Information Security and Risk Management Conference and Expo
Information security and risk management continues to present a formidable challenge to organizations of all sizes and types. The current economic climate has forced organizations to do more with less, while the global adversary community continues their relentless attacks in the hopes of compromising environments and stealing sensitive information. There is also a new widespread adoption of technologies including social networking, cloud computing, and virtualization that provide great value to organizations but not without great risks. There is hope at the end of the tunnel though in the form of new and exciting technologies, strategic concepts, processes, and capabilities to assist organizations in facing their current challenges as well as understanding the new ones that are on the horizon. The Information Security and Risk Management track will focus on identifying and understanding these challenges and the emerging concepts and leading industry practices, which can be utilized to meet them.
| Wednesday, October 20 | |
|---|---|
10:30 AM–11:20 AM Location: Room 1E09
Vulnerability management has become a key component to information infrastructure security, however, it needs to evolve quickly to stay ahead of the hacking community and become more useful to IT Leadership. In order to keep up with the ever-growing threat landscape of technical vulnerabilities it is important to understand where you are vulnerable from both an application and network perspective. Traditional vulnerability management capabilities, techniques, and technologies may no longer be sufficient and can produce mixed results due to both the volume of vulnerabilities and credibility of the results. This session will focus on the current leading practices and the next generation of tools and techniques organizations can deploy for effective and realistic vulnerability management including: * Prioritization of exploitable vulnerabilities * Vulnerability enumeration techniques * Remediation management concepts * Compliance reporting capabilities Speaker - Tas Giakouminakis, CTO, Rapid 7 Tas is a Rapid7 co-founder and the chief architect of NeXpose and has been part of the Matthews and Devine team since 1990. Giakouminakis helped form Percussion Software in 1994 where he led the server development of Notrix, Percussion's first product. In addition, he led the server development team for Rhythmyx, Percussion's Enterprise Content Management system. Tas left Percussion to launch Rapid7 in 1998. Prior to his recent experiences, he worked in the financial services sector, developing software in the security and risk areas for CitiCorp. | |
11:30 AM–12:30 PM Location: Room 1E09 An effective Information Risk Management and Security strategy allows an organization to define how it will operate in order to achieve its business goals and requirements while still effectively protecting its information infrastructure and data assets. If developed properly strategy provides a roadmap for success that includes the definition of the capabilities, goals, timelines, functions, requirements, and metrics required to develop and implement an effective set of capabilities. It also assists an organization to answer the vital question of how much is enough? This session will focus on the key concepts and capabilities that should be considered when developing an Information Risk Management and Security strategy. Case studies of strategy development and implementations will be utilized throughout the session as well as discussions of current industry leading concepts and practices. Speaker - John Pironti, President, IP Architects, LLC John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). Mr. Pironti frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.
| |
2:00 PM–3:00 PM Location: Room 1E12 IT professionals are split on cloud security: half of them see it as a way to get stronger, more reliable computing that's secured by experts and far from the risk of in-house fraud; others see it as a terrifying loss of control that may violate privacy and compliance regulations. Either way, clouds call many security assumptions into question. This debate-format session will give proponents and detractors their chance to convince the audience. Moderator - Drew Bartkiewicz, CEO, CyberRiskPartners Drew Bartkiewicz, CEO of CyberRiskPartners. CRP offers Cloud Computing providers and data-intensive traditional businesses the visibility, quantification, and risk transfer solutions to manage cyber risk on an ongoing, targeted, and actionable basis. Through the CRP proprietary platform we deliver risk dispersion market options to enable Cloud clients to grow with emerging applications such as cloud computing, API’s, SAAS, and social media. CloudRisks is a specialty hedging platform networked with various Cyber Insurance companies that enables Cloud Computing companies to deal with the future of financial, technical, and legal aggregation. Www.cyberriskpartners.com Panelist - Steve Riley, Sr. Technical Program Manager, Amazon Web Services Steve Riley is an evangelist and strategist for cloud computing at Amazon Web Services, working to help organizations understand how to address security, privacy, and compliance concerns so that they can integrate the cloud with their existing environments to extend reach, increase utilization, and respond to rapid business changes. His specialties include information security, privacy, compliance frameworks, and policy. Steve has spoken at hundreds of events around the world, including RSA, SANS, Black Hat Windows, InfoSec US, (ISC)2, IANS, TechEd, and Connections. He co-authored a book about Microsoft security and has published numerous articles. Born with an Ethernet cable attached to his belly button, Steve grew up in networking and telecommunications. Besides lurking in the Internet's dark alleys and secret passages, he enjoys freely sharing his opinions about the intersection of technology and culture. He writes at http://stvrly.wordpress.com, tweets as @steveriley, and emails from steriley@amazon.com. | |
2:00 PM–3:00 PM | |
3:15 PM–4:15 PM Location: Room 1E09 Social Engineering (SE) driven by the science of Neuro Linguistic Programming (NLP) has become one of the dominant threats in security landscape. SE is used by many professions who must make decisions about people, rapidly and accurately. More importantly, it’s used to help you say yes. Even when you don’t want too! The information taught in this session is seldom available outside of the social science field because of its many powerful uses. This session will help you understand the SE threat, how you can tell if you’re under an SE attack, what you can do about these attacks and how to monitor and mitigate this threat. Speaker - Brad Smith, Director, Computer Institute of the Rockies Brad started working with computers in 1972, was featured in 1995 HIMSS - Microsoft Medical Software section and in 2005 was named the Microsoft Small Business Solution Provider Partner of the Year, an award given to only one small business for the entire world. Having helped craft the HIPAA law, Brad works with rural medical facilities helping them meet this complex and needed law, without going broke. He is a frequent lecturer on security topics at national conferences. Brad has been selected to speak at Defcon 18, thousands of people apply to speak and it has one of the highest rejection rates, but this is not Brad's first dance. He is a repeat speaker there and who could resist " Weaponizing Lady GaGa" and psychosonic weapons demonstrations. | |
| Thursday, October 21 | |
10:30 AM–11:20 AM Location: Room 1E09 Hacking is a profitable business, and like any business, to achieve scalability, it must become organized and various groups must become specialized. At its core, industrialized hacking can be understood by looking at three areas including the roles and responsibilities of the individuals involved, the optimization of compromised resources, and the automation of the attack vectors. This presentation will explore research that has been done around the industrialization of hacking. It will include an analysis of processes and techniques such as automated attacks and business logic attacks that are being used by modern attackers as well as countermeasures to thwart them. Speaker - Brian Contos, CISSP, Director Global Security Strategy & Risk Management, McAfee Mr. Contos has over 15 years of security engineering and management expertise. He has worked throughout North and South America, Europe, the Middle East, and Asia. At McAfee he advises government organizations and G2000s on security strategy. He has written two books including Enemy at the Water Cooler – Real Life Stories of Insider Threats, and Physical and Logical Security Convergence which he co-authored with former NSA Deputy Director William Crowell. He has delivered speeches at industry events like RSA, Black Hat, Interop, OWASP, CSI, ISACA, ISSA, InfraGard and eCrime. He is often quoted by business and industry press, and has written articles for Forbes, NY Times, London Times, Computerworld, and many others. He was formerly the Chief Security Strategist for Imperva, the Chief Security Officer for ArcSight, and has held management and engineering positions at Riptech, Bell Labs, Tandem Computers, and DISA. | |
11:30 AM–12:30 PM Location: Room 1E09 Having trouble telling the difference between a Web App Firewall and an Application Aware Firewall? between a UTM and an XTM? How deep is this deep packet inspection versus that one? How many network security appliances do I need anyhow? Which "products" should really be features? With so much marketing and vendor FUD, how can anyone tell what they really need? How do virtualization, clouds, and APTs affect my ability to do Network Security - or at least change requirement priorities? Together, we will map all legacy network security appliances to a common model and the OSI stack and discuss key changes in the threat and technology landscapes - cutting through marketing and history. Participants will leave better informed and more equipped to save time, money, and hassle going forward. Speaker - Josh Corman, Research Director, Enterprise Security Practice, The 451 Group Joshua Corman is the Research Director of Security for The 451 Group - a leading analyst firm focussed on the business of IT innovation. Corman is a candid, strategic thinker and a highly coveted speaker who has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently led NetworkWorld magazine to recognize Corman as a top 10 Influencer of IT for 2009. (Link to article: http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html) | |
2:00 PM–3:00 PM Location: Room 1E09 Security budgets have recently come under intense scrutiny and often are being cut or left the same as previous years even in a climate where security threats and attacks are on the rise. In these conditions where do you invest your available budget? Why isn’t the technology you have invested previously solving your security problems? How do you use the technologies and capabilities that you already have more effectively? How do you convince your management and leadership that security is still relevant and important? What should you be thinking about next? This panel discussion will answer these questions and more by providing knowledge and insights from professionals who are successfully overcoming these challenges every day. Moderator - John Pironti, President, IP Architects, LLC John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). Mr. Pironti frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.
