Computer Science from Harvard University.
Wireless Security - Strategies and Tools Wednesday, May 20 — 2:00–3:00 PM
While it can be argued that wireless security has come a long way since the early days of anything but secure systems, new threats demand constant vigilance in defining and implementing enterprise wireless security strategies, policies and solutions. This session will define and explore best practices for mobile security, for both wireless LANs and wide-area, carrier-based wireless networks. We'll review key security requirements and discuss the alternatives available to build enterprise-class secure wireless implementations.
While it can be argued that wireless security has come a long way since the early days of anything but secure systems, new threats demand constant vigilance in defining and implementing enterprise wireless security strategies, policies and solutions. This session will define and explore best practices for mobile security, for both wireless LANs and wide-area, carrier-based wireless networks. We'll review key security requirements and discuss the alternatives available to build enterprise-class secure wireless implementations.
Moderator - Lisa Phifer, President, Core Competence
Lisa Phifer is President of Core Competence, a consulting firm focused on business use of emerging network and security technologies. At Core Competence, Lisa draws upon her 27 years of network design, implementation, and testing experience to provide a range of services, from vulnerability assessment and product evaluation to user education and white paper development. She has advised companies large and small regarding use of network technologies and security best practices to manage risk and meet business needs. Lisa teaches and writes extensively about a wide range of technologies, from wireless/mobile security and intrusion prevention to virtual private networking and network access control. She was one of the original members of the Wireless Vulnerabilities and Exploits project.
Speaker - Amit Sinha, Fellow & Chief Technologist, Motorola Enterprise Wireless LAN,
Amit Sinha serves as Fellow & Chief Technologist of Motorola's Enterprise Wireless LAN division. He was the CTO of AirDefense, prior to its acquisition by Motorola. Dr. Sinha specializes in wireless communications and security and has authored over 25 journal/conference papers, contributed chapters to 3 books, and is the inventor of 15 US patents. Prior to AirDefense, he served as Chief Technologist at Engim, a multi-channel 802.11 chipset company he co-founded. He received his S.M. and Ph.D. degrees in Electrical Engineering and Computer Science from the Massachusetts Institute of Technology and his B.Tech. degree in Electrical Engineering from the Indian Institute of Technology where he was awarded the President of India Gold Medal for graduating summa cum laude.
Speaker - Andy Willett, SVP-Sales & Marketing, NetMotion Wireless
Andy Willett joined NetMotion Wireless in June 2002. As Senior Vice President of Business Development and Marketing, he is responsible for North American strategic partnerships, sales and worldwide marketing. Prior to his roles at NetMotion, Willett was a Vice President within the data division of AT&T Wireless with responsibility for defining and marketing consumer data offerings, initial web-enabled phones, mobile data applications and advanced wireless technologies. Prior to AT&T Wireless, Willett held senior positions at Sprint.
Speaker - Tim Olson, Chief Technical Officer and Founder, Agito Networks
Mr. Tim Olson is the CTO and a founder of Agito Networks. Utilizing his diverse background in cellular and 802.11/VoWLAN wireless technologies, he currently leads the technical direction and architectural planning of the company's products. Prior to founding Agito, Mr. Olson was Technical Leader in the Cisco Systems Wireless Networking Business Unit. He was recognized as a "Cisco Innovator" for his leadership in defining the Cisco Structured Wireless Aware Networking, a next-generation architecture providing advanced WLAN security, QoS, mobility, network management, intrusion detection, and RF management. Mr. Olson joined Cisco Systems in 2000 following the acquisition of JetCell, a wireless startup that developed a GSM Base Station capable of providing GSM cellular service with a VOIP backend. At JetCell, he was an early employee and senior member of the technical staff responsible for system-level product specification, development and deployment. Prior to JetCell, Mr. Olson was Software Architect at Blue Wireless, a start-up that developed a platform using text-to-speech and speech recognition to deliver Internet content over cellular networks. Previously, at Silicon Wireless, a start-up that developed an advanced GSM Base Station and Base Station Controller, he was a key architects for the company's defining macro-diversity combining feature. Mr. Olson is a co-author of the initial proposal that is the basis for the forthcoming IEEE 802.11k standard for radio measurement resources. He holds more than 15 patents and pending patents in networking. He earned a Bachelor of Science degree in Computer Engineering from California State University, Chico.
Ready, Set, Attack!Wednesday, May 20 — 3:15–4:15 PM
The hackers of the world are constantly refining and enhancing their techniques and capabilities, and are typically ahead of the curve of controls which are in place in organizations today. It is important to understand their capabilities and trends in their activities in order to effectively mitigate the risks they create and repel their attacks. This session will discuss the current attacks being utilized by the hacker community and the tools and countermeasures which can be used to repel them.
The hackers of the world are constantly refining and enhancing their techniques and capabilities, and are typically ahead of the curve of controls which are in place in organizations today. It is important to understand their capabilities and trends in their activities in order to effectively mitigate the risks they create and repel their attacks. This session will discuss the current attacks being utilized by the hacker community and the tools and countermeasures which can be used to repel them.
Speaker - Roel Schouwenberg, Senior Antivirus Researcher, Kaspersky
Governance, Risk, Compliance - and MobilityThursday, May 21 — 9:00–10:00 AM
Never before has IT been so close to the center—and success—of organizations. Never before have corporate governance policies and procedures, risk management and regulatory compliance seen the emphasis—or had the impact—that they do today. Mobility can compound the challenges of address this requirements; therefore, solid strategies and tools are essential. Find out what the experts recommend—and what successful companies are doing—in this vital session.
Never before has IT been so close to the center—and success—of organizations. Never before have corporate governance policies and procedures, risk management and regulatory compliance seen the emphasis—or had the impact—that they do today. Mobility can compound the challenges of address this requirements; therefore, solid strategies and tools are essential. Find out what the experts recommend—and what successful companies are doing—in this vital session.
Moderator - Paul DeBeasi, Senior Analyst, Burton Group
Paul DeBeasi is a Senior Analyst at the Burton Group and has over 25 years experience in the networking industry. Before joining the Burton Group, Paul founded ClearChoice Advisors, a wireless consulting firm, and was the VP Product Marketing at Legra Systems, a wireless-switch innovator. Prior to Legra, Paul was the VP Product Marketing at startups IPHighway and ONEX Communications and was also the Frame Relay product line manager for Cascade Communications. Paul began his career developing networking systems as a senior engineer at Bell Laboratories, Prime Computer, and Chipcom Corporation. Paul holds a BS degree in Systems Engineering from Boston University and a Master of Engineering degree in Electrical Engineering from Cornell University.
Speaker - David Goldschlag, Chief Technology Officer, Trust Digital
Dr. David Goldschlag is EVP & CTO at Trust Digital, responsible for strategy, IP, and Corp Dev. David has over 20 years of experience creating and selling innovative technology in start-up, commercial, government, and academic environments. David has held senior management roles at Trusted Edge (information retention at the desktop), USinternetworking (the first application service provider) and Divx (the first limited license digital media), as well as positions at the National Security Agency and the US Naval Research Laboratory (anonymous communications through Onion Routing). David is a co-inventor on seven granted patents, and has published over 30 academic papers on topics including database technologies, cryptography, conditional access, and computer security.
Speaker - Dean Alms, VP of Strategy, Visage Mobile
Dean is responsible for the overall strategy and product management for Visage's mobility management solutions, including its flagship offering, MobilityCentral. Dean was the former vice president of corporate strategy for PeopleSoft and has a strong history of leading entrepreneurial initiatives, including creating the Electronic Commerce/EDI practice at KPMG (now BearingPoint), launching PeopleSoft's web-based self-service applications and introducing its Enterprise Portal. As a founder and executive officer of Groundswell, Dean rapidly created an industry leadership position in the strategy and implementation of a variety of internet-based commerce solutions for consumer and business markets.
Speaker - Matt Carrier, Mobility Evangelist, Sybase iAnwhere
Matt Carrier offers more than a decade of experience in mobile communications and technology. He acts as a mobility evangelist on the importance of mobile collaboration, management, security, and application enablement within the enterprise. Matt's vast experience as a technical consultant in the U.S. and Europe has provided him with an in-depth understanding of the worldwide mobile and wireless market. Matt has advised many Fortune 500 companies on best practices and security strategies for mobile implementations. Matt is an experienced speaker and has delivered technical sessions at a variety of industry events including IBM Lotusphere and Sybase TechWave.
Speaker - Wade Williamson, Director of Product Management, AirMagnet
Wade Williamson, director of product management at AirMagnet has extensive experience in driving and delivering critical wireless and voice-over-wireless solutions to enterprise, retail, healthcare, financial, education, and government markets. During his 5+ years at AirMagnet, Mr. Williamson has brought the company's flagship product lines to fruition and continues to drive product development to support emerging technologies such as 802.11n. Prior to AirMagnet, Mr. Williamson held various product management, engineering, and technical marketing positions with emerging solution providers, as well as with established networking leaders such as Sun Microsystems and Netscape Communications. Mr. Williamson holds a Bachelors of Science degree from the University of Texas-Austin.
Five Common Mistakes in Securing Web ApplicationsThursday, May 21 — 9:00–10:00 AM
Many organizations lack an overall sense of the best practices for deploying and securing web applications. Despite security practices addressing vulnerability types present within the open web application security project (OWASP) and web application security consortium (WASC) threat classifications, a number of common mistakes are still being made. We will look at five common mistakes that occur when securing web applications and the impact of design flaws on the overall security of an application. Issues such as client-side trust relationships, failure to properly secure application redirection mechanisms, and other elements that can quickly undermine the security of an application, even when diligent security practices are in place.
