Focus on Security
Security Sponsored by:
Information security continues to evolve beyond traditional technologically-focused controls into meaningful risk-oriented, business-aligned capabilities and information risk management. Learn how to build a business-aligned approach to information risk management, governance and compliance to be successful.
Security in the Conference
Business Resiliency: Are You Really Prepared?Wednesday, November 18 — 11:00 AM–12:00 PM
Location: 1E08
Business Resiliency is the maturation and amalgamation of the individual processes of Crisis Management, Incident Response, Business Continuance, and Disaster Recovery into one succinct set of processes and capabilities that work collectively instead of independently. This combination allows organizations to have minimal disruption in the event of a business-impacting incident that affects the entire organization instead of one that involves specific information infrastructure areas. When evaluating these capabilities, it is important to understand that they only are as effective as the proactive planning and considerations that go into their development. Too often, planning accounts for only the most obvious considerations and does not incorporate crucial and essential considerations that have the most impact. This session will discuss the key elements of business resiliency and the considerations that should be made when developing or maturing this capability.
Location: 1E08
Business Resiliency is the maturation and amalgamation of the individual processes of Crisis Management, Incident Response, Business Continuance, and Disaster Recovery into one succinct set of processes and capabilities that work collectively instead of independently. This combination allows organizations to have minimal disruption in the event of a business-impacting incident that affects the entire organization instead of one that involves specific information infrastructure areas. When evaluating these capabilities, it is important to understand that they only are as effective as the proactive planning and considerations that go into their development. Too often, planning accounts for only the most obvious considerations and does not incorporate crucial and essential considerations that have the most impact. This session will discuss the key elements of business resiliency and the considerations that should be made when developing or maturing this capability.
Speaker - John Pironti, Chief Information Risk Strategist, Archer Technologies
John P. Pironti is the Chief Information Risk Strategist for Archer Technologies. In this role, John consults with Fortune 1000 executives on IT-GRC and information security issues and initiatives, evangelizes product concepts in the marketplace to gather feedback, and collaborates with Archer's product experts to translate industry needs into technology solutions. John has been designing and implementing highly secure, mission-critical, globally oriented enterprise information infrastructure solutions for more than 18 years. He has worked extensively on a global basis in the aerospace, financial services, government, healthcare, hospitality, insurance, publishing, media and entertainment and telecommunications industries. He is a frequent speaker at industry conferences, both domestic and international, on electronic business and information security topics, and is also a published author and writer.
Cover Your Assets: Real Time Application Security Assessment and ProtectionWednesday, November 18 — 1:30–2:30 PM
Location: 1E08
A new threat vector has emerged that easily bypasses network security constructs and can destroy a brand. Armed with a Web browser, the new class of attackers can circumvent authentication mechanisms, steal identities and otherwise take advantage of vulnerable Web applications. And yet, companies depend on these websites for revenue, branding and business-to-business commerce. Addressing risk requires a two-pronged approach that enables business as usual while protecting against the new class of threats.
This session includes:
* Live demonstration of Web application hacking * Making a business case for application security * The key steps/technologies for risk management * Real-world examples
Location: 1E08
A new threat vector has emerged that easily bypasses network security constructs and can destroy a brand. Armed with a Web browser, the new class of attackers can circumvent authentication mechanisms, steal identities and otherwise take advantage of vulnerable Web applications. And yet, companies depend on these websites for revenue, branding and business-to-business commerce. Addressing risk requires a two-pronged approach that enables business as usual while protecting against the new class of threats.
This session includes:
* Live demonstration of Web application hacking * Making a business case for application security * The key steps/technologies for risk management * Real-world examples
Speaker - Brian Contos, Chief Security Strategist , Imperva
Brian Contos, Chief Security Strategist, Imperva Mr. Contos has over fourteen-years of real-world security engineering and management expertise developed in some of the most sensitive and mission-critical environments in the world. As the chief security strategist for Imperva he advises government organizations, F1000s and G2000s on security strategy related to application and data security while being an evangelist for the security space. He has written two security books including Enemy at the Water Cooler - Real Life Stories of Insider Threats and Physical and Logical Security Convergence which was co-authored with the former Deputy Director of the NSA - Bill Crowell. He is an active security blogger, host of the Imperva Security Podcast, and has delivered countless speeches around the globe at shows like RSA, Interop, OWASP, CSI, and others. He is regarded as a security expert, often quoted by the media, and has written articles for Forbes, the London Times, Computerworld, Sarbanes-Oxley Compliance Journal and many others. Mr. Contos was formerly at ArcSight where he served as their Chief Security Officer for almost seven years, and has held management and engineering positions at Riptech (now Symantec), Bell Labs, Tandem Computers (now HP), and the Defense Information Systems Agency (DISA).
Speaker - Jeremiah Grossman, Founder and CTO , White Hat Security
Jeremiah Grossman founded WhiteHat Security in August 2001. A world-renowned expert in Web security, Mr. Grossman is a founder of the Web Application Security Consortium (WASC), and was named to InfoWorld's Top 25 CTOs for 2007. Mr. Grossman is a frequent speaker at industry events including the Black Hat Briefings, RSA Conference, ISACA, CSI, InfoSec World, OWASP, ISSA, and Defcon as well as a number of large universities. He has authored dozens of articles and white papers, is credited with the discovery of many cutting-edge attack and defensive techniques and is a co-author of XSS Attacks: Cross Site Scripting Exploits and Defense. Mr. Grossman is frequently quoted in major media outlets such as USA Today, the Washington Post, The Financial Times, InformationWeek, InfoWorld, USA Today, PC World, Dark Reading, SC Magazine, CNET, CSO and NBC news. He frequently alerts the media community to the latest attacks and is not only able to offer in-depth commentary, but also provide his perspective of what's to come. Mr. Grossman was named a "friend of Google" and is also an influential blogger (www.jeremiahgrossman.blogspot.com) who offers insight and encourages open dialogue regarding current research and vulnerability trend information. Prior to WhiteHat, Mr. Grossman was an information security officer at Yahoo! responsible for performing security reviews on the company's hundreds of websites. Before Yahoo!, Mr. Grossman worked for Amgen, Inc.
Five Common Mistakes in Securing Web ApplicationsWednesday, November 18 — 2:45–3:45 PM
Location: 1E08
Many organizations lack an overall sense of the best practices for deploying and securing web applications. Despite security practices addressing vulnerability types present within the OWASP and WASC threat classifications, a number of common mistakes are still being made. We will look at five common mistakes that are made when securing web applications and the impact of design flaws on the overall security of an application. Issues such as client-side trust relationships, failure to properly secure application redirection mechanisms, and other elements that can quickly undermine the security of an application, even when diligent security practices are in place will be addressed.