Panelist - Jennifer Lesser, Senior Manager Governance/Awareness and Training/Business Operation, PayPal Information Risk Management Panelist - Khalid Kark, Principal Analyst, Forrester Research Khalid's research primarily contributes to Forrester's offerings for the Security & Risk professional. He is a leading expert in information security program governance; security services; strategy; and governance, risk, and compliance (GRC) initiatives. Khalid's research focuses on building and maintaining effective security programs and making information security leaders more successful in their role. Khalid covers security service providers offering managed as well as pure consulting services. He also covers security governance and risk management topics such as security metrics, budgets, strategy, compliance, awareness, training, and organizational structure. Khalid also advises clients on security standards, industry and government regulations, and IT compliance. Khalid has codeveloped Forrester's information security framework and assessment methodology. Khalid has been widely quoted in the press, including such media outlets as Boston Globe, CSO Magazine, and The Wall Street Journal. Khalid is a frequent keynote speaker at national and international conferences. Panelist - Patrick Sweeney, Vice President of Product Management, SonicWALL Patrick Sweeney has over 20 years experience in high tech product management, product marketing, corporate marketing and sales development. Mr. Sweeney is SonicWALL’s Vice President, Product Management, where he oversees its Network Security, Content Security, Business Continuity and Policy & Management product lines. Previous positions include Vice President of Worldwide Marketing, Minerva Networks, Senior Manager of Product Marketing & Solutions Marketing for Silicon Graphics Inc, Director of Worldwide Sales & Marketing for Articulate Systems, and Senior Product Line Manager for Apple Computer. Mr. Sweeney holds an MBA from Santa Clara University, CA. Panelist - Bill Brown, Chief Information Officer, Iron Mountain William Brown was appointed chief information officer in September 2008 and oversees the company's deployment of information technology to serve critical business objectives. He has overall responsibility for core systems development, computing services and service provisioning for Iron Mountain customers. Joining Iron Mountain in August 2005, Brown has more than 25 years of management experience in information technology, operations/logistics and electronic commerce. Prior to Iron Mountain, he was a co-founder and executive vice president of PCs Compleat, a PC retailer/distributor acquired by CompUSA. He has also held senior management positions at PC Connection, Send.com, JWP/Businessland and Merisel. Brown holds a bachelor's degree in mathematics from Bridgewater State College and an MBA from Babson College. | |
2:00 PM–3:00 PM Location: Room 1E13 Virtualization impacts every major compliance standard and requires fundamental changes to security practices. What should this mean to you? This session will discuss what gaps are introduced in the move from physical to virtual where compliance is concerned, and prescribe specific steps to ensure compliance for production deployments. Regulatory areas discussed will include FISMA, DIACAP, PCI, HIPAA and SOX/GLBA. The session will also discuss how to build a framework for securing virtual data centers and private clouds, and how to take physical security constructs like Zones and propagate them to the virtual infrastructure to enable consistent security across the entire data center. You will learn how various hypervisor security architectures coupled with VM Introspection and automation can deliver dynamic, granular insights into security. Moderator - Michael Dortch, Director of Research, Focus I have spent more than three decades translating what technical people say and do into language that non-technical businesspeople and consumers can understand and upon which they can act. Before joining Focus as Director of Research, I was most recently Principal Analyst and Managing Editor of DortchOnIT.com, 'an independent voice for technology-dependent people.' I've also been a senior analyst at Aberdeen Group, Robert Frances Group (RFG), and Yankee Group. I've helped established and emerging vendors to craft go-to-market messages and strategies aligned with users' goals and needs, and companies of all sizes and types to choose and deploy IT solutions more successfully. In 1990, I wrote "The ABCs of Local-Area Networks" (remember those?), a book published internationally in three languages by Sybex, Inc. A transplanted "Noo Yawker," I work in San Francisco, live about 50 miles north in beautiful Santa Rosa and can be reached directly at mdortch@focus.com. Panelist - Amir Ben-Efraim, CEO, Altor Amir is CEO and co-founder of Altor Networks. Amir has over 18 years of experience in high-tech management, including marketing, business development and software engineering. Most recently, Amir was head of business development at Check Point Software where he led the company’s global BD efforts, including partnerships, OEMs, corporate strategy and M&A considerations. Previously, Amir was co-founder and senior vice president of marketing at Blue Wireless, a vendor of personalization software for telecommunication carriers. Prior to Blue Wireless, Amir led marketing initiatives at Netro Corporation, and simulation projects as lead software engineer at Amdahl Computers. Amir holds an M.B.A. from UCLA, an M.S. in Electrical Engineering from Stanford University and a B.S. in Electrical Engineering from UC Berkeley. Panelist - Eric Chiu, President and CEO, HyTrust, Inc. Eric Chiu is CEO and founder of HyTrust, is the leader in policy management and access control for virtual infrastructure. He has in-depth knowledge about what’s needed to achieve the same level of operational readiness in virtual as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company. Panelist - Tamar Newberger, VP of Marketing, Catbird Tamar Newberger is the VP of Marketing at Catbird, responsible for the company’s efforts to increase user awareness around the security implications of moving from “P to V to C”. Ms. Newberger has over 20 years of experience in technology development, systems engineering and marketing, including UNIX development as a Member of Technical Staff at AT&T Bell Laboratories. As a systems engineer at UNIX Systems Laboratories (USL), she led the definition of SVR4.2 MP, the award-winning source code product which is at the heart of current mainstream UNIX. Ms. Newberger also worked at Novell in product planning for next-generation technologies and as the Director of Product Management at SCO. She holds MS and BA degrees in Computer Science from Columbia University in New York. | |
3:15 PM–4:15 PM Location: Room 1E10 While major wireless security concerns have long since left the front page, security is the one area in IT (and especially in mobile IT) where “done” is never achieved. New challenges and outright threats appear on a continual weekly basis, and it’s vital to keep up with the ever-changing security landscape. Our objective for this session is to look at the latest in mobile security threats, and how new solutions are enabling mobile users to go about their business without compromise to sensitive corporate assets. Moderator - Lisa Phifer, President, Core Competence Lisa has been involved in the design, implementation, and evaluation of networking, security, and management products for over 25 years. Since joining Core Competence in 1995, she has advised companies large and small regarding security needs, product assessment, and the use of emerging technologies and best practices. Lisa teaches about wireless LANs, mobile security, and virtual private networking, and has written extensively for numerous publications, including Wi-Fi Planet, Information Security, and SearchMobileComputing. Lisa's columns are published monthly by eSecurityPlanet, searchNetworking, and the AirWISE Community Security Center. Lisa holds an MS, Computer Science from Villanova University, and a BS in Computer Science from West Chester University. Panelist - Gopinath KN, Director of Engineering, AirTight Networks Gopinath KN (Gopi) has more than 12 years of experience in systems, networks and security. He has devoted the previous eight years of his life to understand wireless security issues and build cutting-edge security systems. He has several patents and technical publications to his credit. Gopi is a speaker and an author. He has delivered multi-day training sessions and speaks at popular international conferences. As an author, he contributes regularly to highly influential publications such as Network World, CWNP Blog, InfoSecurity Magazine, IDG Connect and Wireless Security Blog. Gopi has been a member of Bell Labs research, MH, NJ, and is currently Director of Engineering at Airtight Networks. Panelist - Chia-Chee Kuan, CTO, Senior VP of Engineering, AirMagnet Prior to co-founding AirMagnet in 2001 (now part of Fluke Networks through a 2009 acquisition), Mr. Kuan served as an advanced technical staff member at Packet Design LLC, since the company’s inception, where networking technology innovations were incubated and focused in the areas of Internet routing and wireless security. Prior to Packet Design, Mr. Kuan was the founding engineer at Precept Software, where he developed IP multicast and IP video streaming technologies. When Precept was later acquired by Cisco Systems, Mr. Kuan led Cisco Video Internet Service Unit (VISU) development team under the Cisco CTO’s Office. His career and experiences were devoted to computer networking especially in TCP/IP during the infancy of the Internet when ARPANET was just formed. Mr. Kuan's additional experience includes engineering design at Empirical Tools and Technologies, systems architecture at The Wollongong Group, and PC mail at the Networking and Communication Systems, Stanford University. He holds a Bachelor of Science in Information Engineering from National Taiwan University and a Master in Computer Science from Stanford University. Mr. Kuan also holds 10 US patents in the field of wireless security and performance management. Panelist - Matt Carrier, Mobility Evangelist, Sybase iAnwhere Matt Carrier offers more than a decade of experience in mobile communications and technology. He acts as a mobility evangelist on the importance of mobile collaboration, management and security, and application enablement within the enterprise. Matt's vast experience as a technical consultant in the U.S. and Europe has provided him with an in-depth understanding of the worldwide mobile and wireless market. Matt has advised many Fortune 500 companies on best practices and security strategies for mobile implementations. Matt is an experienced speaker and has delivered technical sessions at a variety of industry events including IBM Lotusphere and Sybase Techwave. Panelist - Khoi Nguyen, Group Product Manager, Mobile Security and Management Group, Symantec Corporation As the Group Product Manager for the Mobile Security and Management Group at Symantec, Khoi Nguyen is responsible for setting the strategic direction of major new product releases, helping to define the business strategy, setting the product roadmap, and managing the product management team. Nguyen earned his master’s in business administration from the UCLA Anderson School and MS in computer science from UCLA. During that time, Nguyen researched and designed new Internet protocols for “self-configuring and adaptive” Web Cache servers that were designed to reduce both network bandwidth and user response time on the Web. Nguyen is the co-author of “Adaptive Web Caching” in Computer Networks and ISDN Systems. Prior to Symantec , Nguyen co-founded Silvan Networks, which was funded by Sequoia Capital and developed peer-to-peer networking appliances for Internet Service Providers and Enterprises. Nguyen has also previously worked for PricewaterhouseCoopers as a Management Consultant in the Internet Strategy Practice. Nguyen earned his Bachelor of Science degree in Electrical Engineering and Computer Science from UC Berkeley. Panelist - Kevin Donovan, VP of Corporate Business Development, VASCO Data Security Kevin Donovan, Vice President of Corporate Business Development, joined VASCO in 2000 and has been a key member of VASCO’s team which has become the market leader in global authentication. Kevin has successfully managed global partner and customer relationships with some of the world’s best known organizations. Mr. Donovan has spoken at numerous security and banking summits. Kevin holds a degree from the University of Massachusetts in Marketing and an MBA from the University of Baltimore. | |
3:15 PM–4:15 PM Location: Room 1E09 There is continued pressure in today’s corporate environment to do more with less, to reduce costs and to become more agile in order to meet rapidly changing business demands in a difficult global economy. Outsourcing IT Security services is often senior management’s response to these challenging times, so the question is not if it will happen, but rather when and how it will happen, if it hasn’t already. However, has anything really changed, though? What is the true impact of the decision to outsource IT Security services? When IT Security is outsourced, what are the hidden challenges? This session will be presented from the perspective an enterprise security manager who has first-hand knowledge of how outsourcing certain IT Security services can help meet the resource and costs pressures of an organization without compromising its IT Security posture. Speaker - Jay Leek, Vice President, International Security, Equifax, Inc. Jay Leek, CISM, CISA, CISSP is currently the Vice President of International Security at Equifax. In this role, Jay is responsible for ensuring security programs, risks affecting business interests and regulatory matters are properly managed internationally. Prior to Equifax, Jay was at Nokia for 10 years where he headed up Corporate IT Security Services globally, and he was directly involved in the development and management of core information security services in addition to the negotiation and management of multi-million dollar IT security outsourcing relationships. Over the past 15 years, Jay has also worked as a product manager for information security vendors as well as a consultant to numerous telecommunications companies, government agencies and financial institutions assisting them with business development, strategic planning and architectural design required to meet their ICT and security objectives. Jay also acts as an industry advisor and member of advisory boards for information security organizations and government agencies, and he is an active contributor towards defining industry standards and/or best practices to address global enterprise information security challenges. He is also a frequent speaker on information security related topics at domestic and international conferences. | |
| Friday, October 22 | |
9:00 AM–10:00 AM Location: Room 1E09 Cloud computing is a cost effective and efficient way for enterprises to automate their processes. However organizations need to be aware of the pitfalls of the many cloud-computing solutions out there - one of the main ones being security. Most of these solutions were built for ease of use and without necessarily security in mind. Companies should ask the solution provider the security measures used in developing the application and get an independent verification to make sure there are no gaping holes. With over 75% of attacks occurring through the Web, any attack through these applications can lead to leakage of confidential information and embarrassment. This session will highlight the security considerations an organization needs to take into account when adopting cloud computing capabilities. Speaker - Lars Ewe, CTO and VP of Engineering, Cenzic Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management/marketing, and sales in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts. | |
10:15 AM–11:15 AM Location: Room 1E09 This presentation will discuss 10 years of research and benchmarking of 1,000 organizations by the IT Process Institute, that uncovered the 20% of IT controls that deliver 80% of the performance improvement, as well as creating a sustainable and secure controls environment. Case studies of effective organizations will be discussed as well as observations and conclusions that where developed as a result of the research. Speaker - Dwayne Melancon, Vice President, Tripwire Inc. | |
11:30 AM–12:30 PM Location: Room 1E09 Recent data breaches have taught us that we cannot solely rely on Intrusion Prevention Systems (IPS) alone to identify security challenges. Enterprises need to take a proactive approach to securing their network and applications by implementing a log management system that allows for real time access to data and reports so problems can be stopped before they start. This session will discuss the current industry leading methods and practices for log management. Speaker - Ben Goodman, Principal Strategist, Identity, Compliance and Security, Novell As Novell's Principal Strategist for Identity, Compliance and Security, Ben works closely with the executives of Novell's largest customers to understand their business and to share Novell Strategy. He works closely with Novell Research and development to ensure Novell's technical roadmaps align with customer business needs. With nearly 15 years of successful experience in the design and implementation of advanced Information Technology, Ben Goodman has developed a sharp eye for how businesses get the most out of their IT Investments, making their businesses more efficient, agile, and secure. | |
Workshops
Get in-depth Information Security and Risk Management education in full day workshops on Monday and Tuesday before the conference.