Many organizations lack an overall sense of the best practices for deploying and securing web applications. Despite security practices addressing vulnerability types present within the open web application security project (OWASP) and web application security consortium (WASC) threat classifications, a number of common mistakes are still being made. We will look at five common mistakes that occur when securing web applications and the impact of design flaws on the overall security of an application. Issues such as client-side trust relationships, failure to properly secure application redirection mechanisms, and other elements that can quickly undermine the security of an application, even when diligent security practices are in place.
Speaker - Lars Ewe, CTO, Cenzic
Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management/marketing, and sales in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts. Lars has Bachelor of Science and Master of Science degrees in Mechanical Engineering from the Technical University of Munich, Germany.
Anatomy of Attack - Detecting and Responding to Fraudulent ActivityThursday, May 21 — 10:15–11:15 AM
Fraud-related trends will be covered, as well as ways to address those trends including: real-time and forensic analysis, pattern investigation and advanced correlation. Advanced use cases will be explored illustrating perspectives ranging from the nefarious fraudster to the security analyst. Each fraud concept will be juxtaposed against how security information and event management (SIEM) solutions can be leveraged to detect and mitigate the fraud.
Fraud-related trends will be covered, as well as ways to address those trends including: real-time and forensic analysis, pattern investigation and advanced correlation. Advanced use cases will be explored illustrating perspectives ranging from the nefarious fraudster to the security analyst. Each fraud concept will be juxtaposed against how security information and event management (SIEM) solutions can be leveraged to detect and mitigate the fraud.
Speaker - Colby DeRodeff, Enterprise Strategist, ArcSight
Colby M. DeRodeff, Enterprise Strategist, ArcSight Colby has spent his career working with global organizations guiding best practices and empowering the use of ArcSight products across all business verticals including government, energy, healthcare and finance. In this capacity he has been exposed to countless security and organizational challenges giving him a unique perspective on today's information security challenges. Recognized as an expert in the field of IT security, Colby's primary areas of focus are fraud, insider threat, the convergence of physical and logical security, as well as enterprise security and information management. Colby is a well respected industry spokesperson and a published author of "The Convergence of Physical and Logical Security" an in-depth history of physical security and information management through real world case studies.
The GRC Easy Button - Best Practices to Achieve Results with Governance Risk and ComplianceThursday, May 21 — 11:30 AM–12:30 PM
In this session we will explore the evolution of governance, risk and compliance (GRC) management and discuss how it is being shaped by key stakeholders including consultants, regulators and end-users. We will discuss various approaches to GRC and highlight the strengths and weaknesses of each approach to cut through the hype and identify areas where true value can be derived today. Attendees will also learn tips and tricks to help streamline risk, compliance and audit processes.
In this session we will explore the evolution of governance, risk and compliance (GRC) management and discuss how it is being shaped by key stakeholders including consultants, regulators and end-users. We will discuss various approaches to GRC and highlight the strengths and weaknesses of each approach to cut through the hype and identify areas where true value can be derived today. Attendees will also learn tips and tricks to help streamline risk, compliance and audit processes.
Speaker - Chris Boswell, Director Risk and Compliance Services , CA
Chris Boswell, CIS [A,M,SP], specializes in the design and delivery of governance, security, risk management, and compliance solutions at CA. He has experience building GRC solutions across a wide variety of industries, and has worked with numerous regulations, standards and best practices over the past decade. Chris joined CA from Ernst & Young in 2004 to form a Global Security Assessment Practice within CA Technology Services. From there, he went on to design CA Governance Risk & Compliance Manager.
Learn more about the Conference
IT Security Workshops
Everything You Need to Know About Identity ManagementSunday, May 17 — 8:30 AM–4:30 PM
Identity management (IdM) is a framework of compliance/audit control points, business processes and technologies. When these are implemented correctly, they allow an organization to protect, control and maintain identity information for their employees, contractors, partners and customers. This session is an overview of IdM concepts, business and technology requirements and the Burton Group IdM framework. In-depth areas of discussion will include changes in the marketplace and how they affect current technologies and processes; increasingly important IdM technologies (federation, provisioning and authentication); how to model your business justification, and the initial steps needed to get started in achieving an organization-wide IdM infrastructure.
Course Outline
* Introduction to IdM *The business case for IdM * Architectural overview of identity and access management * Access management * Provisioning * Directory services, meta and virtual directories * Relevant standards * Integration with other infrastructure *Introduction to IdM products and vendors
Afternoon focus: * Federated Identity: Interoperability, deployment, and trust considerations for federating identities across organizational and political boundaries. * User management and provisioning: Life-cycle management of accounts and digital identities; delegated and self-service identity administration; workflow; and provisioning of accounts, access rights, and resources * Authentication techniques: types and uses of authentication, deployment and management of two-factor authentication systems, non-password authentication systems, biometrics and other strong authentication tokens. *Where to begin and best practices * Summary and wrap-up
Who Should Attend
IT Managers (senior and technical), technology directors, business support analysts, and network, security and application architects.
You Will Learn
How IdM plays a crucial role in your organization's security infrastructure, components that comprise IdM and best practices for developing the business case and an architecture strategy.
Identity management (IdM) is a framework of compliance/audit control points, business processes and technologies. When these are implemented correctly, they allow an organization to protect, control and maintain identity information for their employees, contractors, partners and customers. This session is an overview of IdM concepts, business and technology requirements and the Burton Group IdM framework. In-depth areas of discussion will include changes in the marketplace and how they affect current technologies and processes; increasingly important IdM technologies (federation, provisioning and authentication); how to model your business justification, and the initial steps needed to get started in achieving an organization-wide IdM infrastructure.
Course Outline
* Introduction to IdM *The business case for IdM * Architectural overview of identity and access management * Access management * Provisioning * Directory services, meta and virtual directories * Relevant standards * Integration with other infrastructure *Introduction to IdM products and vendors
Afternoon focus: * Federated Identity: Interoperability, deployment, and trust considerations for federating identities across organizational and political boundaries. * User management and provisioning: Life-cycle management of accounts and digital identities; delegated and self-service identity administration; workflow; and provisioning of accounts, access rights, and resources * Authentication techniques: types and uses of authentication, deployment and management of two-factor authentication systems, non-password authentication systems, biometrics and other strong authentication tokens. *Where to begin and best practices * Summary and wrap-up
Who Should Attend
IT Managers (senior and technical), technology directors, business support analysts, and network, security and application architects.
You Will Learn
How IdM plays a crucial role in your organization's security infrastructure, components that comprise IdM and best practices for developing the business case and an architecture strategy.
Instructor - Doug Simmons, Vice President Consulting Services, Burton Group
Doug Simmons is the Vice President for Burton Group's consulting services. He covers e-business and service provider, identity and access management, application data security, provisioning, workflow, authentication, security and risk management, PKI, messaging and collaboration. Prior to joining Burton Group, Doug performed duties as an OSI and TCP/IP software engineer and implementation consultant for IBM. With 25 years of experience, Doug has assisted in hundreds of medium and large-scale customer architect and design detailed identity management infrastructures that include user management, workflows, access management, federation and multiple authentication services. As an early developer of X.500 and LDAP with IBM in the late 1980's and early 1990's, Doug possesses industry-leading skills in identity management design and deployment, data integration and resource provisioning.
Managing and Securing Mobile DevicesSunday, May 17 — 8:30 AM–4:30 PM
Enterprises are depending more and more on mobile applications to increase productivity and responsiveness. However cellular charges are growing faster than any other element in the networking budget, while security concerns continue to multiply. With the growing use of mobile applications, networking departments will have to develop systems and procedures to allow them to manage, maintain, and secure the increasing number of laptops, smartphones, and other mobile devices that are now becoming an important part of their network.
While security concerns will inevitably attract management attention, they represent only one aspect of mobile device management. Enterprises need systems to configure and provision mobile devices, maintain and update their software, coordinate device replacement, and address repairs, replacements, and plan for all other scenarios.
This workshop is designed to help enterprise IT departments to develop systems to manage the growing assortment of mobile devices users are demanding. The program will feature a discussion of the full range of vulnerabilities inherent in each of the major wireless services and the best practices we have found for addressing them.
Course Outline
Mobile Device Management * Defining the Task * Importance of a Mobile Policy * Device Provisioning, Configuration, and Delivery * Record Keeping and Administration * Help Desk, Emergency Restoration< * Software Maintenance: O/S, Applications and File Back-up * Security Enforcement * Device Repair and Replacement * Upgrades and Secure Disposal
Mobile Security Overview * Major Areas in Network Security * Emerging Security Concerns * Defense in Depth Concepts * Wireless Threat Analysis * Developing Areas In Network Security
- Network Access Control
- Data Loss Prevention
- Biometrics
- New Options for Two-Factor Authentication * Building a "Culture of Security"
Wi-Fi Security Options * Basic Security Exposures * Emerging Wi-Fi Threats: RF Jamming, Association Floods, Disassociation Attacks, CTS Spoofing, Misconfigured APs * Encryption Options: WEP, IPsec Overlay, WPA, 802.11i/WPA2 * WEP and WPA Security Flaws * Authentication: 802.1x Extensible Authentication Protocol Options * Wireless Intrusion Detection/Prevention Systems * Current Best Practices for WLAN Security
Cellular 2.5/3G Security Elements * Cellular Security Elements: Authentication, Encryption * Limits and Vulnerabilities in Cellular Security * Extending the Security Profile
Security in WiMAX * Basic Network Configuration * Defined Security Options * Threat Analysis and Current Best Practices
PDA/Smartphone Security * PDA/Smartphone Threat Analysis - Entrance Vectors
- Lost Stolen Devices
- Mobile Malware Review * Mobile Device Security Tools and Techniques * Best Practices in Protecting Smartphones and PDAs
Developing a Mobile Security Policy
Who Should Attend
Wireless network managers and security specialists who need a more clear understanding of the challenges involved in managing a network of mobile devices, security threats posed by the various wireless networks, and the current best practices for dealing with them.