Location: 1E08
Many organizations lack an overall sense of the best practices for deploying and securing web applications. Despite security practices addressing vulnerability types present within the OWASP and WASC threat classifications, a number of common mistakes are still being made. We will look at five common mistakes that are made when securing web applications and the impact of design flaws on the overall security of an application. Issues such as client-side trust relationships, failure to properly secure application redirection mechanisms, and other elements that can quickly undermine the security of an application, even when diligent security practices are in place will be addressed.
Speaker - Lars Ewe, CTO, Cenzic
Lars Ewe is a technology executive with broad background in (web) application development and security, middleware infrastructure, software development and application/system manageability technologies. Throughout his career Lars has held key positions in engineering, product management/marketing, and sales in a variety of different markets. Background Prior to Cenzic, Lars was software development director at Advanced Micro Devices, Inc., responsible for AMD's overall systems manageability and related security strategy and all related engineering efforts. Lars was also AMD's representative to the board of directors of the Distributed Management Task Force (www.dmtf.org). Before AMD, Lars was senior director at Borland Software Corp., where he managed worldwide server software pre-sales, technical services, and key partner relationships. Prior to Borland he held key positions at Oracle Corporation's Server Technologies Division and Webgain. Education Lars has Bachelor of Science and Master of Science degrees in Mechanical Engineering from the Technical University of Munich, Germany.
Privacy in the Clouds: A Governance Storm is BrewingWednesday, November 18 — 4:00–5:00 PM
Location: 1E08
Cloud computing is predicted as a natural extension of Web 2.0 with emphasis on openness, interoperability, and better IT economics. There is also an increasingly dark lining to this silver cloud in the form of personal data privacy risk and new business liabilities as a result of cloud dependence. This session not only helps draw the cloud as a business movement but illustrates the inherent data risks of even being there. The session will also highlight the growing global compliance risks and costs as they consider Web 2.0 and cloud computing for their enterprise.
Location: 1E08
Cloud computing is predicted as a natural extension of Web 2.0 with emphasis on openness, interoperability, and better IT economics. There is also an increasingly dark lining to this silver cloud in the form of personal data privacy risk and new business liabilities as a result of cloud dependence. This session not only helps draw the cloud as a business movement but illustrates the inherent data risks of even being there. The session will also highlight the growing global compliance risks and costs as they consider Web 2.0 and cloud computing for their enterprise.
Speaker - Drew Bartkiewicz, Vice President of Cyber Risk and New Media Markets , The Hartford
Drew Bartkiewicz, serves as Vice President of Technology and New Media Markets, of The Hartford. Drew has 18 years in the Software, Social Media, and Business Risk fields with companies such as BroadVision, salesforce.com, The Hartford, and United Technologies. Drew has written and lectured extensively on Internet and technology business trends over the past decade. He was a participating author in the Brookings Institution book on technology and economics, Unseen Wealth (published in 2001). He is currently a board member of the Online Reputation Management Association and is an active writer / speaker in the area of IT risk, laws, and governance. During the Web 1.0 and Personalization decade of the Internet, Drew worked extensively with the following organizations' e-commerce initiatives: GE Capital, Home Depot, UBS, Barclays, Walmart, Bank of America, Blue Cross, Nike, Maidenform, Time Warner, Fox, MTV, Telecom Italia, Primedia, GE Supply, Citigroup, e-Trade, Bear Stearns, and Credit Suisse. During the Web 2.0 evolution Drew has already underwritten the risks of emerging areas such as social networks, video advertising, internet and data privacy liability. Drew is a graduate of the United States Military Academy at West Point and has an MBA from the Yale School of Management. He is currently working on the book, Unseen Liability, The Economics of Technology Risk and Information Malpractice, due in 2010.
Your Employees Are Roaming - Is Your Confidential Information?Thursday, November 19 — 9:00–10:00 AM
Location: 1E08
Corporate networks extend beyond office walls. Users access the Web from laptops or mobile devices in airports, hotels and more, and continue to leverage their personal devices for business. This sparks heightened security concerns in the enterprise. This panel explores the expanding corporate perimeter and how to ensure that even while employees roam, sensitive corporate data is not compromised.
Location: 1E08
Corporate networks extend beyond office walls. Users access the Web from laptops or mobile devices in airports, hotels and more, and continue to leverage their personal devices for business. This sparks heightened security concerns in the enterprise. This panel explores the expanding corporate perimeter and how to ensure that even while employees roam, sensitive corporate data is not compromised.
Speaker - Paul Judge, CTO, Purewire
Speaker - Paul Roberts, Senior Security Analyst, The 451 Group
Mining for Value in the Data Log Fire Hose: Top Five Governance, Risk and Compliance Metrics in LogsThursday, November 19 — 10:15–11:15 AM
Location: 1E08
Logging has quickly become an important requirement for governance risk and compliance and information security management. Unfortunately most organizations are overwhelmed by both the volume of logs they are examining and data included in them. In order to be an effective tool, an organization has to try to make sense of and derive business and technical value from their logs. If you could only choose five log-based metrics to assess the health of your information security, risk, and compliance posture, what would they be? This session will describe which logs and what log metrics will tell you the most and how to derive knowledge and value from them - even if you look for nothing else.
Location: 1E08
Logging has quickly become an important requirement for governance risk and compliance and information security management. Unfortunately most organizations are overwhelmed by both the volume of logs they are examining and data included in them. In order to be an effective tool, an organization has to try to make sense of and derive business and technical value from their logs. If you could only choose five log-based metrics to assess the health of your information security, risk, and compliance posture, what would they be? This session will describe which logs and what log metrics will tell you the most and how to derive knowledge and value from them - even if you look for nothing else.
Speaker - Paul Stamp, Senior Product Manager , RSA
Paul Stamp is the Senior Manager of Product Marketing for the Information and Event Management Group at RSA. In this role, Paul is responsible for reinforcing RSA's position as a market leader in the Security Information and Event Management space. Paul has been active in the information security industry for the past 11 years, and is regularly featured in the media, including NPR Marketplace, Wall Street Journal, New York Times, Washington Post and a host of industry publications. Prior to joining RSA, Paul was Principal Analyst for Forrester Research, covering security information and event management and data security, and a security architect with Unisys Corporation. Paul holds an MA (Oxon) in Mathematics from Oxford University.