| Monday, October 18 | |
|---|---|
9:00 AM–4:30 PM Location: Room 1E09 IT security technology is extremely dynamic in nature. Not only do new and improved security technologies constantly emerge, but some technologies become increasingly prevalent, whereas others fall by the wayside. Furthermore, many information security experts believe that we have been using the same basic security measures over the last 20 years and that this is one of the major reasons for the growing gap between actual risk and managed risk. The technology arena is not excepted from this view. Because technology is so critical in mitigating information security-related risk, keeping in touch with security technologies (especially new and emerging ones), understanding their real functionality, capabilities, limitations, and potential for improvement despite all the hype that surrounds them, understanding environments and contexts in which they are most likely to be successful, and learning how to develop an effective strategy for deploying and phasing in these technologies is essential. Instructor - Eugene Schultz, CISM, CISSP, Chief Technology Officer, Emagined Security Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 120 published papers. Gene was the Editor-in-Chief of _Computers and Security_ from 2002 - 2007, is currently on the editorial board for this journal, and is an associate editor of _Network Security_. He is also a SANS instructor, member of the SANS NewsBites editorial board, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. A Distinguished Fellow of the Information Systems Security Association (ISSA), Gene has also been named to the ISSA Hall of Fame and has received ISSA's Professional Achievement and Honor Roll Awards. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases. | |
| Tuesday, October 19 | |
9:00 AM–4:30 PM Location: Room 1E09 Windows 7 is set to inherit the XP kingdom: attend this session and lean the security tricks needed to keep your kingdom safe. You'll understand Microsoft's new security model and how to make it work for you. Be dazzled by over 300 diagnostic tools built in Win 7, which can make you a Diagnostic Demon! Understand where the hidden folder system is that your files and programs are installed and where the registry hides your setting. (Hint: they don't exist in XP!) You'll learn unique optional security setting to really secure Win 7 so you comply with the Federal security regulations. None of these setting are on by default, all are deep screened and all increase your security for Free. Finish by constructing a self booting USB copy of Win 7 that can be used for enterprise rollout, diagnostic or just a great OS on a stick. Using information gathered from multiple sources - including private discussions with developers, inside MS sources and personal investigation — this workshop will help you understand the next generation of Microsoft clients NOW! Hear from past attendees of Securing Windows 7: -One of the best, if not the best, workshops that I have attended. Brad was very organized with clear objectives and plenty of time for questions. He had many demos during the workshop and tips and software recommendations. Very good workshop. -Brad was very informative. He made his presentation with style and pizazz. He was very knowledgable on all subjects discussed. -This was an excellent course. The information was highly relevant Brad is a fantastic instructor. Energetic and extremely knowledgeable. Thanks for a great class. -Kept the session entertaining. A good amount of information was given as well as links to applications, and information. -Brad is a very good instructor/speaker. I've been taking his workshops for a few years now and learn something new every time. -Brad exposed the underbelly of Windows 7 and its tools, A lot of what is not advertised he showed me. Excellent. -Brad Smith is an exciting presenter who draws you in and gets you as excited about his topics as he is. I wished he had more sessions so I could just go to all of his! -Mr. Smith is enthusiastic, knowledgeable and entertaining. I found it refreshing that the instructor was not employed by the vendor (Microsoft) and enjoyed learning the topic from a non-sales point of view. Instructor - Brad Smith, Director, Computer Institute of the Rockies Brad started working with computers in 1972, was featured in 1995 HIMSS - Microsoft Medical Software section and in 2005 was named the Microsoft Small Business Solution Provider Partner of the Year, an award given to only one small business for the entire world. Having helped craft the HIPAA law, Brad works with rural medical facilities helping them meet this complex and needed law, without going broke. He is a frequent lecturer on security topics at national conferences. Brad has been selected to speak at Defcon 18, thousands of people apply to speak and it has one of the highest rejection rates, but this is not Brad's first dance. He is a repeat speaker there and who could resist " Weaponizing Lady GaGa" and psychosonic weapons demonstrations. | |
Free Information Security and Risk Management Sessions
All Interop attendees can choose from a full calendar of free sessions Wednesday and Thursday including the following covering Information Security and Risk Management:
| Wednesday, October 20 | |
|---|---|
11:00 AM–11:20 AM Location: Cloud Zone Theater As you consider the most secure and cost-effective ways to take advantage of cloud computing in your enterprise, there are several factors you should assess for your strategy. Attend this session to learn about the technical, operations and business decisions that are the keys to a successful cloud implementation. Speaker - Bob Lamendola, Vice President, Client Services, mindSHIFT As Vice President, Client Services at mindSHIFT Technologies, Bob Lamendola is responsible for delivering network infrastructure solutions for clients. Bob’s role includes directing the teams responsible for designing the client solution to meet specifications, architecting its implementation and delivering the final product on time and on budget. | |
12:00 PM–12:45 PM Location: Interopnet classroom | |
1:00 PM–1:20 PM Location: Cloud Zone Theater Server memory is a critical resource constraint in datacenters and as demand for virtualization and cloud applications continues to increase; this limitation will have economic and operational impact. This presentation explores the new HyperCloud memory technology from Netlist and how it can maximize server utilization, improve productivity and reduce TCO. Speaker - Christopher Lopes, CoFounder and VP Sales, Netlist
Mr. Lopes has 28 years of sales management, applications and design experience with Toshiba America, Philips Semiconductor, LSI Logic and Xicor and began his career as a systems design engineer at Lockheed Missiles & Space. Mr. Lopes has a BS in Electrical Engineering from California State University, Sacramento, and holds an MBA from Santa Clara University. | |
1:40 PM–2:00 PM Location: Cloud Zone Theater Today, innovative, multi-vector techniques are attempted on virtually everyone connected to the Internet - leaving computers wide open for exploitation. This session will take a look at the emerging Web threats plaguing businesses today. Attendees will learn what they can do to better shore up their defenses and lessen threat exposure. Speaker - Joel Smith, Chief Technology Officer, AppRiver Joel Smith co-founded AppRiver with CEO Michael Murdoch in 2002, bringing with him more than a decade of experience in the technology sector where he focused primarily on network security and e-mail efficiency. Since AppRiver’s inception, Smith has made it a priority to create and deliver mission-critical applications via a SaaS model. Working alongside a creative 25-person R&D staff, Smith has led the charge to bring secure messaging and Web solutions to more than 45,000 customers worldwide. | |
2:00 PM–2:45 PM  Location: Free Ed Room 1 Learn how SIEM and real-time, in memory, analytics combine to capture, correlate and respond to network attacks and insider abuse. See automated responses to network attacks, policy violations, inappropriate web browsing and USB device usage. Hear how mid-sized enterprises use SIEM to meet regulatory compliance initiatives and gain network control. Speaker - Jamie Winterset, VP of Sales, TriGeo Network Security | |
| Thursday, October 21 | |
11:40 AM–12:00 PM Location: Cloud Zone Theater Description to come. Speaker - Babak Pasdar, President, CEO and Chief Technologist, Bat Blue Corporation Babak Pasdar, is a 24 year veteran of the technology industry and is recognized industry-wide as an emerging technology evangelist. He has a proven track record in both identifying early stage technologies that address emerging client requirements and building successful technology organizations, Cybernex and IGX Global. Bat Blue is his third successful startup. | |
Information Security and Risk Management Exhibitors
See all the latest IT solutions at Interop's comprehensive expo, with 150+ technology companies including leading Information Security and Risk Management vendors.