You Will Learn
This session is designed to help managers understand the management and security issues involved in the full range of wireless networks and mobile devices.
Enterprises are depending more and more on mobile applications to increase productivity and responsiveness. However cellular charges are growing faster than any other element in the networking budget, while security concerns continue to multiply. With the growing use of mobile applications, networking departments will have to develop systems and procedures to allow them to manage, maintain, and secure the increasing number of laptops, smartphones, and other mobile devices that are now becoming an important part of their network.
While security concerns will inevitably attract management attention, they represent only one aspect of mobile device management. Enterprises need systems to configure and provision mobile devices, maintain and update their software, coordinate device replacement, and address repairs, replacements, and plan for all other scenarios.
This workshop is designed to help enterprise IT departments to develop systems to manage the growing assortment of mobile devices users are demanding. The program will feature a discussion of the full range of vulnerabilities inherent in each of the major wireless services and the best practices we have found for addressing them.
Course Outline
Mobile Device Management * Defining the Task * Importance of a Mobile Policy * Device Provisioning, Configuration, and Delivery * Record Keeping and Administration * Help Desk, Emergency Restoration< * Software Maintenance: O/S, Applications and File Back-up * Security Enforcement * Device Repair and Replacement * Upgrades and Secure Disposal
Mobile Security Overview * Major Areas in Network Security * Emerging Security Concerns * Defense in Depth Concepts * Wireless Threat Analysis * Developing Areas In Network Security
- Network Access Control
- Data Loss Prevention
- Biometrics
- New Options for Two-Factor Authentication * Building a "Culture of Security"
Wi-Fi Security Options * Basic Security Exposures * Emerging Wi-Fi Threats: RF Jamming, Association Floods, Disassociation Attacks, CTS Spoofing, Misconfigured APs * Encryption Options: WEP, IPsec Overlay, WPA, 802.11i/WPA2 * WEP and WPA Security Flaws * Authentication: 802.1x Extensible Authentication Protocol Options * Wireless Intrusion Detection/Prevention Systems * Current Best Practices for WLAN Security
Cellular 2.5/3G Security Elements * Cellular Security Elements: Authentication, Encryption * Limits and Vulnerabilities in Cellular Security * Extending the Security Profile
Security in WiMAX * Basic Network Configuration * Defined Security Options * Threat Analysis and Current Best Practices
PDA/Smartphone Security * PDA/Smartphone Threat Analysis - Entrance Vectors
- Lost Stolen Devices
- Mobile Malware Review * Mobile Device Security Tools and Techniques * Best Practices in Protecting Smartphones and PDAs
Developing a Mobile Security Policy
Who Should Attend
Wireless network managers and security specialists who need a more clear understanding of the challenges involved in managing a network of mobile devices, security threats posed by the various wireless networks, and the current best practices for dealing with them.
You Will Learn
This session is designed to help managers understand the management and security issues involved in the full range of wireless networks and mobile devices.
Instructor - Michael Finneran, Principal, dBrn Associates, Inc
Michael is an independent consultant, industry analyst, and writer who focuses on wireless technologies, mobile UC, and fixed-mobile convergence. He wrote the book Voice Over Wireless LANs- The Complete Guide (Elsevier, 2008), though his expertise spans the full range of wireless technologies including Wi-Fi, Cellular, WiMAX, and RFID. A lively and informative speaker, Michael has made frequent appearances at trade shows and conferences including VoiceCon and InterOp, and he now serves as the program chair for Wireless and Mobility at VoiceCon. In the consulting area, Mr. Finneran has provided assistance to a carriers, equipment vendors, end users, investment firms, and a number of government agencies. A prolific writer, for twenty-three years he wrote the Networking Intelligence column for "Business Communications Review". He now contributes on wireless and mobility to NoJitter as well as UC Strategies.com. He has published numerous white papers and has contributed to Computerworld, Data Communications, The Ticker, and The ACUTA Journal. Well respected as an educator, he has conducted over 2000 seminars on networking topics in the US, Europe, Africa, and Asia. He taught in the Graduate Telecommunications program at Pace University, and conducted programs at the Center for the Study of Data Processing at Washington University in St. Louis. His courses are now offered through Telecom + UC Training. A long-time member of the IEEE, Mr. Finneran holds a Bachelor of Arts degree (Magna Cum Laude) from Manhattan College and a Masters Degree from the J. L. Kellogg Graduate School of Management at Northwestern University.
NAC DayMonday, May 18 — 8:30 AM–4:30 PM
Network Access Control takes "defense in depth" all the way to the desktop. With NAC on your network, every connection can be authenticated and controlled, helping to reduce the risk of malware or malicious people taking hold on the network. Because NAC is the hot buzzword right now, the products can be confusing and the vendors contentious. However, NAC represents the most significant change in the way that networks are secured since the invention of the firewall. Network managers are now being given the tools to create a strong link between users, end systems, desktop workstations, laptops, and access to network resources. With components of end-point security, authentication and access control, these emerging NAC architectures and products offer almost endless options. Your job is to select the right components and pieces to match your own requirements.
This full-day seminar will cover the concepts behind NAC, giving you the tools to understand both single-vendor solutions and multi-vendor NAC architectures from Cisco, Microsoft and the Trusted Computing Group. We'll discuss specific issues in deploying NAC in enterprise networks, and cover key strategies you can use to ensure successful NAC planning and deployment. During the day, a panel of leading NAC experts will the debate issues and take your questions.
Course Agenda
NAC Architecture and End Point Security
NAC basics, including an overview of problems NAC is supposed to solve -- compared to the problems it actually solves
In-depth information on NAC's key components of authentication, end-point security, access control, and management
Design and Deployment of NAC Solutions
What it takes to put NAC into a production network
Five main steps of a NAC deployment NAC Product Architectures
An overview of industry-leading NAC solutions, presented in a vendor-neutral way
How Microsoft, Cisco, and other NAC vendors are working together -- and how they are working against each other
NAC Panel
Audience-led Q&A of NAC technical experts on NAC deployment, architecture, and real-world lessons learned. This is not a marketing pitch. This is your chance to ask NAC veterans about how NAC works in the real world.
NAC Enforcement Strategies.
Where should NAC enforcement go in your network, and what are the pros and cons of each NAC enforcement strategy?
Nine Hard Questions about Network Access Control
Hard questions you should be able to answer about your chosen NAC solution, or hard questions you may want to ask your potential NAC vendors
Who Should Attend
Network managers interested in learning about how NAC will affect network architectures, and in building higher security into networks
Security architects interested in pushing security from the perimeter deep into the network with full access control and authentication of end users
Desktop managers looking to enforce security policy compliance and get on top of regulatory issues with tighter controls
What You Will Learn
What NAC is, and the underlying technologies that make it happen
NAC enforcement options, and when to use various options
NAC architecture and solution choice strategies
Implementation issues
Solid strategies for adding NAC, and pitfalls to avoid
Network Access Control takes "defense in depth" all the way to the desktop. With NAC on your network, every connection can be authenticated and controlled, helping to reduce the risk of malware or malicious people taking hold on the network. Because NAC is the hot buzzword right now, the products can be confusing and the vendors contentious. However, NAC represents the most significant change in the way that networks are secured since the invention of the firewall. Network managers are now being given the tools to create a strong link between users, end systems, desktop workstations, laptops, and access to network resources. With components of end-point security, authentication and access control, these emerging NAC architectures and products offer almost endless options. Your job is to select the right components and pieces to match your own requirements.
This full-day seminar will cover the concepts behind NAC, giving you the tools to understand both single-vendor solutions and multi-vendor NAC architectures from Cisco, Microsoft and the Trusted Computing Group. We'll discuss specific issues in deploying NAC in enterprise networks, and cover key strategies you can use to ensure successful NAC planning and deployment. During the day, a panel of leading NAC experts will the debate issues and take your questions.
Course Agenda
NAC Architecture and End Point Security
NAC Panel
Who Should Attend
What You Will Learn
Instructor - Joel Snyder, Senior Partner, Opus One
Joel Snyder is a senior partner with Opus One, a consulting firm in Tucson, Arizona. He spends most of his time on the road helping people build larger, faster, safer, and more reliable networks. His professional travels have taken him to San Francisco, St. Petersburg, Singapore, Sydney, Santiago, Slough and other cities with names not starting with S. Joel has been working with networks and information security since 1981, when he started consulting on X.25 and public key cryptography, and he's been very busy ever since. He has been a member of the ISO and ITU committees which write network standards, has authored several books and hundreds of articles. He was the conference director for VPNCON, and has advised and trained thousands of people privately and at conferences around the world on networking, security, messaging, and VPNs. His home network has run almost every protocol, firewall, and VPN device you can think of, and he regularly changes his password. As an author and speaker, he's received numerous awards, recognizing his work to improve enterprise IT. He's helped over 200 private and public organizations (many of which you've heard of) with their networking, email, and security problems. He is a fierce believer in the value of empowering people, and knows that you can serve a red wine with fish. Snyder's baccaulureate degree is in Latin, and his PhD is in Management Information Systems. His dissertation is on computer networks in the former Soviet Union. Almost everything he wrote in graduate school is now classified and he's not allowed to read it anymore, which is good because it wasn't very interesting to begin with. His favorite color Crayola crayon is Burnt Sienna. Joel lives and works in Tucson with Jan Trumbo and their cats, Wanda Rutkiewicz and Oliver Mellors.