Using an Emerging Industry Standard (SCAP) to Automate and Accelerate Vulnerability Management Thursday, November 19 — 11:30 AM–12:30 PM
Location: 1E08
Managing, prioritizing, and remediating all the vulnerabilities in an information technology environment traditionally has been a time consuming, manual, laborious and costly ongoing activity. With the emergence of a suite of standards known as SCAP, it is now possible to identify, evaluate, assess, and report on vulnerabilities automatically. Hear a case study from one company that has saved multiple man-years of effort, annually, automating this process using simple tools using with these new standards.
Location: 1E08
Managing, prioritizing, and remediating all the vulnerabilities in an information technology environment traditionally has been a time consuming, manual, laborious and costly ongoing activity. With the emergence of a suite of standards known as SCAP, it is now possible to identify, evaluate, assess, and report on vulnerabilities automatically. Hear a case study from one company that has saved multiple man-years of effort, annually, automating this process using simple tools using with these new standards.
Speaker - Elliot Glazer, Director, KPMG
Mr. Glazer has over 25 years of Information Technology experience, including over 20 years of software development and 10 years in information security. He is currently Director of Security Architecture at KPMG. He is responsible for creating and leading new solutions for Vulnerability Management, Threat and Vulnerability Assessment, Software Security, and other solutions. Previously, Elliott was Director of Security Architecture at the Depository Trust and Clearing Corporation, a company which clears and settles over $1.8 quadrillion of value in brokerage, bond and other securities. Elliott was responsible for Threat and Vulnerability Assessment, Security Monitoring, and Software Security programs among other initiatives. Prior, Elliott was responsible for Security Solutions at American Express Corporation including single sign on and SOX compliance, Private Payments, and online customer servicing. He held many roles while their including leading enterprise technical architecture, and distributed operations. Prior to this, Elliott was responsible for the future technology labs at Citigroup. Mr. Glazer is named on or has pending over 15 patents in the areas of internet technology, security and privacy as well.
The Risks and Opportunities of Open Source Security ToolsThursday, November 19 — 3:00–4:00 PM
Location: 1E08
The landscape for open source security tools is constantly changing and covers a myriad of aspects of the security world. We will discuss the current "state of the union" in the world of open source security tools, including the latest-and-greatest advancements, what is coming on the horizon, where there is room for improvement, and proposing some new ideas and concepts to address the greatest weaknesses in the realm of open source security tools.
Location: 1E08
The landscape for open source security tools is constantly changing and covers a myriad of aspects of the security world. We will discuss the current "state of the union" in the world of open source security tools, including the latest-and-greatest advancements, what is coming on the horizon, where there is room for improvement, and proposing some new ideas and concepts to address the greatest weaknesses in the realm of open source security tools.
Speaker - Jay Jacobson, CEO, Edgeos
Jay is an innovator, serial-entrepreneur, and seasoned technology business executive with extensive experience in the information security, Internet, software, networking, and telecommunications industries. During Jay's career, he has founded and led more than six technology companies and has held key positions at several Fortune 500 enterprises, including American Express, AT&T, Cox Communications, and Sprint. Presently, Jay is the CEO of Edgeos, Inc., the company that created and leads the private-labeled network security and vulnerability assessment industry. Additionally, Jay is a board member or strategic advisor to several corporations, industry groups, and universities. Some career highlights include: ? Founded and led an information and network security company which has helped customers identify vulnerabilities on thousands of networks spanning across six continents around the world. ? Invented network security industry's first technologies for zero-overhead internal vulnerability assessments. ? Invented technologies to create a new market and industry for private-labeled network security assessments. ? Invented Internet routing intelligence technologies to optimize global telecom backbone networks. Results are 30% decreased costs and 400% performance improvement. ? Invented technologies and business systems to transparently integrate thousands of autonomous ISP backend networks across the country into a unified operations structure. ? Invented MirrorDot, a proof-of-concept system for massive global content distribution. MirrorDot successfully served over 10 million visitors from around the world, in a single day, using only two old 700 MHz servers. ? Instrumental to telecom carrier's growth from startup to the sixth largest national Internet backbone carrier. Annual revenues grew from $0 to over $120 million.
Integrating Mobility into Your Network Operations CenterFriday, November 20 — 10:15–11:15 AM
Location: 1E08
IT and operations managers who have gone mobile know that the benefits are great, but so are the challenges involved. This session will examine the tactical options for integrating mobility into existing network and system operations processes. From unified wired/wireless management to mobile device management, collaborative systems, and security across the entire network and user value chain, this panel will address key opportunities, examine best practices, and offer actionable advice on how to leverage integrated management to get the most from mobility today and tomorrow.
Location: 1E08
IT and operations managers who have gone mobile know that the benefits are great, but so are the challenges involved. This session will examine the tactical options for integrating mobility into existing network and system operations processes. From unified wired/wireless management to mobile device management, collaborative systems, and security across the entire network and user value chain, this panel will address key opportunities, examine best practices, and offer actionable advice on how to leverage integrated management to get the most from mobility today and tomorrow.
Moderator - Lisa Phifer, President, Core Competence Inc.
Lisa Phifer is President of Core Competence, a consulting firm focused on business use of emerging network and security technologies. At Core Competence, Lisa draws upon nearly 30 years of network design, implementation, and testing experience to provide services ranging from vulnerability assessment and product evaluation to user education and white paper development. She has advised companies large and small regarding use of network technologies and security best practices to manage risk and meet business needs. Lisa teaches and writes extensively about many technologies, including wireless/mobile security, IPS, VPN, and NAC. Her work appears regularly in industry publications, including Wi-Fi Planet, SearchMobileComputing, and Information Security Magazine.
Speaker - Bryan Wargo, General Manager, AirWave Wireless
Bryan Wargo is the general manager of Aruba's AirWave division focused on multi-vendor wireless management systems. Bryan comes to Aruba via the AirWave Wireless acquisition where he was Vice President of Sales & Business Development since 2002. Prior to AirWave, Bryan successfully founded 2Roam to address the proliferation of mobile Internet devices and the profound effect they have on enterprise computing. Bryan also served as senior business development manager for VeriFone's e-commerce software products and was a territory manager for Hewlett-Packard's Unix division. Bryan holds a Bachelor of Science degree in Electrical Engineering from Santa Clara University.