Click on a column header to re-sort the exhibitor list:
A | B | C | D | E | G | H | I | K | L | M | N | P | R | S | T | V | W| Company | Booth |
|---|---|
AEP Networks
 AEP Networks is a leading provider of specialist end-to-end communications solutions which enhanced voice and data communications at critical points of operation where security is paramont and the consequence of loss would be severe. AEP's solutions have been chosen by blue-chip customers in over 60 countries. Address Website Products/Services Offered
Companies Served
|
606 |
| AppRiver
AppRiver is a software-as-a-service (SaaS) provider offering secure messaging and Web solutions to businesses of any size. In addition to spam and virus protection, the company provides e-mail encryption, Web security solutions and a complete managed service for Microsoft® Exchange Address Website Social Networks Products/Services Offered
Companies Served
|
505 |
Astaro Corporation
 Astaro combines best-of-breed applications, proven quality of Linux and enterprise-level performance to provide unparalleled Network, Web and Email security. Software, hardware and virtual appliances give flexibility for many deployment scenarios. With by over 3,000 resellers, Astaro protects over 100,000 networks in 60 countries. Address Website Social Networks Products/Services Offered
Companies Served
|
629 |
| Barracuda Networks
Address Website Products/Services Offered
|
743 |
| Bat Blue Corporation
Bat Blue Corporation provides network consultancy, IP services and security solutions. Bat Blue's “In-the-Cloud” offering, CloudSec, eliminates capital and hardware costs, reduces risk and benefits from a centralized interface. BlueNET IP network provides a true 10Gig network that leverages terabit carrier-grade fully redundant infrastructure. Address Website Social Networks Products/Services Offered
Companies Served
|
713 |
| Ciphertex
Ciphertex offers powerful, affordable data security products and services to companies and businesses around the world. Our products feature the highest levels of hardware−based encryption solutions.Today´s larger digital media capacities, increased data mobility, and growing security concerns demand comprehensive, endpoint, hardware−based encryption. Address Website Products/Services Offered
Companies Served
|
737 |
Cisco
 Cisco unveils capabilities to maximize participation anytime, anywhere, to any device, securely, reliably and seamlessly, and delivered through virtualized and cloud-based services. With innovations for the network and the data center, Cisco delivers new technologies, solutions, and services that enable transformational business models. Address Website Social Networks Products/Services Offered
Companies Served
|
121 |
Clearswift
 Clearswift is a global information security company with over 20 years experience delivering enterprise-class, government grade, email and Web content security solutions. Its unified security solutions enable more than 17,000 organizations worldwide to manage and maintain no-compromise data, e-mail and web security across all gateways and in all directions. Address Website Products/Services Offered
|
848 |
| Comodo Group Inc.
Address Website Products/Services Offered
|
729 |
Cyberoam
 Address Website Products/Services Offered
|
843 |
| Cymphonix
Address Website Products/Services Offered
|
724 |
| Datacom Systems
Datacom Systems is a leading manufacturer of data capture infrastructure for increased network access and visibility. A critical part of the computer network, data capture infrastructure provides copies of network traffic to monitoring tools for network, security, and application analysis. Datacom products are compatible with all vendor's monitoring deployments. Address Website Social Networks Products/Services Offered
Companies Served
|
250 |
EMC Corporation
 EMC Ionix (formerly Smarts and Voyence) network management solutions improve availability and performance, and increase operational efficiency—which save you time and money. They do this by automating root-cause analysis; service and infrastructure monitoring; network configuration, change, and compliance management (including Vblocks); and reporting across physical, virtual & Cloud environments. Address Website Social Networks Products/Services Offered
Companies Served
|
345 |
Emulex Corporation
 Emulex (NYSE:ELX) is the leader in converged networking solutions for the data center. Emulex provides a single framework that intelligently connects every server, network and storage device within the data center. Emulex's portfolio of controller chips, adapters, blades and connectivity solutions are trusted by the world's largest IT environments. www.emulex.com Address Website Social Networks Products/Services Offered
Companies Served
|
443 |
Enterasys Networks and PTS Data Center Solutions
  ProviderAbout PTS Data Center Solutions Experts for Your Always Available Data Center. PTS Data Center Solutions specializes in the business strategy, planning, designing, engineering, constructing, commissioning, implementing, maintaining, and managing of data center and computer room environments from both the facility and IT perspectives. Address Website Social Networks Products/Services Offered
Companies Served
|
756 |
| Ezenia Inc.
Ezenia is proud and excited to be at the forefront of some of the most sophisticated collaboration products available today. Ezenia’s products are developed to provide people with the technology they need to work together regardless of their location, to make them more effective and efficient. Address Website Products/Services Offered
Companies Served
|
842 |
Gigamon
 Gigamon provides secure access and complete visibility to all your data anywhere, anytime, while lowering the total cost of network management. Gigamon’s product suite seamlessly aggregates, filters and replicates traffic of interest from 1Gbps and 10Gbps tapped links and mirror ports to multiple monitoring and security tools. Address Website Social Networks Products/Services Offered
Companies Served
|
630 |
| HotLava Systems
HotLava Systems designs and manufactures innovative, server class multi-port Gigabit and 10-Gigabit Ethernet adapters that meet the bandwidth, space, and power consumption requirements of the most demanding networks. Our products are natively-supported by virtually all operating systems and deliver more productivity by reducing or eliminating network interface congestion. Address Website Products/Services Offered
|
823 |
HP
 ProviderHP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. The world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure to solve customer problems. Address Website Social Networks Products/Services Offered
Companies Served
|
716 |
| Interface Masters Technologies
Address Website Products/Services Offered
|
745 |
| IPC Technologies, Inc/ShoreTel
IPC Technologies, founded in 1981 has been at the forefront of offering best of breed products and services to companies all over the world. Based in the Capitol Region, IPC is focused on becoming the leading provider of communications products with ShoreTel, Aerohive, LifeSize and TechFirst Cloud Services. Address Website Products/Services Offered
Companies Served
|
349 |
Kerio Technologies, Inc.
 Address Website Products/Services Offered
|
749 |
| Logicube
A global manufacturer of hard drive duplication and eForensics systems, Logicube delivers feature-rich and reliable solutions. Our duplication product family features handheld one-to-one devices as well as production-class systems for multi-target hard drive cloning. Our eForensic product family includes data capturing solutions for computers, cellphones & PDAs. Address Website Products/Services Offered
Companies Served
|
454 |
McAfee
 ProviderAddress Website Products/Services Offered
|
642 |
Microsemi/PowerDsine
 Microsemi's PowerDsine® midspans enable Ethernet switches to deliver up to 72 watts of reliable power. Exclusive PowerView Pro™ platform provides remote control, reboot and full power monitoring of network operations. PowerDsine technology is a major driver of 802.3af and 802.3at standards, the leader in High Power Midspans. Address Website Products/Services Offered
Companies Served
|
825 |
Microsoft
 Address Website Products/Services Offered
|
411 |
| Napatech
Napatech develops and markets the world's most advanced 1Gig and 10Gig programmable Ethernet network adapters for network traffic analysis and application off-loading. Napatech is the leading OEM supplier of Ethernet network acceleration adapter hardware with an installed base of more than 60,000 ports. Address Website Products/Services Offered
Companies Served
|
455 |
| Nero, Inc.
Nero excels your multimedia power with a collection of three products bundled into one powerful suite. It’s loaded with advanced video editing features, media organizer and player, superior burning software, reliable backup technology, and special multimedia tools to enhance your music, photos and videos. Address Website Social Networks Products/Services Offered
Companies Served
|
456 |
Net Optics, Inc.
 ProviderNet Optics, the global leader in intelligent network access solutions, enables more than 6,300 organizations to enhance network performance and security while supporting regulatory compliance. The company offers innovative monitoring access and intrusion prevention solutions, protocol analyzers, firewalls, and network probes and maintains a worldwide reseller network. Address Website Social Networks Products/Services Offered
Companies Served
|
542 |
| Processor
Processor is a bi-weekly print publication designed for people managing and purchasing equipment for data centers. Processor’s content is comprehensive but presented in a quick, easy-to-read format, so readers can keep up with new data center products and technologies. Address Website Social Networks Products/Services Offered
Companies Served
|
829 |
Rackspace
 Rackspace provides on-demand and scalable website, application and storage hosting backed by Fanatical Support®. Through an integrated suite of cloud solutions, The Rackspace Cloud enables developers and IT managers to trade the hassles, upfront investments and high costs for a hosting environment that scales easily when traffic fluctuates. Address Website Products/Services Offered
Companies Served
|
401 |
| Safari Books Online
Safari Books Online is an on-demand digital library that provides one integrated source for over 10,000 expert reference and learning materials from leading publishers. The site includes exclusive access to the collections of O’Reilly Media, Addison-Wesley, Prentice Hall, Cisco Press, Adobe Press and many others. Address Website Social Networks Products/Services Offered
Companies Served
|
722 |
Terremark Worldwide
 Terremark Worldwide is a leading global provider of IT infrastructure services delivered on the industry's most robust and advanced technology platform. Leveraging data centers worldwide with access to massive and diverse network connectivity, a comprehensive suite of managed solutions including cloud computing, managed hosting, colocation, security and data storage services. Address Website Social Networks Products/Services Offered
Companies Served
|
511 |
| Tools4ever, Inc.
Tools4ever offers quality, scalable productivity solutions for the Windows system administrator with a focus on User Provisioning, Life Cycle, Identity and Password management.Tools4ever is a Microsoft Certified Gold Partner serving more than 5,000 clients and is committed to delivering superior products and outstanding customer support from offices worldwide. Address Website Social Networks Products/Services Offered
Companies Served
|
656 |
TriGeo Network Security
 TriGeo Network Security delivers enterprise security information and event management designed specifically for the mid-market. TriGeo combines real-time log management, event correlation and end-point security with unique active response technology. This award-winning product delivers an "Audit-Proven" compliance solution that meets security requirements imposed by PCI, GLBA, HIPAA and more. Address Website Social Networks Products/Services Offered
Companies Served
|
637 |
| VU Technologies
Address Website Products/Services Offered
|
429 |
WatchGuard
 WatchGuard provides an extensive family of network security products to help you secure your network from zero day threats, prevent unauthorized data from leaving your network, filter spam, block social networking sites, prevent malicious intrusions, integrate in-the-cloud security services, and much more. Contact us at www.watchguard.com Address Website Products/Services Offered
Companies Served
|
643 |
WildPackets
 WildPackets develops hardware and software solutions that drive network performance, enabling organizations of all sizes to analyze, troubleshoot, optimize, and secure their wired and wireless networks. WildPackets products are deployed in all industrial sectors. For more information, visit www.wildpackets.com. Address Website Social Networks Products/Services Offered
Companies Served
|
548 |
Information Security and Risk Management Conference
Information security and risk management continues to present a formidable challenge to organizations of all sizes and types. The current economic climate has forced organizations to do more with less, while the global adversary community continues their relentless attacks in the hopes of compromising environments and stealing sensitive information. There is also a new widespread adoption of technologies including social networking, cloud computing, and virtualization that provide great value to organizations but not without great risks. There is hope at the end of the tunnel though in the form of new and exciting technologies, strategic concepts, processes, and capabilities to assist organizations in facing their current challenges as well as understanding the new ones that are on the horizon. The Information Security and Risk Management track will focus on identifying and understanding these challenges and the emerging concepts and leading industry practices, which can be utilized to meet them.