Speaker - Alok Agrawal, MANAGER, Product Marketing, Cisco
Alok Agrawal is Manager of Product Marketing for the Cisco NAC Appliance product line. Alok has deep NAC product knowledge with years of hands-on experience working with customer NAC deployments. In his current position, Alok leads the team to deliver the Cisco NAC solution to customers and to develop future technology and products. Alok previously led the Cisco NAC Technical Marketing team developing technical solutions and driving product architecture and features. He has a strong background in routing, switching, host security design and implementation. Alok holds a Master's degree in Electrical Engineering from the University of Southern California.
Speaker - Denzil Wessels, Technical Marketing Manager, Juniper Networks
Denzil Wessels, technical marketing manager at Juniper Networks, is responsible for evaluating competitive technologies to provide Juniper's sales and marketing teams with the right sales tools and knowledge. In addition to extensive customer interaction at the evaluation and deployment levels, Wessels manages key business development partners, working with partners on interoperability tests or integration to develop leading, joint security solutions from Juniper and its partners. Prior to joining Juniper, Wessels was the systems engineer at uRoam/F5, responsible for architecture design and implementing customer solutions. Subsequently, Wessels was a consultant for Infinisys, designing and implementing comprehensive customer networking solutions.
Speaker - Mike Votaw, Senior Solutions Engineer , Enterasys
Michael Votaw is currently a member of the Professional Services Solutions Engineering and Security team at Enterasys. In this capacity, he is responsible for the design, deployment, and measurement of end-to-end enterprise security solutions to support global commercial, education and government clients. He has worked in computer security, information assurance, and information risk management since 1996. Votaw is experienced in cryptographic and communication technology including leadership roles as Advanced Network Security consultant on the US Air Force B2 Bomber program; and Network Management and Information Assurance consultant with the US Army European Theatre. Mr. Votaw served in the United States Air Force Reserves and has studied Electrical Engineering and Computer Science at the University of Oklahoma.
Speaker - Pat Fetty, Principal Program Manager, Windows Customer Engineering Team, Microsoft
Pat Fetty, Principal Program Manager for the Windows Customer Engineering Team at Microsoft, is a leader on Design, Architecture and Planning for Network Security Solutions. Pat serves as an expert on conducting customer proof concepts and deployment scenarios. In his 12+ year career, Pat has worked on a variety of Enterprise Networking Solutions that have shipped as part of the Microsoft Windows Server product line, which include RADIUS Server, DHCP Server and RRAS Server. Pat also served as QA Manager for the Windows Firewall and IPSec Technologies. Pat brings to us a wealth of knowledge in regards to Network Access Protection and the Microsoft Customer Experience.
Speaker - Trent Fitz, VP, Product Management, Trustwave
Trustwave Vice President of Product Management Trent Fitz has over 13 years of experience with security-focused solutions in networking and desktop computing. He was a leading network architect for a large information technology and security company, designing secure networks from the ground up across multiple industries including educational and financial services institutions. He also designed global network security architectures for several banks and large utility companies. Trent also architected secure desktop computing solutions for the federal government including the North American Aerospace Defense Command (NORAD) and military hospitals across the United States.
Understanding Voice Over IPMonday, May 18 — 8:30 AM–4:30 PM
This workshop provides a technology overview of Voice over IP (VoIP), including the protocols, technologies and architectures at the core of VoIP products and systems. These include media transport like the real time transport protocol, quality of service technologies such as differentiated services and the Resource Reservation Protocol (RSVP), signaling through the Session Initiation Protocol (SIP), security, as well as firewall and NAT traversal using techniques like the Simple Traversal of UDP Through NAT (STUN) and Interactive Connectivity Establishment (ICE). The course does not provide a review of products on the markets or network design guidelines.
Course Outline
Voice Coding Real Time Transport Protocol (RTP) Quality of Service SIP Security NAT and Firewall Traversal
Who Should Attend
Technologists or technology managers that want to understand how VoIP works "under the hood".
You Will Learn
After this Workshop, students will be able to identify the key technologies used within VoIP systems, understand how they fit together, and appreciate some of the complexities in developing VoIP networks.
This workshop provides a technology overview of Voice over IP (VoIP), including the protocols, technologies and architectures at the core of VoIP products and systems. These include media transport like the real time transport protocol, quality of service technologies such as differentiated services and the Resource Reservation Protocol (RSVP), signaling through the Session Initiation Protocol (SIP), security, as well as firewall and NAT traversal using techniques like the Simple Traversal of UDP Through NAT (STUN) and Interactive Connectivity Establishment (ICE). The course does not provide a review of products on the markets or network design guidelines.
Course Outline
Who Should Attend
Technologists or technology managers that want to understand how VoIP works "under the hood".
You Will Learn
After this Workshop, students will be able to identify the key technologies used within VoIP systems, understand how they fit together, and appreciate some of the complexities in developing VoIP networks.
Instructor - Dr. Jonathan Rosenberg, Cisco Fellow, Cisco Systems
Dr. Jonathan Rosenberg is a Cisco Fellow in the Voice Technology Group (VTG) of Cisco. There, he is responsible for technology strategy for Unified Communications Manager. Jonathan is active in the IETF; he is the lead author of the Session Initiation Protocol (SIP), the inventor of SIP for presence and IM, known as SIMPLE, in addition to other Internet technologies, such as STUN and ICE. Jonathan received his PhD from Columbia University, and his Bachelors and Masters from MIT. Jonathan has been awarded the Voice on the Net Pioneer Award by pulver.com, and was named one of the one hundred most innovative young technologists in the world by Technology Review Magazine.
Wireless Workshop DayMonday, May 18 — 8:30 AM–4:30 PM
Choice of Morning and Afternoon Workshops
Mobile Application Deployment Strategies
Infrastructure Planning and Security for Wireless LANs
Fundamentals of Mobile Broadband: Technologies, Systems, Devices
Voice over Wireless LAN and Fixed Mobile Convergence
Morning Sessions
8:30 AM -11:45 AM
Session A:
Mobile Application Deployment Strategies
Instructor: Nathan Clevenger
Now that everyone in your company has mobile access to their email, how can that investment be taken to the next level by enabling new capabilities and extending additional functionality to their mobile devices? From sales force automation and mobile business intelligence to knowledge management and workflow automation, what are the mobile applications that could increase workforce productivity and efficiencies within your organization? This workshop will give you the information and tools you need to develop a strategy for mobility that can provide tangible and often dramatic benefits for your business.
Session B:
Infrastructure Planning and Security for Wireless LANs
Instructor: Michael Finneran
Enterprise wireless LANs (WLANs) are in the midst of a major upgrade as networks of stand alone access points are being replaced with centrally controlled wireless LAN switching systems. While virtually all large-scale deployments are being built on centrally-controlled WLAN switching systems, users must now choose among centralized, distributed, and collaborative architectures. That WLAN infrastructure will also need to address the new higher-capacity 802.11n radio link, which introduces a number of complications regarding network design, testing, spectrum planning, and access point powering.
This workshop is designed to bring you up to speed on the major developments in WLANs. While it features a brief overview of WLAN technologies, the program assumes a fundamental understanding of the basic concepts and addresses the developing areas in WLAN technology.
Afternoon Sessions
1:15 PM -4:30 PM
Session A:
Fundamentals of Mobile Broadband: Technologies, Systems, Devices
Instructor: Craig Mathias
It is now very clear that mobile computing and wireless networking are becoming the default vehicles for professionals needing access to enterprise IT resources. This workshop will cover all major and emerging broadband wireless technologies and systems, including advances in the IEEE 802.11 wireless-LAN standard and both today's 3G and tomorrow's 4G wide-area wireless services.
Session B:
Voice over Wireless LAN and Fixed Mobile Convergence
Instructor: Michael Finneran
Research indicates that over 70% of large enterprise organizations either use voice over WLAN technology or plan to add it within the next 12 months. Up until now, WLAN voice has been deployed on a small scale in a few industry vertical markets like health care, retail, and materials handling. That capability is now being extended to the general office population where it can be used to reduce cellular costs, increase productivity, and improve accessibility for key personnel. However, to deliver enterprise quality voice service, the WLAN must support the required handoff, quality of service, and battery conservation features along with providing the necessary capacity and management capabilities. This workshop is designed to bring you up to speed on the latest developments in WLAN voice, provide the background you will need to assess you current infrastructure, and understand the various options for implementing fixed mobile convergence and mobile unified communications.
Choice of Morning and Afternoon Workshops
Mobile Application Deployment Strategies
Infrastructure Planning and Security for Wireless LANs
Fundamentals of Mobile Broadband: Technologies, Systems, Devices
Voice over Wireless LAN and Fixed Mobile Convergence
Morning Sessions
8:30 AM -11:45 AM
Session A:
Mobile Application Deployment Strategies
Instructor: Nathan Clevenger
Now that everyone in your company has mobile access to their email, how can that investment be taken to the next level by enabling new capabilities and extending additional functionality to their mobile devices? From sales force automation and mobile business intelligence to knowledge management and workflow automation, what are the mobile applications that could increase workforce productivity and efficiencies within your organization? This workshop will give you the information and tools you need to develop a strategy for mobility that can provide tangible and often dramatic benefits for your business.
Session B:
Infrastructure Planning and Security for Wireless LANs
Instructor: Michael Finneran
Enterprise wireless LANs (WLANs) are in the midst of a major upgrade as networks of stand alone access points are being replaced with centrally controlled wireless LAN switching systems. While virtually all large-scale deployments are being built on centrally-controlled WLAN switching systems, users must now choose among centralized, distributed, and collaborative architectures. That WLAN infrastructure will also need to address the new higher-capacity 802.11n radio link, which introduces a number of complications regarding network design, testing, spectrum planning, and access point powering.
This workshop is designed to bring you up to speed on the major developments in WLANs. While it features a brief overview of WLAN technologies, the program assumes a fundamental understanding of the basic concepts and addresses the developing areas in WLAN technology.