Speaker - Clifford Cibelli, Manager -- Global Managed Solutions, Verizon
Cliff Cibelli is a manager of product management and development for Verizon, with responsibility for developing and deploying managed network solutions across all Verizon business channels. Cibelli's portfolio includes cross-product support for managed mobility, managed wide- and local-area networking, wireless local area networking and emergency communications services. A 27-year communications industry veteran, Cibelli holds a bachelor's degree in computer science from Fairleigh Dickinson University, as well as certifications from the Foundations of IT Service Management and ITIL.
Speaker - Wade Williamson, Director, Product Management, AirMagnet Inc.
Wade Williamson, director of product management at AirMagnet has extensive experience in driving and delivering critical wireless and voice-over-wireless solutions to enterprise, retail, healthcare, financial, education, and government markets. During his 5+ years at AirMagnet, Mr. Williamson has brought the company's flagship product lines to fruition and continues to drive product development to support emerging technologies such as 802.11n. Prior to AirMagnet, Mr. Williamson held various product management, engineering, and technical marketing positions with emerging solution providers, as well as with established networking leaders such as Sun Microsystems and Netscape Communications. Mr. Williamson holds a Bachelors of Science degree from the University of Texas-Austin.
What's Wrong with the WAN Firewall?Friday, November 20 — 10:15–11:15 AM
Location: 1E07
The traditional WAN firewall makes two flawed assumptions. One assumption is that the information contained in the first packet in a connection is sufficient to identify the application. The second assumption is that the TCP and UDP well-known port numbers are always used as intended. These are just two of the issues that suggest that the traditional WAN firewall cannot effectively support the current environment. In this session the panelists will describe the limitations of the traditional WAN firewall and identify what functionality firewalls need to implement to overcome these limitations.
Location: 1E07
The traditional WAN firewall makes two flawed assumptions. One assumption is that the information contained in the first packet in a connection is sufficient to identify the application. The second assumption is that the TCP and UDP well-known port numbers are always used as intended. These are just two of the issues that suggest that the traditional WAN firewall cannot effectively support the current environment. In this session the panelists will describe the limitations of the traditional WAN firewall and identify what functionality firewalls need to implement to overcome these limitations.
Speaker - Nir Zuk, CTO, Palo Alto Networks
Nir Zuk brings a wealth of network security expertise and industry experience to Palo Alto Networks. Prior to co-founding Palo Alto Networks, Nir was CTO at NetScreen Technologies, which was acquired by Juniper Networks in 2004. Prior to NetScreen, Nir was co-founder and CTO at OneSecure, a pioneer in intrusion prevention and detection appliances. Nir was also a principal engineer at Check Point Software Technologies and was one of the developers of stateful inspection technology.
Learn more about the Conference
Security Workshops
Securing Windows 7Monday, November 16 — 9:00 AM–5:00 PM
Location: 1E21
Windows 7 is set to inherit the XP kingdom: attend this session and lean the security tricks needed to keep your kingdom safe. You'll understand Microsoft's new security model and how to make it work for you. Be dazzled by over 300 diagnostic tools built in Win 7, which can make you a Diagnostic Demon! Understand where the hidden folder system is that your files and programs are installed and where the registry hides your setting. (Hint: they don't exist in XP!) You'll learn unique optional security setting to really secure Win 7 so you comply with the Federal security regulations. None of these setting are on by default, all are deep screened and all increase your security for Free. Finish by constructing a self booting USB copy of Win 7 that can be used for enterprise rollout, diagnostic or just a great OS on a stick.
Using information gathered from multiple sources - including private discussions with developers, inside MS sources and personal investigation — this workshop will help you understand the next generation of Microsoft clients NOW!
Course Outline * MS Security history and why / what they changed. * Virtual Lies! * Hey Biba, what a theory like you doing in a place like this? * Diagnostics Delights of Win 7. * 5 security upgrades for just a click. * Live from your USB - It's Windows Seven!!! * Demonstration driven so bring you laptop with 7 or Vista
You Will Learn
* The basic security concept that Microsoft uses for their new product line. * What the UAC really does and how to tame it. * How to verbalize why your programs don't run with Win 7 and 5 different ways to fix your problem. * 3 great improvements that can be used to increase your security * How to make a self booting USB/CD for simple enterprise rollout, diagnostic or just a great OS on a stick.
Who Should Attend
* Technicians or supervisors who have to work with Windows 7 * Managers or Executives who need to make decisions about Windows 7 * Security professional who need to update their Windows 7 security knowledge
Location: 1E21
Windows 7 is set to inherit the XP kingdom: attend this session and lean the security tricks needed to keep your kingdom safe. You'll understand Microsoft's new security model and how to make it work for you. Be dazzled by over 300 diagnostic tools built in Win 7, which can make you a Diagnostic Demon! Understand where the hidden folder system is that your files and programs are installed and where the registry hides your setting. (Hint: they don't exist in XP!) You'll learn unique optional security setting to really secure Win 7 so you comply with the Federal security regulations. None of these setting are on by default, all are deep screened and all increase your security for Free. Finish by constructing a self booting USB copy of Win 7 that can be used for enterprise rollout, diagnostic or just a great OS on a stick.
Using information gathered from multiple sources - including private discussions with developers, inside MS sources and personal investigation — this workshop will help you understand the next generation of Microsoft clients NOW!
Course Outline
You Will Learn
* The basic security concept that Microsoft uses for their new product line. * What the UAC really does and how to tame it. * How to verbalize why your programs don't run with Win 7 and 5 different ways to fix your problem. * 3 great improvements that can be used to increase your security * How to make a self booting USB/CD for simple enterprise rollout, diagnostic or just a great OS on a stick.
Who Should Attend
* Technicians or supervisors who have to work with Windows 7 * Managers or Executives who need to make decisions about Windows 7 * Security professional who need to update their Windows 7 security knowledge
Instructor - Brad Smith, Director, Computer Institute of the Rockies
Brad Smith, RN, MCNPS, CISSP, NSA-IAM became fascinated with computers in 1972 and hasn't burned out yet! He has been beta testing Microsoft products since Windows NT and every OS since then, including Win 7. Brad prides himself as an equal opportunity OS hater and finds problems with all OS's, regardless of age, platform or kernel. His collection of OS's contains many examples of how not to write an OS. Some day he hopes to find an OS that he can take long stable walks together, while being green and having great security that doesn't need readjusting. He can only hope.