| Wednesday, October 20 | |
|---|---|
10:30 AM–11:20 AM Location: Room 1E09
Vulnerability management has become a key component to information infrastructure security, however, it needs to evolve quickly to stay ahead of the hacking community and become more useful to IT Leadership. In order to keep up with the ever-growing threat landscape of technical vulnerabilities it is important to understand where you are vulnerable from both an application and network perspective. Traditional vulnerability management capabilities, techniques, and technologies may no longer be sufficient and can produce mixed results due to both the volume of vulnerabilities and credibility of the results. This session will focus on the current leading practices and the next generation of tools and techniques organizations can deploy for effective and realistic vulnerability management including: * Prioritization of exploitable vulnerabilities * Vulnerability enumeration techniques * Remediation management concepts * Compliance reporting capabilities Speaker - Tas Giakouminakis, CTO, Rapid 7 Tas is a Rapid7 co-founder and the chief architect of NeXpose and has been part of the Matthews and Devine team since 1990. Giakouminakis helped form Percussion Software in 1994 where he led the server development of Notrix, Percussion's first product. In addition, he led the server development team for Rhythmyx, Percussion's Enterprise Content Management system. Tas left Percussion to launch Rapid7 in 1998. Prior to his recent experiences, he worked in the financial services sector, developing software in the security and risk areas for CitiCorp. | |
11:30 AM–12:30 PM Location: Room 1E09 An effective Information Risk Management and Security strategy allows an organization to define how it will operate in order to achieve its business goals and requirements while still effectively protecting its information infrastructure and data assets. If developed properly strategy provides a roadmap for success that includes the definition of the capabilities, goals, timelines, functions, requirements, and metrics required to develop and implement an effective set of capabilities. It also assists an organization to answer the vital question of how much is enough? This session will focus on the key concepts and capabilities that should be considered when developing an Information Risk Management and Security strategy. Case studies of strategy development and implementations will be utilized throughout the session as well as discussions of current industry leading concepts and practices. Speaker - John Pironti, President, IP Architects, LLC John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). Mr. Pironti frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.
| |
2:00 PM–3:00 PM Location: Room 1E12 IT professionals are split on cloud security: half of them see it as a way to get stronger, more reliable computing that's secured by experts and far from the risk of in-house fraud; others see it as a terrifying loss of control that may violate privacy and compliance regulations. Either way, clouds call many security assumptions into question. This debate-format session will give proponents and detractors their chance to convince the audience. Moderator - Drew Bartkiewicz, CEO, CyberRiskPartners Drew Bartkiewicz, CEO of CyberRiskPartners. CRP offers Cloud Computing providers and data-intensive traditional businesses the visibility, quantification, and risk transfer solutions to manage cyber risk on an ongoing, targeted, and actionable basis. Through the CRP proprietary platform we deliver risk dispersion market options to enable Cloud clients to grow with emerging applications such as cloud computing, API’s, SAAS, and social media. CloudRisks is a specialty hedging platform networked with various Cyber Insurance companies that enables Cloud Computing companies to deal with the future of financial, technical, and legal aggregation. Www.cyberriskpartners.com Panelist - Steve Riley, Sr. Technical Program Manager, Amazon Web Services Steve Riley is an evangelist and strategist for cloud computing at Amazon Web Services, working to help organizations understand how to address security, privacy, and compliance concerns so that they can integrate the cloud with their existing environments to extend reach, increase utilization, and respond to rapid business changes. His specialties include information security, privacy, compliance frameworks, and policy. Steve has spoken at hundreds of events around the world, including RSA, SANS, Black Hat Windows, InfoSec US, (ISC)2, IANS, TechEd, and Connections. He co-authored a book about Microsoft security and has published numerous articles. Born with an Ethernet cable attached to his belly button, Steve grew up in networking and telecommunications. Besides lurking in the Internet's dark alleys and secret passages, he enjoys freely sharing his opinions about the intersection of technology and culture. He writes at http://stvrly.wordpress.com, tweets as @steveriley, and emails from steriley@amazon.com. | |
2:00 PM–3:00 PM Location: Room 1E09 Social networks simultaneously offer huge business benefits and unheard of security risks. How can enterprises effectively use social networks while not putting their security and data at risk? This session will detail the significant security and privacy risks that social networks create, and will also provides detailed guidance on ways organizations and individuals can use social networks in a safe and secure manner. Speaker - Ben Rothke, Senior Security Consultant, British Telecom Ben Rothke, CISSP CISA is a New York City based senior security consultant with BT Professional Services and has over 15 years of industry experience in information systems security and privacy. | |
3:15 PM–4:15 PM Location: Room 1E09 Social Engineering (SE) driven by the science of Neuro Linguistic Programming (NLP) has become one of the dominant threats in security landscape. SE is used by many professions who must make decisions about people, rapidly and accurately. More importantly, it’s used to help you say yes. Even when you don’t want too! The information taught in this session is seldom available outside of the social science field because of its many powerful uses. This session will help you understand the SE threat, how you can tell if you’re under an SE attack, what you can do about these attacks and how to monitor and mitigate this threat. Speaker - Brad Smith, Director, Computer Institute of the Rockies Brad started working with computers in 1972, was featured in 1995 HIMSS - Microsoft Medical Software section and in 2005 was named the Microsoft Small Business Solution Provider Partner of the Year, an award given to only one small business for the entire world. Having helped craft the HIPAA law, Brad works with rural medical facilities helping them meet this complex and needed law, without going broke. He is a frequent lecturer on security topics at national conferences. Brad has been selected to speak at Defcon 18, thousands of people apply to speak and it has one of the highest rejection rates, but this is not Brad's first dance. He is a repeat speaker there and who could resist " Weaponizing Lady GaGa" and psychosonic weapons demonstrations. | |
| Thursday, October 21 | |
10:30 AM–11:20 AM Location: Room 1E09 Hacking is a profitable business, and like any business, to achieve scalability, it must become organized and various groups must become specialized. At its core, industrialized hacking can be understood by looking at three areas including the roles and responsibilities of the individuals involved, the optimization of compromised resources, and the automation of the attack vectors. This presentation will explore research that has been done around the industrialization of hacking. It will include an analysis of processes and techniques such as automated attacks and business logic attacks that are being used by modern attackers as well as countermeasures to thwart them. Speaker - Brian Contos, CISSP, Director Global Security Strategy & Risk Management, McAfee Mr. Contos has over 15 years of security engineering and management expertise. He has worked throughout North and South America, Europe, the Middle East, and Asia. At McAfee he advises government organizations and G2000s on security strategy. He has written two books including Enemy at the Water Cooler – Real Life Stories of Insider Threats, and Physical and Logical Security Convergence which he co-authored with former NSA Deputy Director William Crowell. He has delivered speeches at industry events like RSA, Black Hat, Interop, OWASP, CSI, ISACA, ISSA, InfraGard and eCrime. He is often quoted by business and industry press, and has written articles for Forbes, NY Times, London Times, Computerworld, and many others. He was formerly the Chief Security Strategist for Imperva, the Chief Security Officer for ArcSight, and has held management and engineering positions at Riptech, Bell Labs, Tandem Computers, and DISA. | |
11:30 AM–12:30 PM Location: Room 1E09 Having trouble telling the difference between a Web App Firewall and an Application Aware Firewall? between a UTM and an XTM? How deep is this deep packet inspection versus that one? How many network security appliances do I need anyhow? Which "products" should really be features? With so much marketing and vendor FUD, how can anyone tell what they really need? How do virtualization, clouds, and APTs affect my ability to do Network Security - or at least change requirement priorities? Together, we will map all legacy network security appliances to a common model and the OSI stack and discuss key changes in the threat and technology landscapes - cutting through marketing and history. Participants will leave better informed and more equipped to save time, money, and hassle going forward. Speaker - Josh Corman, Research Director, Enterprise Security Practice, The 451 Group Joshua Corman is the Research Director of Security for The 451 Group - a leading analyst firm focussed on the business of IT innovation. Corman is a candid, strategic thinker and a highly coveted speaker who has spoken at leading industry events such as RSA, Interop, ISACA, and SANS. His efforts to educate and challenge the industry recently led NetworkWorld magazine to recognize Corman as a top 10 Influencer of IT for 2009. (Link to article: http://www.networkworld.com/supp/2009/outlook/010509-tech-people-to-know.html) | |
2:00 PM–3:00 PM Location: Room 1E09 Security budgets have recently come under intense scrutiny and often are being cut or left the same as previous years even in a climate where security threats and attacks are on the rise. In these conditions where do you invest your available budget? Why isn’t the technology you have invested previously solving your security problems? How do you use the technologies and capabilities that you already have more effectively? How do you convince your management and leadership that security is still relevant and important? What should you be thinking about next? This panel discussion will answer these questions and more by providing knowledge and insights from professionals who are successfully overcoming these challenges every day. Moderator - John Pironti, President, IP Architects, LLC John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). Mr. Pironti frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.