Afternoon Sessions
1:15 PM -4:30 PM
Session A:
Fundamentals of Mobile Broadband: Technologies, Systems, Devices
Instructor: Craig Mathias
It is now very clear that mobile computing and wireless networking are becoming the default vehicles for professionals needing access to enterprise IT resources. This workshop will cover all major and emerging broadband wireless technologies and systems, including advances in the IEEE 802.11 wireless-LAN standard and both today's 3G and tomorrow's 4G wide-area wireless services.
Session B:
Voice over Wireless LAN and Fixed Mobile Convergence
Instructor: Michael Finneran
Research indicates that over 70% of large enterprise organizations either use voice over WLAN technology or plan to add it within the next 12 months. Up until now, WLAN voice has been deployed on a small scale in a few industry vertical markets like health care, retail, and materials handling. That capability is now being extended to the general office population where it can be used to reduce cellular costs, increase productivity, and improve accessibility for key personnel. However, to deliver enterprise quality voice service, the WLAN must support the required handoff, quality of service, and battery conservation features along with providing the necessary capacity and management capabilities. This workshop is designed to bring you up to speed on the latest developments in WLAN voice, provide the background you will need to assess you current infrastructure, and understand the various options for implementing fixed mobile convergence and mobile unified communications.
Instructor - Craig Mathias, Principal, Farpoint Group
Craig J. Mathias is a Principal with Farpoint Group, a wireless and mobile advisory firm based in Ashland, MA. The company works with manufacturers, network operators, enterprises, and the financial community in technology assessment and analysis, strategy development, product specification and design, product marketing, program management, education and training, and the integration of emerging technologies into new and existing business operations, across a broad range of markets and applications. Craig is an internationally-recognized expert on wireless communications and mobile computing technologies, and has published numerous technical and overview articles on a variety of topics. He is a well-known industry analyst and frequent speaker at industry conferences and trade shows, and is currently a member of the Advisory Boards for the Interop (Las Vegas and New York) and Mobile Internet World conferences. He is also the program chair for the Mobile Business Expo (MBX) conferences. He serves as a monthly columnist for SearchMobileComputing.com and Computerworld.com, and ardent blogger ("Nearpoints") for networkworld.com. Craig holds an Sc.B. degree in Applied Mathematics/Computer Science from Brown University.
Instructor - Michael Finneran, Principal, dBrn Associates, Inc
Michael is an independent consultant, industry analyst, and writer who focuses on wireless technologies, mobile UC, and fixed-mobile convergence. He wrote the book Voice Over Wireless LANs- The Complete Guide (Elsevier, 2008), though his expertise spans the full range of wireless technologies including Wi-Fi, Cellular, WiMAX, and RFID. A lively and informative speaker, Michael has made frequent appearances at trade shows and conferences including VoiceCon and InterOp, and he now serves as the program chair for Wireless and Mobility at VoiceCon. In the consulting area, Mr. Finneran has provided assistance to a carriers, equipment vendors, end users, investment firms, and a number of government agencies. A prolific writer, for twenty-three years he wrote the Networking Intelligence column for "Business Communications Review". He now contributes on wireless and mobility to NoJitter as well as UC Strategies.com. He has published numerous white papers and has contributed to Computerworld, Data Communications, The Ticker, and The ACUTA Journal. Well respected as an educator, he has conducted over 2000 seminars on networking topics in the US, Europe, Africa, and Asia. He taught in the Graduate Telecommunications program at Pace University, and conducted programs at the Center for the Study of Data Processing at Washington University in St. Louis. His courses are now offered through Telecom + UC Training. A long-time member of the IEEE, Mr. Finneran holds a Bachelor of Arts degree (Magna Cum Laude) from Manhattan College and a Masters Degree from the J. L. Kellogg Graduate School of Management at Northwestern University.
Instructor - Nathan Clevenger, Enterprise Editor, Smartphone Magazine
Mr. Clevenger is currently the Enterprise Editor for Smartphone & Pocket PC magazine and runs the Enterprise Mobility Solutions practice at ITR Group. He was previously the Chief Software Architect for Mobiliam, a leading provider of enterprise-class mobile/wireless software products, and has been developing mobile software for more than 9 years. He is regarded as one of the industry's foremost experts in enterprise mobility, and tirelessly educates the marketplace about the true potential for mobile technology within business. In addition to serving as Chairman of the Mobile Development Association, he was the founder of Clevrware, a mobile software development and consulting firm acquired by Mobiliam in 2003 . An avid evangelist of mobile computing, he is dedicated to raising awareness of the potential for this technology in business. He writes for a variety of technical and business publications, and speaks at industry events.
Creating an Integrated Compliance FrameworkWednesday, May 20 — 8:30 AM–4:30 PM
Are you inundated by standards, regulations, and governance and compliance requirements? The reality is that in the current environment the burden can only get heavier.
But if you have to change your security framework every time a new standard or approach comes along then that framework has failed you. The whole point in a framework is to seamlessly integrate your complete set of requirements, standards and approaches, whatever they might be and whatever they might become tomorrow.
This class will show you how to design, deliver and support an overarching framework to manage your way through the abundance of diverse standards, legislation, regulation and security requirements and that integrates fully and seamlessly with your existing IT and business practices.
Course Outline
The purpose & benefits of a framework Managing complexity of requirements Proactive controls & dealing with change Providing a roadmap for all to follow Lowering the total cost of ownership Good integration of technical and procedural solutions to business problems Building a framework for solving new problems Attaining an appropriate balance between strategy, tactics & operations Resolving conflicting objectives & priorities Delivering predictability, flexibility & agility
Who Should Attend
Enterprise, Infrastructure & Security architects Auditors & Compliance Officers Consultants & Advisors Service Management Professionals Business & IT Strategists
You will Learn
How to create an holistic framework for implementing & managing standards Developing compliance & risk management roles & responsibilities Leveraging the role of governance & compliance Building a policy & compliance architecture Control & opportunity modeling to gain ?best bang for the security buck'
Are you inundated by standards, regulations, and governance and compliance requirements? The reality is that in the current environment the burden can only get heavier.
But if you have to change your security framework every time a new standard or approach comes along then that framework has failed you. The whole point in a framework is to seamlessly integrate your complete set of requirements, standards and approaches, whatever they might be and whatever they might become tomorrow.
This class will show you how to design, deliver and support an overarching framework to manage your way through the abundance of diverse standards, legislation, regulation and security requirements and that integrates fully and seamlessly with your existing IT and business practices.
Course Outline
Who Should Attend
You will Learn
Instructor - David Lynas, Founder, David Lynas Consulting Group
David Lynas is enjoying his twenty-fourth year of experience in Information Security during which he has provided strategic advice to major finance sector, government, and industry clients on every continent. He received the prestigious Computer Security Institute Lifetime Achievement Award in 2006 and was awarded honorary lifetime Fellowship of the British Computer Society (FBCS) in the same year for "exceptional leadership, eminence and seniority in the field of information security".
David is the founder and chair of the prestigious COSAC event (www.cosac.net) and the founder of the SABSA Institute for Security Architects (www.sabsa-institute.org).
David has delivered major presentations and key notes on more than forty different aspects of Information Security, Strategy, and Architecture globally. In 1996 he was the first non-American to be invited to deliver the general session at the Annual CSI Conference and has been a CSI faculty member since 1998.
David is the co-author of ?Enterprise Security Architecture: A Business-Driven Approach' (www.cmpbooks.com/product/1461) commissioned to be one of the most comprehensive architecture references ever published. He regularly publishes articles in the trade press and has been extensively quoted by the media including Irish Times, BBC, ITN, The Sydney Morning Herald, wired.com, and CIO Magazine.
David is the founder and chair of the prestigious COSAC event (www.cosac.net) and the founder of the SABSA Institute for Security Architects (www.sabsa-institute.org).
David has delivered major presentations and key notes on more than forty different aspects of Information Security, Strategy, and Architecture globally. In 1996 he was the first non-American to be invited to deliver the general session at the Annual CSI Conference and has been a CSI faculty member since 1998.
David is the co-author of ?Enterprise Security Architecture: A Business-Driven Approach' (www.cmpbooks.com/product/1461) commissioned to be one of the most comprehensive architecture references ever published. He regularly publishes articles in the trade press and has been extensively quoted by the media including Irish Times, BBC, ITN, The Sydney Morning Herald, wired.com, and CIO Magazine.
Computer Forensics KickstartWednesday, May 20 — 8:30 AM–4:30 PM
**This is a hands-on workshop, please be sure to bring your laptops.**
This fast-paced hands-on workshop will provide you with exposure to all the major components of computer forensics-identification, preservation, analysis, and reporting.
Instructor Mark Spencer will draw upon his extensive experience in both the public and private sectors to lead the class through applying the proper tools to a "seized" hard drive in a case involving employee wrongdoing. Commercial and open-source tools designed to forensically tackle different types of electronic data will be applied during the investigation.
Computer Forensics Kickstart has been designed to prepare you to select and implement computer forensics tools that will be critical to successful investigations.
Course OutlineIdentifying the "Universe of Data" Critical computer forensics tools Acquiring data at rest and in motion Constructing proper searches Evidence goldmines Professional report structure
Who Should Attend
Anyone curious about computer forensics as well as experienced practitioners looking for a refresher course.
You Will Learn
Learn which tools are necessary to conduct successful computer forensics investigations and be exposed to how experienced computer forensics practitioners implement them.
**This is a hands-on workshop, please be sure to bring your laptops.**
This fast-paced hands-on workshop will provide you with exposure to all the major components of computer forensics-identification, preservation, analysis, and reporting.