Understanding Voice Over IPMonday, November 16 — 9:00 AM–5:00 PM
Location: 1E13
This workshop provides a technology overview of Voice over IP (VoIP), including the protocols, technologies and architectures at the core of VoIP products and systems. These include media transport like the real time transport protocol, quality of service technologies such as differentiated services and the Resource Reservation Protocol (RSVP), signaling through the Session Initiation Protocol (SIP), security, as well as firewall and NAT traversal using techniques like the Simple Traversal of UDP Through NAT (STUN) and Interactive Connectivity Establishment (ICE). The course does not provide a review of products on the markets or network design guidelines.
Course Outline
* Voice Coding * Real Time Transport Protocol (RTP) * Quality of Service * SIP * Security * NAT and Firewall Traversal
Who Should Attend
Technologists or technology managers that want to understand how VoIP works "under the hood".
You Will Learn
After this Workshop, students will be able to identify the key technologies used within VoIP systems, understand how they fit together, and appreciate some of the complexities in developing VoIP networks.
Location: 1E13
This workshop provides a technology overview of Voice over IP (VoIP), including the protocols, technologies and architectures at the core of VoIP products and systems. These include media transport like the real time transport protocol, quality of service technologies such as differentiated services and the Resource Reservation Protocol (RSVP), signaling through the Session Initiation Protocol (SIP), security, as well as firewall and NAT traversal using techniques like the Simple Traversal of UDP Through NAT (STUN) and Interactive Connectivity Establishment (ICE). The course does not provide a review of products on the markets or network design guidelines.
Course Outline
* Voice Coding * Real Time Transport Protocol (RTP) * Quality of Service * SIP * Security * NAT and Firewall Traversal
Who Should Attend
Technologists or technology managers that want to understand how VoIP works "under the hood".
You Will Learn
After this Workshop, students will be able to identify the key technologies used within VoIP systems, understand how they fit together, and appreciate some of the complexities in developing VoIP networks.
Instructor - Jonathan Rosenberg, Chief Technology Strategist, Skype
Jonathan Rosenberg is Chief Technology Strategist for Skype, where he is responsible for Skype's technology directions and overall architecture. Prior to that, he was a Cisco Fellow at Cisco, where he set technology strategy for their enterprise PBX product. Jonathan is the principle author of SIP, the lingua-franca of Voice over IP, and has written many of the standards around it, particularly in the areas of NAT traversal, presence and IM. For his work, Jonathan was named one of the top 100 most innovative young technologists in the world by Technology Review magazine. He received a PhD from Columbia University and his masters and bachelors from MIT.
Managing the Challenges in Enterprise MobilityTuesday, November 17 — 9:00 AM–5:00 PM
Location: 1E21
Morning Focus
Managing and Securing Mobile Devices
Enterprises are depending more and more on mobile applications to increase productivity and responsiveness. However cellular charges are growing faster than any other element in the networking budget and organizations need to develop policies that ensure they are getting the best return on that investment. Along with controlling the costs associated with mobility, networking departments will have to develop systems and procedures to allow them to manage, maintain, and secure the growing number of laptops, smartphones, and other mobile devices that are now becoming an important part of their responsibility. Security is a major part of that concern. With incidents like the TJX security failure, the requirement to secure mobile networks and devices has become a major issue for the enterprises.
This workshop is designed to help enterprise IT departments to define their mobility requirements and develop systems and policies to manage the growing assortment of mobile devices users are demanding. The program will feature a discussion of the overall task of managing mobility solutions, the vulnerabilities inherent in each of the major wireless technologies, and the best practices for addressing them.
Course Outline
? Mobile Device Management ? Mobile Security Overview ? New Wi-Fi Security Issues ? Cellular 2.5/3G Security Elements ? PDA/Smart Phone Security
You Will Learn
This workshop is designed to help managers understand the management and security issues involved in the full range of wireless networks and mobile devices.
Afternoon Focus
Next Phase Planning for Wireless LANs: 802.11n, Voice over Wireless LANs, and Fixed Mobile Convergence
Enterprise wireless LANs have gone from being a convenient network access mechanism to a critical part of the network infrastructure. Centrally-controlled WLAN switching systems have become commonplace, and we are now in the midst of a major upgrade as to the new higher-capacity 802.11n radio link. To ensure that the upgrade delivers the full benefit, buyers will need to understand the different 802.11n implementations, new network design factors, core network capacity, security requirements, testing, frequency planning, and access point powering.
This workshop is designed to bring you up to speed on the major developments in wireless LAN technology and applications. While it features a brief overview of WLAN technologies, the program assumes a fundamental understanding of the basic concepts and focuses on planning issues for the developing areas in WLAN technology.
Course Outline
? WLAN Fundamentals ? The 802.11n Radio Link ? Voice over Wireless LANs ? Fixed-Mobile Convergence and Mobile Unified Communications
You Will Learn
This program will provide a comprehensive, vendor-neutral description of client and infrastructure requirements for WLAN voice, and the range of options for implementing FMC.
---------------------------------------------------
Who Should Attend
Wired and wireless network managers and security specialists who need a clearer understanding of the challenges involved in the developing areas of mobility and the current best practices for dealing with them
Location: 1E21
Morning Focus
Managing and Securing Mobile Devices
Enterprises are depending more and more on mobile applications to increase productivity and responsiveness. However cellular charges are growing faster than any other element in the networking budget and organizations need to develop policies that ensure they are getting the best return on that investment. Along with controlling the costs associated with mobility, networking departments will have to develop systems and procedures to allow them to manage, maintain, and secure the growing number of laptops, smartphones, and other mobile devices that are now becoming an important part of their responsibility. Security is a major part of that concern. With incidents like the TJX security failure, the requirement to secure mobile networks and devices has become a major issue for the enterprises.
This workshop is designed to help enterprise IT departments to define their mobility requirements and develop systems and policies to manage the growing assortment of mobile devices users are demanding. The program will feature a discussion of the overall task of managing mobility solutions, the vulnerabilities inherent in each of the major wireless technologies, and the best practices for addressing them.
Course Outline
? Mobile Device Management ? Mobile Security Overview ? New Wi-Fi Security Issues ? Cellular 2.5/3G Security Elements ? PDA/Smart Phone Security
You Will Learn
This workshop is designed to help managers understand the management and security issues involved in the full range of wireless networks and mobile devices.