Panelist - Jennifer Lesser, Senior Manager Governance/Awareness and Training/Business Operation, PayPal Information Risk Management Panelist - Khalid Kark, Principal Analyst, Forrester Research Khalid's research primarily contributes to Forrester's offerings for the Security & Risk professional. He is a leading expert in information security program governance; security services; strategy; and governance, risk, and compliance (GRC) initiatives. Khalid's research focuses on building and maintaining effective security programs and making information security leaders more successful in their role. Khalid covers security service providers offering managed as well as pure consulting services. He also covers security governance and risk management topics such as security metrics, budgets, strategy, compliance, awareness, training, and organizational structure. Khalid also advises clients on security standards, industry and government regulations, and IT compliance. Khalid has codeveloped Forrester's information security framework and assessment methodology. Khalid has been widely quoted in the press, including such media outlets as Boston Globe, CSO Magazine, and The Wall Street Journal. Khalid is a frequent keynote speaker at national and international conferences. Panelist - Patrick Sweeney, Vice President of Product Management, SonicWALL Patrick Sweeney has over 20 years experience in high tech product management, product marketing, corporate marketing and sales development. Mr. Sweeney is SonicWALL’s Vice President, Product Management, where he oversees its Network Security, Content Security, Business Continuity and Policy & Management product lines. Previous positions include Vice President of Worldwide Marketing, Minerva Networks, Senior Manager of Product Marketing & Solutions Marketing for Silicon Graphics Inc, Director of Worldwide Sales & Marketing for Articulate Systems, and Senior Product Line Manager for Apple Computer. Mr. Sweeney holds an MBA from Santa Clara University, CA. Panelist - Bill Brown, Chief Information Officer, Iron Mountain William Brown was appointed chief information officer in September 2008 and oversees the company's deployment of information technology to serve critical business objectives. He has overall responsibility for core systems development, computing services and service provisioning for Iron Mountain customers. Joining Iron Mountain in August 2005, Brown has more than 25 years of management experience in information technology, operations/logistics and electronic commerce. Prior to Iron Mountain, he was a co-founder and executive vice president of PCs Compleat, a PC retailer/distributor acquired by CompUSA. He has also held senior management positions at PC Connection, Send.com, JWP/Businessland and Merisel. Brown holds a bachelor's degree in mathematics from Bridgewater State College and an MBA from Babson College. | |
2:00 PM–3:00 PM Location: Room 1E13 Virtualization impacts every major compliance standard and requires fundamental changes to security practices. What should this mean to you? This session will discuss what gaps are introduced in the move from physical to virtual where compliance is concerned, and prescribe specific steps to ensure compliance for production deployments. Regulatory areas discussed will include FISMA, DIACAP, PCI, HIPAA and SOX/GLBA. The session will also discuss how to build a framework for securing virtual data centers and private clouds, and how to take physical security constructs like Zones and propagate them to the virtual infrastructure to enable consistent security across the entire data center. You will learn how various hypervisor security architectures coupled with VM Introspection and automation can deliver dynamic, granular insights into security. Moderator - Michael Dortch, Director of Research, Focus I have spent more than three decades translating what technical people say and do into language that non-technical businesspeople and consumers can understand and upon which they can act. Before joining Focus as Director of Research, I was most recently Principal Analyst and Managing Editor of DortchOnIT.com, 'an independent voice for technology-dependent people.' I've also been a senior analyst at Aberdeen Group, Robert Frances Group (RFG), and Yankee Group. I've helped established and emerging vendors to craft go-to-market messages and strategies aligned with users' goals and needs, and companies of all sizes and types to choose and deploy IT solutions more successfully. In 1990, I wrote "The ABCs of Local-Area Networks" (remember those?), a book published internationally in three languages by Sybex, Inc. A transplanted "Noo Yawker," I work in San Francisco, live about 50 miles north in beautiful Santa Rosa and can be reached directly at mdortch@focus.com. Panelist - Amir Ben-Efraim, CEO, Altor Amir is CEO and co-founder of Altor Networks. Amir has over 18 years of experience in high-tech management, including marketing, business development and software engineering. Most recently, Amir was head of business development at Check Point Software where he led the company’s global BD efforts, including partnerships, OEMs, corporate strategy and M&A considerations. Previously, Amir was co-founder and senior vice president of marketing at Blue Wireless, a vendor of personalization software for telecommunication carriers. Prior to Blue Wireless, Amir led marketing initiatives at Netro Corporation, and simulation projects as lead software engineer at Amdahl Computers. Amir holds an M.B.A. from UCLA, an M.S. in Electrical Engineering from Stanford University and a B.S. in Electrical Engineering from UC Berkeley. Panelist - Eric Chiu, President and CEO, HyTrust, Inc. Eric Chiu is CEO and founder of HyTrust, is the leader in policy management and access control for virtual infrastructure. He has in-depth knowledge about what’s needed to achieve the same level of operational readiness in virtual as in physical I.T. infrastructures. Previously Eric served in executive roles at Cemaphore, MailFrontier, mySimon, and was a venture capitalist at Brentwood/Redpoint, Pinnacle, and M&A at Robertson, Stephens and Company. Panelist - Tamar Newberger, VP of Marketing, Catbird Tamar Newberger is the VP of Marketing at Catbird, responsible for the company’s efforts to increase user awareness around the security implications of moving from “P to V to C”. Ms. Newberger has over 20 years of experience in technology development, systems engineering and marketing, including UNIX development as a Member of Technical Staff at AT&T Bell Laboratories. As a systems engineer at UNIX Systems Laboratories (USL), she led the definition of SVR4.2 MP, the award-winning source code product which is at the heart of current mainstream UNIX. Ms. Newberger also worked at Novell in product planning for next-generation technologies and as the Director of Product Management at SCO. She holds MS and BA degrees in Computer Science from Columbia University in New York. | |
3:15 PM–4:15 PM Location: Room 1E10 While major wireless security concerns have long since left the front page, security is the one area in IT (and especially in mobile IT) where “done” is never achieved. New challenges and outright threats appear on a continual weekly basis, and it’s vital to keep up with the ever-changing security landscape. Our objective for this session is to look at the latest in mobile security threats, and how new solutions are enabling mobile users to go about their business without compromise to sensitive corporate assets. Moderator - Lisa Phifer, President, Core Competence Lisa has been involved in the design, implementation, and evaluation of networking, security, and management products for over 25 years. Since joining Core Competence in 1995, she has advised companies large and small regarding security needs, product assessment, and the use of emerging technologies and best practices. Lisa teaches about wireless LANs, mobile security, and virtual private networking, and has written extensively for numerous publications, including Wi-Fi Planet, Information Security, and SearchMobileComputing. Lisa's columns are published monthly by eSecurityPlanet, searchNetworking, and the AirWISE Community Security Center. Lisa holds an MS, Computer Science from Villanova University, and a BS in Computer Science from West Chester University. Panelist - Gopinath KN, Director of Engineering, AirTight Networks Gopinath KN (Gopi) has more than 12 years of experience in systems, networks and security. He has devoted the previous eight years of his life to understand wireless security issues and build cutting-edge security systems. He has several patents and technical publications to his credit. Gopi is a speaker and an author. He has delivered multi-day training sessions and speaks at popular international conferences. As an author, he contributes regularly to highly influential publications such as Network World, CWNP Blog, InfoSecurity Magazine, IDG Connect and Wireless Security Blog. Gopi has been a member of Bell Labs research, MH, NJ, and is currently Director of Engineering at Airtight Networks. Panelist - Chia-Chee Kuan, CTO, Senior VP of Engineering, AirMagnet Prior to co-founding AirMagnet in 2001 (now part of Fluke Networks through a 2009 acquisition), Mr. Kuan served as an advanced technical staff member at Packet Design LLC, since the company’s inception, where networking technology innovations were incubated and focused in the areas of Internet routing and wireless security. Prior to Packet Design, Mr. Kuan was the founding engineer at Precept Software, where he developed IP multicast and IP video streaming technologies. When Precept was later acquired by Cisco Systems, Mr. Kuan led Cisco Video Internet Service Unit (VISU) development team under the Cisco CTO’s Office. His career and experiences were devoted to computer networking especially in TCP/IP during the infancy of the Internet when ARPANET was just formed. Mr. Kuan's additional experience includes engineering design at Empirical Tools and Technologies, systems architecture at The Wollongong Group, and PC mail at the Networking and Communication Systems, Stanford University. He holds a Bachelor of Science in Information Engineering from National Taiwan University and a Master in Computer Science from Stanford University. Mr. Kuan also holds 10 US patents in the field of wireless security and performance management. Panelist - Matt Carrier, Mobility Evangelist, Sybase iAnwhere Matt Carrier offers more than a decade of experience in mobile communications and technology. He acts as a mobility evangelist on the importance of mobile collaboration, management and security, and application enablement within the enterprise. Matt's vast experience as a technical consultant in the U.S. and Europe has provided him with an in-depth understanding of the worldwide mobile and wireless market. Matt has advised many Fortune 500 companies on best practices and security strategies for mobile implementations. Matt is an experienced speaker and has delivered technical sessions at a variety of industry events including IBM Lotusphere and Sybase Techwave. Panelist - Khoi Nguyen, Group Product Manager, Mobile Security and Management Group, Symantec Corporation As the Group Product Manager for the Mobile Security and Management Group at Symantec, Khoi Nguyen is responsible for setting the strategic direction of major new product releases, helping to define the business strategy, setting the product roadmap, and managing the product management team. Nguyen earned his master’s in business administration from the UCLA Anderson School and MS in computer science from UCLA. During that time, Nguyen researched and designed new Internet protocols for “self-configuring and adaptive” Web Cache servers that were designed to reduce both network bandwidth and user response time on the Web. Nguyen is the co-author of “Adaptive Web Caching” in Computer Networks and ISDN Systems. Prior to Symantec , Nguyen co-founded Silvan Networks, which was funded by Sequoia Capital and developed peer-to-peer networking appliances for Internet Service Providers and Enterprises. Nguyen has also previously worked for PricewaterhouseCoopers as a Management Consultant in the Internet Strategy Practice. Nguyen earned his Bachelor of Science degree in Electrical Engineering and Computer Science from UC Berkeley. Panelist - Kevin Donovan, VP of Corporate Business Development, VASCO Data Security Kevin Donovan, Vice President of Corporate Business Development, joined VASCO in 2000 and has been a key member of VASCO’s team which has become the market leader in global authentication. Kevin has successfully managed global partner and customer relationships with some of the world’s best known organizations. Mr. Donovan has spoken at numerous security and banking summits. Kevin holds a degree from the University of Massachusetts in Marketing and an MBA from the University of Baltimore. | |
3:15 PM–4:15 PM Location: Room 1E09 There is continued pressure in today’s corporate environment to do more with less, to reduce costs and to become more agile in order to meet rapidly changing business demands in a difficult global economy. Outsourcing IT Security services is often senior management’s response to these challenging times, so the question is not if it will happen, but rather when and how it will happen, if it hasn’t already. However, has anything really changed, though? What is the true impact of the decision to outsource IT Security services? When IT Security is outsourced, what are the hidden challenges? This session will be presented from the perspective an enterprise security manager who has first-hand knowledge of how outsourcing certain IT Security services can help meet the resource and costs pressures of an organization without compromising its IT Security posture. Speaker - Jay Leek, Vice President, International Security, Equifax, Inc. Jay Leek, CISM, CISA, CISSP is currently the Vice President of International Security at Equifax. In this role, Jay is responsible for ensuring security programs, risks affecting business interests and regulatory matters are properly managed internationally. Prior to Equifax, Jay was at Nokia for 10 years where he headed up Corporate IT Security Services globally, and he was directly involved in the development and management of core information security services in addition to the negotiation and management of multi-million dollar IT security outsourcing relationships. Over the past 15 years, Jay has also worked as a product manager for information security vendors as well as a consultant to numerous telecommunications companies, government agencies and financial institutions assisting them with business development, strategic planning and architectural design required to meet their ICT and security objectives. Jay also acts as an industry advisor and member of advisory boards for information security organizations and government agencies, and he is an active contributor towards defining industry standards and/or best practices to address global enterprise information security challenges. He is also a frequent speaker on information security related topics at domestic and international conferences. | |
| Friday, October 22 | |
9:00 AM–10:00 AM Location: Room 1E09 Cloud computing is a cost effective and efficient way for enterprises to automate their processes. However organizations need to be aware of the pitfalls of the many cloud-computing solutions out there - one of the main ones being security. Most of these solutions were built for ease of use and without necessarily security in mind. Companies should ask the solution provider the security measures used in developing the application and get an independent verification to make sure there are no gaping holes. With over 75% of attacks occurring through the Web, any attack through these applications can lead to leakage of confidential information and embarrassment. This session will highlight the security considerations an organization needs to take into account when adopting cloud computing capabilities. Speaker - Lars Ewe, CTO and VP of Engineering, Cenzic Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management/marketing, and sales in a variety of different markets. Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts. | |
10:15 AM–11:15 AM Location: Room 1E09 This presentation will discuss 10 years of research and benchmarking of 1,000 organizations by the IT Process Institute, that uncovered the 20% of IT controls that deliver 80% of the performance improvement, as well as creating a sustainable and secure controls environment. Case studies of effective organizations will be discussed as well as observations and conclusions that where developed as a result of the research. Speaker - Dwayne Melancon, Vice President, Tripwire Inc. | |
11:30 AM–12:30 PM Location: Room 1E09 Recent data breaches have taught us that we cannot solely rely on Intrusion Prevention Systems (IPS) alone to identify security challenges. Enterprises need to take a proactive approach to securing their network and applications by implementing a log management system that allows for real time access to data and reports so problems can be stopped before they start. This session will discuss the current industry leading methods and practices for log management. Speaker - Ben Goodman, Principal Strategist, Identity, Compliance and Security, Novell As Novell's Principal Strategist for Identity, Compliance and Security, Ben works closely with the executives of Novell's largest customers to understand their business and to share Novell Strategy. He works closely with Novell Research and development to ensure Novell's technical roadmaps align with customer business needs. With nearly 15 years of successful experience in the design and implementation of advanced Information Technology, Ben Goodman has developed a sharp eye for how businesses get the most out of their IT Investments, making their businesses more efficient, agile, and secure. | |
Workshops
Get in-depth Information Security and Risk Management education in full day workshops on Monday and Tuesday before the conference.