Instructor Mark Spencer will draw upon his extensive experience in both the public and private sectors to lead the class through applying the proper tools to a "seized" hard drive in a case involving employee wrongdoing. Commercial and open-source tools designed to forensically tackle different types of electronic data will be applied during the investigation.
Computer Forensics Kickstart has been designed to prepare you to select and implement computer forensics tools that will be critical to successful investigations.
Course Outline
Who Should Attend
Anyone curious about computer forensics as well as experienced practitioners looking for a refresher course.
You Will Learn
Learn which tools are necessary to conduct successful computer forensics investigations and be exposed to how experienced computer forensics practitioners implement them.
Instructor - Mark Spencer, Vice President of Electronic Evidence, First Advantage Litigation Consulting
Mark Spencer is Director of the Northeast Region with First Advantage Litigation Consulting. In addition to his case related responsibilities, Mr. Spencer remains active in beta testing of computer forensics software and assists with client development and marketing. His professional engagements have included cases involving evidence elimination, computer intrusion, intellectual-property theft,online undercover operations, employment disputes, and large-scale electronic discovery projects. Before First Advantage Litigation Consulting, Mr. Spencer worked for EvidentData, Inc. and the Suffolk County District Attorney's Office performing computer forensics investigations. He earned a Bachelor of Arts in Criminal Justice from the University of Massachusetts, Boston, successfully completed the Massachusetts Criminal Justice Training Council's Basic Course of Training for Reserve Police Officers, and holds numerous industry certifications. He has also been a regular presenter on computer forensics related topics at numerous industry events and on television.
Your First 90 Days: How to Hit the Ground Running in Information Security Wednesday, May 20 — 8:30 AM–4:30 PM
You have just been named to head up the information security program for your organization. As first impressions are lasting impressions, what are your first tasks in this new role?
Based on the survey results of over 40 industry-recognized information security experts, we'll help you create your checklist. Learn what these industry experts identified as the key issues you need to address to be successful. We will then examine how to use short-term objectives to develop a long-term plan and how to adjust the plan after each incremental objective is met to ensure the greatest possibility of success.
Course Outline
Establishing what is really expected of the information security position - What caused this position to become available Creating a security program with no budget or staff Charting out empires (getting to know the movers and shakers) Understanding the security culture Building allies and identifying enemies Keeping management informed Understanding the work preference "buckets"
- Go to Play
- Go to work
- Go fly a kite
Who Should Attend
Newly appointed security personnel Audit and Information Security professionals Consultants Those responsible for information and/or computer security
You Will Learn
What steps you should take to give you and the information security program the best chance for success. What steps to take and what pit falls to avoid. Why it is important to publish your clear and definitive objectives for your first 90 days. How to put a security program together with little or no staff or budget.
You have just been named to head up the information security program for your organization. As first impressions are lasting impressions, what are your first tasks in this new role?
Based on the survey results of over 40 industry-recognized information security experts, we'll help you create your checklist. Learn what these industry experts identified as the key issues you need to address to be successful. We will then examine how to use short-term objectives to develop a long-term plan and how to adjust the plan after each incremental objective is met to ensure the greatest possibility of success.
Course Outline
Who Should Attend
You Will Learn
Instructor - Thomas Peltier, President, Thomas R. Peltier Associates, LLC
Tom Peltier has been an information security professional for over twenty-five years. During this time he has shared his experiences with follow professionals and because of his work has been given the 1993 Computer Security Institute's (CSI) Lifetime Achievement Award. In 1999 the Information Systems Security Association (ISSA) bestowed its Individual Contribution to the Profession Award and in 2001 he was inducted into the ISSA Hall of Fame. Tom was also awarded the CSI Lifetime Emeritus Membership Award. Over the past decade, Tom has averaged 4 articles published a year on various computer and information security issues, including developing policies and procedures, disaster recovery planning, copyright compliance, virus management and security controls. He has had four books published: Policies, Standards, Guidelines and Procedures: Information Security Risk Analysis: Information System Security Policies and Procedures: A Practitioners' Reference; The Complete Manual of Policies and Procedures for Data Security and is the co-editor and contributing author The Total CISSP Exam Prep; and a contributing author for the Computer Security Handbook, Third and Fifth Edition and Data Security Management. Tom and his son Justin have co-authored How to Manage a Network Vulnerability Assessment.
Get the Jump on Security: Vista (Win 7) Wednesday, May 20 — 8:30 AM–4:30 PM
**This is a demonstration-driven workshop, please be sure to bring your laptops.**
Understand Microsoft's new security model and how to make it work for you. You'll be dazzled by over 300 diagnostic tools built in Vista (Win 7) and how simple they are to use. You'll gain the knowledge of the hidden folder, where your files and programs are installed and where the registry virtualizes your settings. (Hint they never existed before Vista!) You'll also learn unique optional security setting to really secure Vista (Win 7) so you comply with Federal security regulations. None of these settings are on by default, most are deep screen hidden and all increase your security for free. Finish by constructing a self booting USB copy of Vista (Win7) that can be used for roll out, diagnostic or just a great OS on a stick.
Using information gathered from multiple sources--including private discussions with developers, beta testers, inside MS sources and personal investigation--this workshop will help you master the next generation of Microsoft client now!
Course outline
MS Security history and why / what they changed. Why things aren't where they use to be: virtualization. Why techs rule: diagnostic delights. Hey Biba, what you doing in Windows? Live from your USB - It's Vista (Win 7)! Demonstration driven so bring your laptop!
Who should attend
Technicians or supervisors who have to work with Vista (Win 7) Managers or Executives who need to make a decision on Vista (Win 7) Security professionals who need to update their Vista (Win 7) security knowledge
You Will Learn
The basic security concept that Microsoft uses for their new product line. How to tame the UAC and understand why it really exists. How to verbalize why your programs don't run with Vista (Win7) and how to quickly fix the problem. Three great improvements in Vista (Win 7) and how they can be used to increase your security How to make Vista (Win7) self booting USB drives for simple enterprise rollout, diagnostic or just a great live boot USB OS.
**This is a demonstration-driven workshop, please be sure to bring your laptops.**
Understand Microsoft's new security model and how to make it work for you. You'll be dazzled by over 300 diagnostic tools built in Vista (Win 7) and how simple they are to use. You'll gain the knowledge of the hidden folder, where your files and programs are installed and where the registry virtualizes your settings. (Hint they never existed before Vista!) You'll also learn unique optional security setting to really secure Vista (Win 7) so you comply with Federal security regulations. None of these settings are on by default, most are deep screen hidden and all increase your security for free. Finish by constructing a self booting USB copy of Vista (Win7) that can be used for roll out, diagnostic or just a great OS on a stick.
Using information gathered from multiple sources--including private discussions with developers, beta testers, inside MS sources and personal investigation--this workshop will help you master the next generation of Microsoft client now!
Course outline
Who should attend
You Will Learn
Instructor - Brad Smith, Director, Computer Institute of the Rockies
Brad Smith, RN, MCNPS, CISSP, NSA-IAM became fascinated with computers in 1972 and hasn't burned out yet! He has been beta testing Microsoft products since Windows NT and every OS since then, including Win 7. Brad prides himself as an equal opportunity OS hater and finds problems with all OS's, regardless of age, platform or kernel. His collection of OS's contains many examples of how not to write an OS. Some day he hopes to find an OS that he can take long stable walks together, while being green and having great security that doesn't need readjusting. He can only hope.
How to Complete a Risk Assessment in a Week or LessThursday, May 21 — 8:30 AM–4:30 PM
Learn the tools and skill set needed to complete a successful risk assessment in 5 days, or less. Using the Facilitated Risk Analysis and Assessment Process (FRAAP) methodology, this workshop will examine different ways to improve the risk assessment process so that it will work best for you and your organization. FRAAP, a world-wide qualitative risk assessment process, was developed for those with limited time and budgets. Leave with all of the materials needed to successfully conduct a risk assessment when you return to your work place.
Course Outline
Difference between risk analysis and risk assessment Risk assessment using FRAAP methodology Pre-FRAAP deliverables FRAAP Session Post-FRAAP Process Using Gap Analysis Pre-screening methodology
Who Should Attend
Enterprise risk management personnel Audit and Information Security Project Management Professionals Consultants Those responsible for business case development
You Will Learn
Learn real world examples of the tools and methodology to successfully complete a risk assessment within a week.
Learn the tools and skill set needed to complete a successful risk assessment in 5 days, or less. Using the Facilitated Risk Analysis and Assessment Process (FRAAP) methodology, this workshop will examine different ways to improve the risk assessment process so that it will work best for you and your organization. FRAAP, a world-wide qualitative risk assessment process, was developed for those with limited time and budgets. Leave with all of the materials needed to successfully conduct a risk assessment when you return to your work place.
Course Outline
Who Should Attend
You Will Learn
Learn real world examples of the tools and methodology to successfully complete a risk assessment within a week.
Instructor - Thomas Peltier, President, Thomas R. Peltier Associates, LLC
Tom Peltier has been an information security professional for over twenty-five years. During this time he has shared his experiences with follow professionals and because of his work has been given the 1993 Computer Security Institute's (CSI) Lifetime Achievement Award. In 1999 the Information Systems Security Association (ISSA) bestowed its Individual Contribution to the Profession Award and in 2001 he was inducted into the ISSA Hall of Fame. Tom was also awarded the CSI Lifetime Emeritus Membership Award. Over the past decade, Tom has averaged 4 articles published a year on various computer and information security issues, including developing policies and procedures, disaster recovery planning, copyright compliance, virus management and security controls. He has had four books published: Policies, Standards, Guidelines and Procedures: Information Security Risk Analysis: Information System Security Policies and Procedures: A Practitioners' Reference; The Complete Manual of Policies and Procedures for Data Security and is the co-editor and contributing author The Total CISSP Exam Prep; and a contributing author for the Computer Security Handbook, Third and Fifth Edition and Data Security Management. Tom and his son Justin have co-authored How to Manage a Network Vulnerability Assessment.