Afternoon Focus
Next Phase Planning for Wireless LANs: 802.11n, Voice over Wireless LANs, and Fixed Mobile Convergence
Enterprise wireless LANs have gone from being a convenient network access mechanism to a critical part of the network infrastructure. Centrally-controlled WLAN switching systems have become commonplace, and we are now in the midst of a major upgrade as to the new higher-capacity 802.11n radio link. To ensure that the upgrade delivers the full benefit, buyers will need to understand the different 802.11n implementations, new network design factors, core network capacity, security requirements, testing, frequency planning, and access point powering.
This workshop is designed to bring you up to speed on the major developments in wireless LAN technology and applications. While it features a brief overview of WLAN technologies, the program assumes a fundamental understanding of the basic concepts and focuses on planning issues for the developing areas in WLAN technology.
Course Outline
? WLAN Fundamentals ? The 802.11n Radio Link ? Voice over Wireless LANs ? Fixed-Mobile Convergence and Mobile Unified Communications
You Will Learn
This program will provide a comprehensive, vendor-neutral description of client and infrastructure requirements for WLAN voice, and the range of options for implementing FMC.
---------------------------------------------------
Who Should Attend
Wired and wireless network managers and security specialists who need a clearer understanding of the challenges involved in the developing areas of mobility and the current best practices for dealing with them
Instructor - Michael Finneran, Principal, dBrn Associates, Inc
Michael is an independent consultant, industry analyst, and writer who focuses on wireless technologies, mobile UC, and fixed-mobile convergence. He wrote the book Voice Over Wireless LANs- The Complete Guide (Elsevier, 2008), though his expertise spans the full range of wireless technologies including Wi-Fi, Cellular, WiMAX, and RFID. A lively and informative speaker, Michael has made frequent appearances at trade shows and conferences including VoiceCon and InterOp, and he now serves as the program chair for Wireless and Mobility at VoiceCon. In the consulting area, Mr. Finneran has provided assistance to carriers, equipment vendors, end users, investment firms, and a number of government agencies. A prolific writer, for twenty-three years he wrote the Networking Intelligence column for "Business Communications Review". He now contributes on wireless and mobility to NoJitter as well as UC Strategies.com. He has published numerous white papers and has contributed to Computerworld, Data Communications, The Ticker, and The ACUTA Journal. Well respected as an educator, he has conducted over 2000 seminars on networking topics in the US, Europe, Africa, and Asia. He taught in the Graduate Telecommunications program at Pace University, and conducted programs at the Center for the Study of Data Processing at Washington University in St. Louis. His courses are now offered through Telecom + UC Training. Mr. Finneran holds a Bachelor of Arts degree (Magna Cum Laude) from Manhattan College and a Masters Degree from the J. L. Kellogg Graduate School of Management at Northwestern University.
Understanding, Designing, and Deploying Network Access Control (NAC)Tuesday, November 17 — 9:00 AM–5:00 PM
Location: 1E13
Network Access Control takes "defense in depth" all the way to the desktop. With NAC on your network, every connection can be authenticated and controlled, helping to reduce the risk of malware or malicious people taking hold on the network. Because NAC is the hot buzzword right now, the products can be confusing and the vendors contentious. However, NAC represents the most significant change in the way that networks are secured since the invention of the firewall. Network managers are now being given the tools to create a strong link between users, end systems, desktop workstations, laptops, and access to network resources.
With components of end-point security, authentication and access control, these emerging NAC architectures and products offer almost endless options. Your job is to select the right components and pieces to match your own requirements.
This full-day seminar will cover the concepts behind NAC, giving you the tools to understand both single-vendor solutions and multi-vendor NAC architectures from Cisco, Microsoft and the Trusted Computing Group. We'll discuss specific issues in deploying NAC in enterprise networks, and cover key strategies you can use to ensure successful NAC planning and deployment. During the day, a panel of leading NAC experts will the debate issues and take your questions.
Course Agenda
NAC Architecture and End Point Security * NAC basics, including an overview of problems NAC is supposed to solve -- compared to the problems it actually solves * In-depth information on NAC's key components of authentication, end-point security, access control, and management
Design and Deployment of NAC Solutions * What it takes to put NAC into a production network * Five main steps of a NAC deployment
NAC Product Architectures * An overview of industry-leading NAC solutions, presented in a vendor-neutral way * How Microsoft, Cisco, and other NAC vendors are working together -- and how they are working against each other
NAC Panel * Audience-led Q&A of NAC technical experts on NAC deployment, architecture, and real-world lessons learned. This is not a marketing pitch. This is your chance to ask NAC veterans about how NAC works in the real world.
NAC Enforcement Strategies * Where should NAC enforcement go in your network, and what are the pros and cons of each NAC enforcement strategy?
Nine Hard Questions about Network Access Control * Hard questions you should be able to answer about your chosen NAC solution, or hard questions you may want to ask your potential NAC vendors
Who Should Attend
* Network managers interested in learning about how NAC will affect network architectures, and in building higher security into networks * Security architects interested in pushing security from the perimeter deep into the network with full access control and authentication of end users * Desktop managers looking to enforce security policy compliance and get on top of regulatory issues with tighter controls
You Will Learn
* What NAC is, and the underlying technologies that make it happen * NAC enforcement options, and when to use various options * NAC architecture and solution choice strategies * Implementation issues * Solid strategies for adding NAC, and pitfalls to avoid
Location: 1E13
Network Access Control takes "defense in depth" all the way to the desktop. With NAC on your network, every connection can be authenticated and controlled, helping to reduce the risk of malware or malicious people taking hold on the network. Because NAC is the hot buzzword right now, the products can be confusing and the vendors contentious. However, NAC represents the most significant change in the way that networks are secured since the invention of the firewall. Network managers are now being given the tools to create a strong link between users, end systems, desktop workstations, laptops, and access to network resources.
With components of end-point security, authentication and access control, these emerging NAC architectures and products offer almost endless options. Your job is to select the right components and pieces to match your own requirements.
This full-day seminar will cover the concepts behind NAC, giving you the tools to understand both single-vendor solutions and multi-vendor NAC architectures from Cisco, Microsoft and the Trusted Computing Group. We'll discuss specific issues in deploying NAC in enterprise networks, and cover key strategies you can use to ensure successful NAC planning and deployment. During the day, a panel of leading NAC experts will the debate issues and take your questions.