| Monday, October 18 | |
|---|---|
9:00 AM–4:30 PM Location: Room 1E09 IT security technology is extremely dynamic in nature. Not only do new and improved security technologies constantly emerge, but some technologies become increasingly prevalent, whereas others fall by the wayside. Furthermore, many information security experts believe that we have been using the same basic security measures over the last 20 years and that this is one of the major reasons for the growing gap between actual risk and managed risk. The technology arena is not excepted from this view. Because technology is so critical in mitigating information security-related risk, keeping in touch with security technologies (especially new and emerging ones), understanding their real functionality, capabilities, limitations, and potential for improvement despite all the hype that surrounds them, understanding environments and contexts in which they are most likely to be successful, and learning how to develop an effective strategy for deploying and phasing in these technologies is essential. Instructor - Eugene Schultz, CISM, CISSP, Chief Technology Officer, Emagined Security Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 120 published papers. Gene was the Editor-in-Chief of _Computers and Security_ from 2002 - 2007, is currently on the editorial board for this journal, and is an associate editor of _Network Security_. He is also a SANS instructor, member of the SANS NewsBites editorial board, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. A Distinguished Fellow of the Information Systems Security Association (ISSA), Gene has also been named to the ISSA Hall of Fame and has received ISSA's Professional Achievement and Honor Roll Awards. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases. | |
| Tuesday, October 19 | |
9:00 AM–4:30 PM Location: Room 1E09 Windows 7 is set to inherit the XP kingdom: attend this session and lean the security tricks needed to keep your kingdom safe. You'll understand Microsoft's new security model and how to make it work for you. Be dazzled by over 300 diagnostic tools built in Win 7, which can make you a Diagnostic Demon! Understand where the hidden folder system is that your files and programs are installed and where the registry hides your setting. (Hint: they don't exist in XP!) You'll learn unique optional security setting to really secure Win 7 so you comply with the Federal security regulations. None of these setting are on by default, all are deep screened and all increase your security for Free. Finish by constructing a self booting USB copy of Win 7 that can be used for enterprise rollout, diagnostic or just a great OS on a stick. Using information gathered from multiple sources - including private discussions with developers, inside MS sources and personal investigation — this workshop will help you understand the next generation of Microsoft clients NOW! Hear from past attendees of Securing Windows 7: -One of the best, if not the best, workshops that I have attended. Brad was very organized with clear objectives and plenty of time for questions. He had many demos during the workshop and tips and software recommendations. Very good workshop. -Brad was very informative. He made his presentation with style and pizazz. He was very knowledgable on all subjects discussed. -This was an excellent course. The information was highly relevant Brad is a fantastic instructor. Energetic and extremely knowledgeable. Thanks for a great class. -Kept the session entertaining. A good amount of information was given as well as links to applications, and information. -Brad is a very good instructor/speaker. I've been taking his workshops for a few years now and learn something new every time. -Brad exposed the underbelly of Windows 7 and its tools, A lot of what is not advertised he showed me. Excellent. -Brad Smith is an exciting presenter who draws you in and gets you as excited about his topics as he is. I wished he had more sessions so I could just go to all of his! -Mr. Smith is enthusiastic, knowledgeable and entertaining. I found it refreshing that the instructor was not employed by the vendor (Microsoft) and enjoyed learning the topic from a non-sales point of view. Instructor - Brad Smith, Director, Computer Institute of the Rockies Brad started working with computers in 1972, was featured in 1995 HIMSS - Microsoft Medical Software section and in 2005 was named the Microsoft Small Business Solution Provider Partner of the Year, an award given to only one small business for the entire world. Having helped craft the HIPAA law, Brad works with rural medical facilities helping them meet this complex and needed law, without going broke. He is a frequent lecturer on security topics at national conferences. Brad has been selected to speak at Defcon 18, thousands of people apply to speak and it has one of the highest rejection rates, but this is not Brad's first dance. He is a repeat speaker there and who could resist " Weaponizing Lady GaGa" and psychosonic weapons demonstrations. | |
Free Information Security and Risk Management Sessions
All Interop attendees can choose from a full calendar of free sessions Wednesday and Thursday including the following covering Information Security and Risk Management:
| Wednesday, October 20 | |
|---|---|
11:00 AM–11:20 AM Location: Cloud Zone Theater As you consider the most secure and cost-effective ways to take advantage of cloud computing in your enterprise, there are several factors you should assess for your strategy. Attend this session to learn about the technical, operations and business decisions that are the keys to a successful cloud implementation. Speaker - Bob Lamendola, Vice President, Client Services, mindSHIFT As Vice President, Client Services at mindSHIFT Technologies, Bob Lamendola is responsible for delivering network infrastructure solutions for clients. Bob’s role includes directing the teams responsible for designing the client solution to meet specifications, architecting its implementation and delivering the final product on time and on budget. | |
12:00 PM–12:45 PM Location: Interopnet classroom | |
1:00 PM–1:20 PM Location: Cloud Zone Theater Server memory is a critical resource constraint in datacenters and as demand for virtualization and cloud applications continues to increase; this limitation will have economic and operational impact. This presentation explores the new HyperCloud memory technology from Netlist and how it can maximize server utilization, improve productivity and reduce TCO. Speaker - Christopher Lopes, CoFounder and VP Sales, Netlist
Mr. Lopes has 28 years of sales management, applications and design experience with Toshiba America, Philips Semiconductor, LSI Logic and Xicor and began his career as a systems design engineer at Lockheed Missiles & Space. Mr. Lopes has a BS in Electrical Engineering from California State University, Sacramento, and holds an MBA from Santa Clara University. | |
1:40 PM–2:00 PM Location: Cloud Zone Theater Today, innovative, multi-vector techniques are attempted on virtually everyone connected to the Internet - leaving computers wide open for exploitation. This session will take a look at the emerging Web threats plaguing businesses today. Attendees will learn what they can do to better shore up their defenses and lessen threat exposure. Speaker - Joel Smith, Chief Technology Officer, AppRiver Joel Smith co-founded AppRiver with CEO Michael Murdoch in 2002, bringing with him more than a decade of experience in the technology sector where he focused primarily on network security and e-mail efficiency. Since AppRiver’s inception, Smith has made it a priority to create and deliver mission-critical applications via a SaaS model. Working alongside a creative 25-person R&D staff, Smith has led the charge to bring secure messaging and Web solutions to more than 45,000 customers worldwide. | |
2:00 PM–2:45 PM Location: Free Ed Room 1 Learn how SIEM and real-time, in memory, analytics combine to capture, correlate and respond to network attacks and insider abuse. See automated responses to network attacks, policy violations, inappropriate web browsing and USB device usage. Hear how mid-sized enterprises use SIEM to meet regulatory compliance initiatives and gain network control. Speaker - Jamie Winterset, VP of Sales, TriGeo Network Security | |
| Thursday, October 21 | |
11:40 AM–12:00 PM Location: Cloud Zone Theater Description to come. Speaker - Babak Pasdar, President, CEO and Chief Technologist, Bat Blue Corporation Babak Pasdar, is a 24 year veteran of the technology industry and is recognized industry-wide as an emerging technology evangelist. He has a proven track record in both identifying early stage technologies that address emerging client requirements and building successful technology organizations, Cybernex and IGX Global. Bat Blue is his third successful startup. | |
Information Security and Risk Management Exhibitors
See all the latest IT solutions at Interop's comprehensive expo, with 150+ technology companies including leading Information Security and Risk Management vendors.