Building An Information Security Program: Soup To NutsThursday, May 21 — 8:30 AM–4:30 PM
Building an effective information security program today requires the right blend of leadership, managerial and technical skills that are much different from even as little as 5 years ago. Organizations are merging, reorganizing, requiring that more be done with fewer resources, and reacting to government regulations at a faster pace. Meanwhile, the threats to the organizational information assets are increasing as information is no longer contained solely within the corporate brick and mortar walls. This comprehensive workshop will provide the roadmap for the security officer to define their role, establish a strategic vision, develop the necessary security functions, and turn the vision into reality through security projects and actions.
Course Outline
Role and organizational placement of the Security Officer Establishing a strategic vision "Mindmap™" Defining security functions/components Risk analysis/management and Systems Security Plans Selling and communicating information security to executives/Board of Directors Core competencies - the "soft stuff" Addressing regulatory (HIPAA, GLBA, FISMA, PCI, SOX, EU, SB1386)/standards/framework (COBIT, ISO27001/2, NIST 800-53, DISA, FISCAM, ITIL) compliance through security governance initiatives Leveraging personality differences using MBTI™ to build effective teams Communicating with and maximizing the value of internal and external auditors Career vs. Job management and pitfalls to avoid Turning visions into actionable projects to protect the information assets
Who Should Attend
New security officers establishing security programs, as well as experienced security officers desiring to enhance their capabilities learning from the experiences of others (successes and failures).
You Will Learn
The key components necessary to build an effective, cost-conscious information security program that is right for your organization to adequately protect the critical information assets.
Building an effective information security program today requires the right blend of leadership, managerial and technical skills that are much different from even as little as 5 years ago. Organizations are merging, reorganizing, requiring that more be done with fewer resources, and reacting to government regulations at a faster pace. Meanwhile, the threats to the organizational information assets are increasing as information is no longer contained solely within the corporate brick and mortar walls. This comprehensive workshop will provide the roadmap for the security officer to define their role, establish a strategic vision, develop the necessary security functions, and turn the vision into reality through security projects and actions.
Course Outline
Who Should Attend
New security officers establishing security programs, as well as experienced security officers desiring to enhance their capabilities learning from the experiences of others (successes and failures).
You Will Learn
The key components necessary to build an effective, cost-conscious information security program that is right for your organization to adequately protect the critical information assets.
Instructor - Todd Fitzgerald, Systems Security Officer, National Government Services
Todd Fitzgerald, CISSP, CISA, CISM serves as a Medicare Systems Security Officer for National Government Services, LLC (NGS), Milwaukee, WI which is the nation's largest processor of Medicare claims, and subsidiary of WellPoint, Inc. (NYSE:WLP) the nation's largest health insurer.
Todd has 29 years of Information Technology experience, including 20 years of management. Prior to joining NGS, Todd held various broad-based senior Information Technology management positions for Fortune 500 organizations such as American Airlines, IMS Health, Zeneca (subsidiary of AstraZeneca Pharmaceuticals), Syngenta, as well as prior positions with Blue Cross Blue Shield of Wisconsin.
Todd has 29 years of Information Technology experience, including 20 years of management. Prior to joining NGS, Todd held various broad-based senior Information Technology management positions for Fortune 500 organizations such as American Airlines, IMS Health, Zeneca (subsidiary of AstraZeneca Pharmaceuticals), Syngenta, as well as prior positions with Blue Cross Blue Shield of Wisconsin.
Enterprise Security Architecture: A Business-Driven StrategyThursday, May 21 — 8:30 AM–4:30 PM
Using the world's most successful free-use and open-source methodology and framework for creating Security Architecture, this acclaimed class delivers immediate benefit and value. Find out how to use the most proven security architecture design and management processes and how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the needs of your organization. Through a series of innovative presentations and workshops understand how to deliver successful security strategy and architecture. Ensure that the security needs of your business are met completely and are designed, delivered and supported as an integral part of your IT management infrastructure.
Course Outline
Information security strategy, benefits & objectives Introduction to security architecture best practice Business requirements & how to define them in meaningful terms Strategic architectural concepts & how to apply them Architecture delivery Managing the strategic program Policy & risk management architecture Information assurance architecture Security services architecture Security measures, metrics & performance reporting architecture
Who Should AttendEnterprise, Infrastructure & Security architects Auditors & Compliance Officers Consultants & Advisors Service Management Professionals Business & IT Strategists
You will LearnHow to deliver successful security architecture How to apply Security engineering principles, methods & techniques How to engineer business requirements in meaningful terms How to create and use a business Attributes Profile How to use best practice tools such as domain & trust modeling
Using the world's most successful free-use and open-source methodology and framework for creating Security Architecture, this acclaimed class delivers immediate benefit and value. Find out how to use the most proven security architecture design and management processes and how to develop a comprehensive strategy for the creation of a security architecture that genuinely meets the needs of your organization. Through a series of innovative presentations and workshops understand how to deliver successful security strategy and architecture. Ensure that the security needs of your business are met completely and are designed, delivered and supported as an integral part of your IT management infrastructure.
Course Outline
Who Should Attend
You will Learn
Instructor - David Lynas, Founder, David Lynas Consulting Group
David Lynas is enjoying his twenty-fourth year of experience in Information Security during which he has provided strategic advice to major finance sector, government, and industry clients on every continent. He received the prestigious Computer Security Institute Lifetime Achievement Award in 2006 and was awarded honorary lifetime Fellowship of the British Computer Society (FBCS) in the same year for "exceptional leadership, eminence and seniority in the field of information security".
David is the founder and chair of the prestigious COSAC event (www.cosac.net) and the founder of the SABSA Institute for Security Architects (www.sabsa-institute.org).
David has delivered major presentations and key notes on more than forty different aspects of Information Security, Strategy, and Architecture globally. In 1996 he was the first non-American to be invited to deliver the general session at the Annual CSI Conference and has been a CSI faculty member since 1998.
David is the co-author of ?Enterprise Security Architecture: A Business-Driven Approach' (www.cmpbooks.com/product/1461) commissioned to be one of the most comprehensive architecture references ever published. He regularly publishes articles in the trade press and has been extensively quoted by the media including Irish Times, BBC, ITN, The Sydney Morning Herald, wired.com, and CIO Magazine.
David is the founder and chair of the prestigious COSAC event (www.cosac.net) and the founder of the SABSA Institute for Security Architects (www.sabsa-institute.org).
David has delivered major presentations and key notes on more than forty different aspects of Information Security, Strategy, and Architecture globally. In 1996 he was the first non-American to be invited to deliver the general session at the Annual CSI Conference and has been a CSI faculty member since 1998.
David is the co-author of ?Enterprise Security Architecture: A Business-Driven Approach' (www.cmpbooks.com/product/1461) commissioned to be one of the most comprehensive architecture references ever published. He regularly publishes articles in the trade press and has been extensively quoted by the media including Irish Times, BBC, ITN, The Sydney Morning Herald, wired.com, and CIO Magazine.
Learn more about Workshops
IT Security Free Sessions
Help! Someone Hijacked My Tweets: The Problem with Implicit Trust and Social Networks - Sponsored by Kaspersky LabTuesday, May 19 — 10:15–11:00 AM
Social networks are under attack. Organizations need to recognize these real threats to understand the risks associated with social networks. This session will provide a view of the state of social network security and how companies can guard against a users human instinct to accept the content as true and authentic.
Social networks are under attack. Organizations need to recognize these real threats to understand the risks associated with social networks. This session will provide a view of the state of social network security and how companies can guard against a users human instinct to accept the content as true and authentic.
Speaker - Roel Schouwenberg, Senior Antivirus Researcher, Kaspersky
Attacks Under the Microscope - The Latest Trends and Anatomy of Malware Attacks - Sponsored by SophosTuesday, May 19 — 12:15–1:00 PM
Get a better sense of how cybercriminals think and the various techniques and tricks they use to infiltrate networks. This session discusses the latest information security trends and the masterminds behind today's often complex malware, scareware, data breaches and other targeted attacks. Learn how to better defend your network from these sophisticated and ever-changing attacks through best practices and preventative security technologies.
Get a better sense of how cybercriminals think and the various techniques and tricks they use to infiltrate networks. This session discusses the latest information security trends and the masterminds behind today's often complex malware, scareware, data breaches and other targeted attacks. Learn how to better defend your network from these sophisticated and ever-changing attacks through best practices and preventative security technologies.
Speaker - Michael Argast, Security Analyst, Sophos
Argast leads a global team of consultants responsible for advising Sophos customers on their security and control implementations, practices and policies. He has more than 10 years experience in the IT industry, specializing in networking and security. His depth of experience includes delivering solutions for many of the Global 500 companies in finance, healthcare and telecom, as well as many large government and high profile education organizations. Michael joined Sophos via the acquisition in 2003 of a leading email security software vendor, ActiveState. Prior to that, he worked primarily in the networking sector helping to promote the adoption of Internet technologies in Canada. Michael regularly serves as a security source for the Wall Street Journal, USA Today, New York Times, SC Magazine, Network World, Everything Channel, SearchSecurity, InformationWeek, ECT News Network and other industry and business publications. Michael also speaks at industry conferences and leading educational symposiums on the topics of information security control and data protection best practices.
New Horizons in Network Security: 360 Visibility - Sponsored by McAfeeTuesday, May 19 — 1:15–2:00 PM
The changing perimeter of the network has spurred on significant improvements in firewall rules. However, the firewall rule set remains unable to solve problems that plague the administrator. This talk will discuss how to make the network defense system more aware of these "administrator headaches" and more able to alleviate them.