Course Agenda
NAC Architecture and End Point Security * NAC basics, including an overview of problems NAC is supposed to solve -- compared to the problems it actually solves * In-depth information on NAC's key components of authentication, end-point security, access control, and management
Design and Deployment of NAC Solutions * What it takes to put NAC into a production network * Five main steps of a NAC deployment
NAC Product Architectures * An overview of industry-leading NAC solutions, presented in a vendor-neutral way * How Microsoft, Cisco, and other NAC vendors are working together -- and how they are working against each other
NAC Panel * Audience-led Q&A of NAC technical experts on NAC deployment, architecture, and real-world lessons learned. This is not a marketing pitch. This is your chance to ask NAC veterans about how NAC works in the real world.
NAC Enforcement Strategies * Where should NAC enforcement go in your network, and what are the pros and cons of each NAC enforcement strategy?
Nine Hard Questions about Network Access Control * Hard questions you should be able to answer about your chosen NAC solution, or hard questions you may want to ask your potential NAC vendors
Who Should Attend
* Network managers interested in learning about how NAC will affect network architectures, and in building higher security into networks * Security architects interested in pushing security from the perimeter deep into the network with full access control and authentication of end users * Desktop managers looking to enforce security policy compliance and get on top of regulatory issues with tighter controls
You Will Learn
* What NAC is, and the underlying technologies that make it happen * NAC enforcement options, and when to use various options * NAC architecture and solution choice strategies * Implementation issues * Solid strategies for adding NAC, and pitfalls to avoid
Instructor - Joel Snyder, Senior Partner, Opus One
Joel Snyder is a senior partner with Opus One, a consulting firm in Tucson, Arizona. He spends most of his time on the road helping people build larger, faster, safer, and more reliable networks. His professional travels have taken him to San Francisco, St. Petersburg, Singapore, Sydney, Santiago, Slough and other cities with names not starting with S. Joel has been working with networks and information security since 1981, when he started consulting on X.25 and public key cryptography, and he's been very busy ever since. He has been a member of the ISO and ITU committees which write network standards, has authored several books and hundreds of articles. He was the conference director for VPNCON, and has advised and trained thousands of people privately and at conferences around the world on networking, security, messaging, and VPNs. His home network has run almost every protocol, firewall, and VPN device you can think of, and he regularly changes his password. As an author and speaker, he's received numerous awards, recognizing his work to improve enterprise IT. He's helped over 200 private and public organizations (many of which you've heard of) with their networking, email, and security problems. He is a fierce believer in the value of empowering people, and knows that you can serve a red wine with fish. Snyder's baccaulureate degree is in Latin, and his PhD is in Management Information Systems. His dissertation is on computer networks in the former Soviet Union. Almost everything he wrote in graduate school is now classified and he's not allowed to read it anymore, which is good because it wasn't very interesting to begin with. His favorite color Crayola crayon is Burnt Sienna. Joel lives and works in Tucson with Jan Trumbo and their cats, Wanda Rutkiewicz and Oliver Mellors.
Speaker - Bhagya Prasad, Software Engineer, Avenda Systems
Speaker - Garrett Bechler, Endpoint Security Solutions Architect, Symantec Corp.
Speaker - Jeffrey Reilly, Technical Marketing Engineer, Netfast Communications, Inc.
Speaker - Mark Townsend, Sr. Systems Engineer, Enterasys
Mark Townsend's career has spanned the past two decades in computer networking, during which he has contributed to several patents and pending patents in information security. He has established himself as an expert related to networking and security in enterprise networks, with a focus on educational environments. Mark is a contributing member to several information security industry standards associations, most notably the Trusted Computing Group (TCG). Townsend's work in the TCG Trusted Network Connect (TNC) work group includes co-authoring the Clientless Endpoint Support Profile. Townsend is currently developing virtualization solutions and driving interoperability testing within the industry. Prior to his current position, he has served in a variety of roles including service and support, marketing, sales management and business development. In addition to his industry work, Mark is leveraging his background and serving his community as a school board member in a progressive school district consistently ranked in the top school districts of New Hampshire. Mark serves on the policy and negotiations sub-committees and is also the district technical liaison.
Speaker - Steve Hanna, Chairman, Trusted Computing Group TNC
Steve Hanna is a Distinguished Engineer at Juniper Networks. He serves as co-chair of the Trusted Network Connect Work Group in the Trusted Computing Group and co-chair of the Network Endpoint Assessment Working Group in the Internet Engineering Task Force. Hanna is the author of several IETF RFCs and published papers, an inventor or co-inventor on 33 issued U.S. patents, and a regular speaker at industry events. He holds a Bachelor's degree in Computer Science from Harvard University.
Virtualization DayTuesday, November 17 — 9:00 AM–5:00 PM
Location: 1E07
Virtualization is driving a fundamental shift in how we think about data center environments. It is lowering capital and operational costs, enabling IT agility, underlying Green IT initiatives and fueling the cloud. Is your company keeping up with this paradigm shift? Is your company taking full advantage of the benefits of virtualization - from basic consolidation through the advanced benefits of virtualization 2.0 like automation, high availability, disaster recovery, policy-based management, IT optimization and the move beyond servers and out to desktops and applications?
Morning Workshop
9:00 AM-12:15 PM
Advanced Virtualization Management and Automation Once an organization has completed an initial server virtualization/consolidation phase, it becomes clear that a new breed of tools is required to better monitor, manage, troubleshoot and tune this new virtual infrastructure. IT managers have to sift through the plethora of virtualization management solutions to identify which products are really ready for prime time, and then how to match their particular needs with available solutions. Learn how to fulfill the promise of virtualization, especially around improving operational efficiencies and reducing costs, through advanced management and automation.
Afternoon Workshop
1:45 PM -5:00 PM
Expanding Virtualization to Desktops and Applications
Many companies have already implemented server consolidation projects utilizing virtualization technologies. These projects have brought significant cost reductions to both capital and operational expenditures. Companies are now looking to leverage server, desktop and application virtualization technologies to bring order to the long-standing chaos of enterprise desktop management. But what are desktop and application virtualization, and where do they apply in your environment? How can your IT organization leverage these technologies to deal with the unrelenting daily demands of provisioning, administering, securing and supporting hundreds and thousands of corporate desktops and applications? During this workshop, industry analysts and virtualization experts will detail the technologies and solutions available for desktop virtualization, and application virtualization and streaming.
Location: 1E07
Virtualization is driving a fundamental shift in how we think about data center environments. It is lowering capital and operational costs, enabling IT agility, underlying Green IT initiatives and fueling the cloud. Is your company keeping up with this paradigm shift? Is your company taking full advantage of the benefits of virtualization - from basic consolidation through the advanced benefits of virtualization 2.0 like automation, high availability, disaster recovery, policy-based management, IT optimization and the move beyond servers and out to desktops and applications?