Click on a column header to re-sort the exhibitor list:
A | B | C | D | E | G | H | I | K | L | M | N | P | R | S | T | V | W| Company | Booth |
|---|---|
| AEP Networks
AEP Networks is a leading provider of specialist end-to-end communications solutions which enhanced voice and data communications at critical points of operation where security is paramont and the consequence of loss would be severe. AEP's solutions have been chosen by blue-chip customers in over 60 countries. Address Website Products/Services Offered
Companies Served
|
606 |
| AppRiver
AppRiver is a software-as-a-service (SaaS) provider offering secure messaging and Web solutions to businesses of any size. In addition to spam and virus protection, the company provides e-mail encryption, Web security solutions and a complete managed service for Microsoft® Exchange Address Website Social Networks Products/Services Offered
Companies Served
|
505 |
| Astaro Corporation
Astaro combines best-of-breed applications, proven quality of Linux and enterprise-level performance to provide unparalleled Network, Web and Email security. Software, hardware and virtual appliances give flexibility for many deployment scenarios. With by over 3,000 resellers, Astaro protects over 100,000 networks in 60 countries. Address Website Social Networks Products/Services Offered
Companies Served
|
629 |
| Barracuda Networks
Address Website Products/Services Offered
|
743 |
| Bat Blue Corporation
Bat Blue Corporation provides network consultancy, IP services and security solutions. Bat Blue's “In-the-Cloud” offering, CloudSec, eliminates capital and hardware costs, reduces risk and benefits from a centralized interface. BlueNET IP network provides a true 10Gig network that leverages terabit carrier-grade fully redundant infrastructure. Address Website Social Networks Products/Services Offered
Companies Served
|
713 |
| Ciphertex
Ciphertex offers powerful, affordable data security products and services to companies and businesses around the world. Our products feature the highest levels of hardware−based encryption solutions.Today´s larger digital media capacities, increased data mobility, and growing security concerns demand comprehensive, endpoint, hardware−based encryption. Address Website Products/Services Offered
Companies Served
|
737 |
| Cisco
Cisco unveils capabilities to maximize participation anytime, anywhere, to any device, securely, reliably and seamlessly, and delivered through virtualized and cloud-based services. With innovations for the network and the data center, Cisco delivers new technologies, solutions, and services that enable transformational business models. Address Website Social Networks Products/Services Offered
Companies Served
|
121 |
| Clearswift
Clearswift is a global information security company with over 20 years experience delivering enterprise-class, government grade, email and Web content security solutions. Its unified security solutions enable more than 17,000 organizations worldwide to manage and maintain no-compromise data, e-mail and web security across all gateways and in all directions. Address Website Products/Services Offered
|
848 |
| Comodo Group Inc.
Address Website Products/Services Offered
|
729 |
| Cyberoam
Address Website Products/Services Offered
|
843 |
| Cymphonix
Address Website Products/Services Offered
|
724 |
| Datacom Systems
Datacom Systems is a leading manufacturer of data capture infrastructure for increased network access and visibility. A critical part of the computer network, data capture infrastructure provides copies of network traffic to monitoring tools for network, security, and application analysis. Datacom products are compatible with all vendor's monitoring deployments. Address Website Social Networks Products/Services Offered
Companies Served
|
250 |
| EMC Corporation
EMC Ionix (formerly Smarts and Voyence) network management solutions improve availability and performance, and increase operational efficiency—which save you time and money. They do this by automating root-cause analysis; service and infrastructure monitoring; network configuration, change, and compliance management (including Vblocks); and reporting across physical, virtual & Cloud environments. Address Website Social Networks Products/Services Offered
Companies Served
|
345 |
| Emulex Corporation
Emulex (NYSE:ELX) is the leader in converged networking solutions for the data center. Emulex provides a single framework that intelligently connects every server, network and storage device within the data center. Emulex's portfolio of controller chips, adapters, blades and connectivity solutions are trusted by the world's largest IT environments. www.emulex.com Address Website Social Networks Products/Services Offered
Companies Served
|
443 |
| Enterasys Networks and PTS Data Center Solutions
Provider About PTS Data Center Solutions Experts for Your Always Available Data Center. PTS Data Center Solutions specializes in the business strategy, planning, designing, engineering, constructing, commissioning, implementing, maintaining, and managing of data center and computer room environments from both the facility and IT perspectives. Address Website Social Networks Products/Services Offered
Companies Served
|
756 |
| Ezenia Inc.
Ezenia is proud and excited to be at the forefront of some of the most sophisticated collaboration products available today. Ezenia’s products are developed to provide people with the technology they need to work together regardless of their location, to make them more effective and efficient. Address Website Products/Services Offered
Companies Served
|
842 |
| Gigamon
Gigamon provides secure access and complete visibility to all your data anywhere, anytime, while lowering the total cost of network management. Gigamon’s product suite seamlessly aggregates, filters and replicates traffic of interest from 1Gbps and 10Gbps tapped links and mirror ports to multiple monitoring and security tools. Address Website Social Networks Products/Services Offered
Companies Served
|
630 |
| HotLava Systems
HotLava Systems designs and manufactures innovative, server class multi-port Gigabit and 10-Gigabit Ethernet adapters that meet the bandwidth, space, and power consumption requirements of the most demanding networks. Our products are natively-supported by virtually all operating systems and deliver more productivity by reducing or eliminating network interface congestion. Address Website Products/Services Offered
|
823 |
| HP
Provider HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. The world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure to solve customer problems. Address Website Social Networks Products/Services Offered
Companies Served
|
716 |
| Interface Masters Technologies
Address Website Products/Services Offered
|
745 |
| IPC Technologies, Inc/ShoreTel
IPC Technologies, founded in 1981 has been at the forefront of offering best of breed products and services to companies all over the world. Based in the Capitol Region, IPC is focused on becoming the leading provider of communications products with ShoreTel, Aerohive, LifeSize and TechFirst Cloud Services. Address Website Products/Services Offered
Companies Served
|
349 |
| Kerio Technologies, Inc.
Address Website Products/Services Offered
|
749 |
| Logicube
A global manufacturer of hard drive duplication and eForensics systems, Logicube delivers feature-rich and reliable solutions. Our duplication product family features handheld one-to-one devices as well as production-class systems for multi-target hard drive cloning. Our eForensic product family includes data capturing solutions for computers, cellphones & PDAs. Address Website Products/Services Offered
Companies Served
|
454 |
| McAfee
Provider Address Website Products/Services Offered
|
642 |
| Microsemi/PowerDsine
Microsemi's PowerDsine® midspans enable Ethernet switches to deliver up to 72 watts of reliable power. Exclusive PowerView Pro™ platform provides remote control, reboot and full power monitoring of network operations. PowerDsine technology is a major driver of 802.3af and 802.3at standards, the leader in High Power Midspans. Address Website Products/Services Offered
Companies Served
|
825 |
| Microsoft
Address Website Products/Services Offered
|
411 |
| Napatech
Napatech develops and markets the world's most advanced 1Gig and 10Gig programmable Ethernet network adapters for network traffic analysis and application off-loading. Napatech is the leading OEM supplier of Ethernet network acceleration adapter hardware with an installed base of more than 60,000 ports. Address Website Products/Services Offered
Companies Served
|
455 |
| Nero, Inc.
Nero excels your multimedia power with a collection of three products bundled into one powerful suite. It’s loaded with advanced video editing features, media organizer and player, superior burning software, reliable backup technology, and special multimedia tools to enhance your music, photos and videos. Address Website Social Networks Products/Services Offered
Companies Served
|
456 |
| Net Optics, Inc.
Provider Net Optics, the global leader in intelligent network access solutions, enables more than 6,300 organizations to enhance network performance and security while supporting regulatory compliance. The company offers innovative monitoring access and intrusion prevention solutions, protocol analyzers, firewalls, and network probes and maintains a worldwide reseller network. Address Website Social Networks Products/Services Offered
Companies Served
|
542 |
| Processor
Processor is a bi-weekly print publication designed for people managing and purchasing equipment for data centers. Processor’s content is comprehensive but presented in a quick, easy-to-read format, so readers can keep up with new data center products and technologies. Address Website Social Networks Products/Services Offered
Companies Served
|
829 |
| Rackspace
Rackspace provides on-demand and scalable website, application and storage hosting backed by Fanatical Support®. Through an integrated suite of cloud solutions, The Rackspace Cloud enables developers and IT managers to trade the hassles, upfront investments and high costs for a hosting environment that scales easily when traffic fluctuates. Address Website Products/Services Offered
Companies Served
|
401 |
| Safari Books Online
Safari Books Online is an on-demand digital library that provides one integrated source for over 10,000 expert reference and learning materials from leading publishers. The site includes exclusive access to the collections of O’Reilly Media, Addison-Wesley, Prentice Hall, Cisco Press, Adobe Press and many others. Address Website Social Networks Products/Services Offered
Companies Served
|
722 |
| Terremark Worldwide
Terremark Worldwide is a leading global provider of IT infrastructure services delivered on the industry's most robust and advanced technology platform. Leveraging data centers worldwide with access to massive and diverse network connectivity, a comprehensive suite of managed solutions including cloud computing, managed hosting, colocation, security and data storage services. Address Website Social Networks Products/Services Offered
Companies Served
|
511 |
| Tools4ever, Inc.
Tools4ever offers quality, scalable productivity solutions for the Windows system administrator with a focus on User Provisioning, Life Cycle, Identity and Password management.Tools4ever is a Microsoft Certified Gold Partner serving more than 5,000 clients and is committed to delivering superior products and outstanding customer support from offices worldwide. Address Website Social Networks Products/Services Offered
Companies Served
|
656 |
| TriGeo Network Security
TriGeo Network Security delivers enterprise security information and event management designed specifically for the mid-market. TriGeo combines real-time log management, event correlation and end-point security with unique active response technology. This award-winning product delivers an "Audit-Proven" compliance solution that meets security requirements imposed by PCI, GLBA, HIPAA and more. Address Website Social Networks Products/Services Offered
Companies Served
|
637 |
| VU Technologies
Address Website Products/Services Offered
|
Social networks simultaneously offer huge business benefits and unheard of security risks. How can enterprises effectively use social networks while not putting their security and data at risk? This session will detail the significant security and privacy risks that social networks create, and will also provides detailed guidance on ways organizations and individuals can use social networks in a safe and secure manner.
Ben Rothke, CISSP CISA is a New York City based senior security consultant with BT Professional Services and has over 15 years of industry experience in information systems security and privacy.