The changing perimeter of the network has spurred on significant improvements in firewall rules. However, the firewall rule set remains unable to solve problems that plague the administrator. This talk will discuss how to make the network defense system more aware of these "administrator headaches" and more able to alleviate them.
Speaker - Geoffrey Cooper, VP, Common Architecture and Infrastructure , Mcafee, Inc.
Geoffrey Cooper is a vice president in the Network Security Business Unit at McAfee, Inc., since November 2008, with special interest in traffic visualization and firewalls. Previously, he was Chief Scientist at SECURIFY, Inc., working on policy compliance and network behavior analysis. Mr. Cooper began working in Internet transport protocols in the early 1980's at MIT, where he received his Bachelor's and Master of Science degrees in Computer Science.
Mitigating Risk of IT & Information Security Breaches - Sponsored by Alcatel-LucentTuesday, May 19 — 4:00–4:45 PM
Regulatory mandates such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Financial Services Modernization Act, Homeland Security, and Sarbanes-Oxley Act are driving many organizations to revise and upgrade their IT and information security programs. A user centric secured dynamic enterprise uses a network embedded security infrastructure that delivers the controls and audit required for organization wide governance and compliance, allowing organizations to benefit from reduced risk of security breaches.
Regulatory mandates such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Financial Services Modernization Act, Homeland Security, and Sarbanes-Oxley Act are driving many organizations to revise and upgrade their IT and information security programs. A user centric secured dynamic enterprise uses a network embedded security infrastructure that delivers the controls and audit required for organization wide governance and compliance, allowing organizations to benefit from reduced risk of security breaches.
Speaker - David Fortini, Director Security Business Development, Alcatel-Lucent
The MSSP Model: When Network Security is Crucial to Your Business but Not Core to Your Expertise - Sponsored by StillSecureTuesday, May 19 — 4:15–5:00 PM
As network security threats grow more complex, the technologies to defend against them have become more sophisticated. Managed security services allow organizations to take advantage of powerful security solutions and to leverage security experts as an extension of their staff. This presentation will highlight the benefits of the MSSP (Managed Security Services Provider) model for those needing to increase security and lower TCO in light of today's economic climate.
As network security threats grow more complex, the technologies to defend against them have become more sophisticated. Managed security services allow organizations to take advantage of powerful security solutions and to leverage security experts as an extension of their staff. This presentation will highlight the benefits of the MSSP (Managed Security Services Provider) model for those needing to increase security and lower TCO in light of today's economic climate.
Speaker - Alan Shimel, Chief Strategy Officer, StillSecure
As chief strategy officer, Alan Shimel is responsible for guiding StillSecure® on its mission to bring innovative and effective networking and security solutions to the marketplace. Shimel is an often-cited personality in the security community. His commentary about the state of the security marketplace is followed closely by many industry insiders via his blog and podcast, "StillSecure After All These Years." Shimel has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal education, long experience in the field, and New York street smarts combine to form a unique personality. He is a sought-after speaker at industry conferences and events.
Driving Down Networking Costs for Remote Sites and Users - Sponsored by Aruba NeteworksWednesday, May 20 — 10:15–11:00 AM
Learn how to dramatically reduce networking costs and improve the productivity of your remote and satellite office workers with Aruba Networks' new Remote Access technology. See a demonstration of how easy and powerful administration of Aruba's secure and convenient remote networking solution is. Get the facts. Get the power.
Learn how to dramatically reduce networking costs and improve the productivity of your remote and satellite office workers with Aruba Networks' new Remote Access technology. See a demonstration of how easy and powerful administration of Aruba's secure and convenient remote networking solution is. Get the facts. Get the power.
Speaker - Rajeev Shah, Senior Product Manager, Aruba Networks
Forensics are Not Enough! Case Studies in Proactive Network Defense Using Security Information and Event Management (SIEM) Technology - Sponsored by TriGeo Network SecurityWednesday, May 20 — 12:15–1:00 PM
Learn how SIEM and real-time, in memory, analytics combine to capture, correlate and respond to network attacks and insider abuse. See automated responses to network attacks, policy violations, inappropriate web browsing and USB device usage. Hear how mid-sized enterprises use SIEM to meet regulatory compliance initiatives and gain network control.
Learn how SIEM and real-time, in memory, analytics combine to capture, correlate and respond to network attacks and insider abuse. See automated responses to network attacks, policy violations, inappropriate web browsing and USB device usage. Hear how mid-sized enterprises use SIEM to meet regulatory compliance initiatives and gain network control.
Speaker - Michelle Dickman, President and CEO, TriGeo Network Security
Michelle Dickman is president and chief executive officer of TriGeo Network Security. Ms. Dickman has spent over 20 years in the software and financial industries combined. Much of her extensive management, sales and marketing experience has been focused on the midsize enterprise which is TriGeo's core market. Dickman also brings considerable business development and management skills to TriGeo. As the co-founder and President of an ERP software company, Dickman grew that organization from ten to nearly one hundred employees, with four regional offices, and annual growth ranging from 20 to 60 percent. Her leadership ultimately led to the organization's acquisition by a public company.
Less time, Less Money, More Threats: Why SaaS is Better than On-Premise Security - Sponsored by WebrootWednesday, May 20 — 1:15–2:00 PM
The threat landscape continues to challenge security technologies. With malicious malware on the rise, but budgets and resources decreasing, SaaS is the evolution of email and web security. Security as a Service is easier to manage, more effective and more affordable than its software and hardware predecessors. Learn why in this interactive session.
The threat landscape continues to challenge security technologies. With malicious malware on the rise, but budgets and resources decreasing, SaaS is the evolution of email and web security. Security as a Service is easier to manage, more effective and more affordable than its software and hardware predecessors. Learn why in this interactive session.
Speaker - Thomas Chimento, SaaS Project Manager, Webroot
Identity Based Networking Services: Authenticated Networks that Deliver Stronger and More Scalable Security - Sponsored by CiscoWednesday, May 20 — 1:15–2:00 PM
Customers are demanding stronger and more scalable security today. Authenticated networks provide such a solution with access control at every network entry point, as well as auditing and reporting services. In this session, we'll present the latest Identity Based Networking Services progress and capabilities such as flexible authentication (including 802.1X for the wired networks), flexible rollout and IP telephony integration. We'll also describe deployment considerations to help customer adoption strategy and planning.
Customers are demanding stronger and more scalable security today. Authenticated networks provide such a solution with access control at every network entry point, as well as auditing and reporting services. In this session, we'll present the latest Identity Based Networking Services progress and capabilities such as flexible authentication (including 802.1X for the wired networks), flexible rollout and IP telephony integration. We'll also describe deployment considerations to help customer adoption strategy and planning.
Speaker - Steven Song, Security Business Manager, Cisco
Steven Song is a security business manager at Cisco. Steven's primary responsibilities include working with customers to help them adopt strategic security technologies and solutions, as well as external communications. Steven has worked extensively with the product business units, customers and the industry to accelerate customer security solution adoption and deployment. Prior to his present position, Steven was a Security Architect for the Corporate Security Programs Organization at Cisco. Steven is a Certified Information Systems Security Professional (CISSP) and a Cisco Certified Internetwork Expert in Security (CCIE, #4786).
IT Security Exhibitors
3 | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W
Click on a column header to re-sort the exhibitor list:
Click on a column header to re-sort the exhibitor list:
| Company ▾ | Booth |
|---|---|
| ER127, 2119 |
| 465 |
| 902 |
| 1719, Pod 13 |
| 564 |
| 906 |
| 2251 |
| 939 |
| 653 |
| 1719, Pod 7 |
| |
| 509 |
| 633 |
| 363 |
| 621 |
| 611 |
| 2615 |
| 338 |
| Surf B, 826 |
| Reef ABC |
| Surf C, 1127 |
| 2159 |
| 1343 |
| 1943 |
| 350 |
| 352 |
| 711 |
| 1668 |
| 839 |
| 815 |
| 715 |
| 2454 |
| 336 |
| 709 |
| 1007 |
| 1006 |
| 757 |
| 2551 |
| 2535 |
| 539 |
| 421 |
| 469 |
| 339 |
| Reef D, 1931 |
| 1008 |
| 2407 |
| 2611 |
| 1209 |
| 1106 |
| 1659 |
| 454 |
| 1220 |
| 853 |
| 1319 |
| 2531 |
| 1867 |
| 1221 |
| 1111 |
| 1213 |
| 1857 |
| 1103 |
| 2011 |
| 2550 |
| 1212 |
| 1951 |
| Surf A, 1967 |
| 2633 |
| 1759 |
| 1169 |
| 332 |
| ER2818, Admirals Boardroom |
| 953 |
| 1015 |
| 1014 |
| 802 |
| 2451 |
| 875, Pod 1 |
| 2547 |
| 341 |
| 959 |
| 2043 |
| 1119 |
| 2537 |
| 909 |
| 2319 |
| 808 |
| 807 |
| 821 |
| 1965 |
| 1114 |
| 1139 |
| 806 |
| 1961 |
| 427 |
| 2313 |
| 414 |
| 1217 |
| 2511 |
| 1250 |
| 2057 |
| 2412 |
| 703 |
| 463 |
| 1767 |
| 907 |
| 515 |
| 550 |
| 1069 |
| 708 |
| 865 |
| 1109 |
| 809 |
| 908 |
| 960 |
| 1117 |
| 2260 |
| 1002 |
| 433 |
| 639 |
| 2219 |
| 615 |
| 706 |
| 1208 |
| 1211 |
| 2335 |
| 751 |
| 861 |
| 407 |
| 850 |
| 359 |
| 1763 |
| 1861 |
| 2519 |