Morning Workshop
9:00 AM-12:15 PM
Advanced Virtualization Management and Automation Once an organization has completed an initial server virtualization/consolidation phase, it becomes clear that a new breed of tools is required to better monitor, manage, troubleshoot and tune this new virtual infrastructure. IT managers have to sift through the plethora of virtualization management solutions to identify which products are really ready for prime time, and then how to match their particular needs with available solutions. Learn how to fulfill the promise of virtualization, especially around improving operational efficiencies and reducing costs, through advanced management and automation.
Afternoon Workshop
1:45 PM -5:00 PM
Expanding Virtualization to Desktops and Applications
Many companies have already implemented server consolidation projects utilizing virtualization technologies. These projects have brought significant cost reductions to both capital and operational expenditures. Companies are now looking to leverage server, desktop and application virtualization technologies to bring order to the long-standing chaos of enterprise desktop management. But what are desktop and application virtualization, and where do they apply in your environment? How can your IT organization leverage these technologies to deal with the unrelenting daily demands of provisioning, administering, securing and supporting hundreds and thousands of corporate desktops and applications? During this workshop, industry analysts and virtualization experts will detail the technologies and solutions available for desktop virtualization, and application virtualization and streaming.
Instructor - Barb Goldworm, President and Chief Analyst, FOCUS
Barb Goldworm is president and chief analyst of FOCUS (www.focusonsystems.com), a research, analyst and consulting firm focused on systems, software and storage, with an emphasis on virtualization and improving IT agility, TCO and ROI. A frequent keynote speaker, columnist, and author, Barb has spent thirty years in the computer industry, in various technical, marketing, sales, senior management, and industry analyst positions with IBM, Novell, StorageTek, Enterprise Management Associates (EMA), and multiple successful startups. In addition to the current virtualization tracks at Interop, Barb also created and chaired Interop's Network Storage Track. She has been one of the top ranked expert speakers at SNW and Data Center Decisions and has been a regular speaker for TechTarget, Ziff-Davis and hundreds of other virtualization events and webcasts. She is also virtualization chair for Blade Systems Insight, and chaired the 2007 Server Blade Summit. Barb also has been a regular expert columnist since the 1990s for publications including Network World, ComputerWorld, TechTarget SearchServerVirtualization and others. She serves on multiple advisory boards and is a frequent judge for awards such as Best of VMworld, and Product of the Year. She has published hundreds of articles, business and technical white papers and market research reports on virtualization, systems, software, storage networking and systems management. She recently published the book, "Blade Servers and Virtualization: Transforming Enterprise Computing While Cutting Costs" (Wiley & Sons), available on Amazon.com. Barb started her career with virtualization in the 1970s with IBM's VM/370, and spent a decade in technical roles as a software developer, systems architect, systems engineer, and software development manager. After another decade in product management, marketing and sales, up through VP of marketing and sales, Barb has spent the last ten years as an analyst, consultant, author and speaker.
Learn more about Workshops
Security Free Sessions
Forensics are Not Enough! Case Studies in Proactive Network Defense using Security Information and Event Management (SIEM) Technology - Sponsored by TriGeo Network Security Wednesday, November 18 — 2:30–3:15 PM
Location: Free Ed Room 1 - Expo Floor
Learn how SIEM and real-time, in memory, analytics combine to capture, correlate and respond to network attacks and insider abuse. See automated responses to network attacks, policy violations, inappropriate web browsing and USB device usage. Hear how mid-sized enterprises use SIEM to meet regulatory compliance initiatives and gain network control.
Location: Free Ed Room 1 - Expo Floor
Learn how SIEM and real-time, in memory, analytics combine to capture, correlate and respond to network attacks and insider abuse. See automated responses to network attacks, policy violations, inappropriate web browsing and USB device usage. Hear how mid-sized enterprises use SIEM to meet regulatory compliance initiatives and gain network control.
Speaker - Michelle Dickman, President and CEO, TriGeo Network Security
Michelle Dickman is president and chief executive officer of TriGeo Network Security. Ms. Dickman has spent over 20 years in the software and financial industries combined. Much of her extensive management, sales and marketing experience has been focused on the midsize enterprise which is TriGeo's core market. Dickman also brings considerable business development and management skills to TriGeo. As the co-founder and President of an ERP software company, Dickman grew that organization from ten to nearly one hundred employees, with four regional offices, and annual growth ranging from 20 to 60 percent. Her leadership ultimately led to the organization's acquisition by a public company.
Decrease your Cyber Crime Risk! Learn How to Secure Your eCity! - Sponsored by ESETWednesday, November 18 — 3:30–4:15 PM
Location: Free Ed Room 2 - Expo Floor
Did you know that businesses have lost nearly one TRILLION dollars due to Cyber Crime? Are your employees at risk? How can you help protect your company assets and employees from the rampant growing problem of Cyber Crime? Attend ESET's Securing Our eCity workshop to learn proactive steps you can take to protect your enterprise.
Location: Free Ed Room 2 - Expo Floor
Did you know that businesses have lost nearly one TRILLION dollars due to Cyber Crime? Are your employees at risk? How can you help protect your company assets and employees from the rampant growing problem of Cyber Crime? Attend ESET's Securing Our eCity workshop to learn proactive steps you can take to protect your enterprise.
Speaker - Brandon Stigers, Training Manager, ESET
Reputation in the Cloud: Leveraging Reputation-based Services to Strengthen Your Security Posture - Sponsored by WatchguardThursday, November 19 — 11:30 AM–12:15 PM
Location: Free Ed Room 1 - Expo Floor
The face of security threats is constantly changing and organizations struggle to keep up. Cloud-based reputation services add a dynamic layer of protection by analyzing and scoring IP addresses, email messages and URLs—blocking suspicious traffic before it reaches your network. Learn about the anatomy of reputation services, how scores are assigned, why performance is improved and what you can do to take advantage of this exciting technology.
Location: Free Ed Room 1 - Expo Floor
The face of security threats is constantly changing and organizations struggle to keep up. Cloud-based reputation services add a dynamic layer of protection by analyzing and scoring IP addresses, email messages and URLs—blocking suspicious traffic before it reaches your network. Learn about the anatomy of reputation services, how scores are assigned, why performance is improved and what you can do to take advantage of this exciting technology.
Instructor - Bryan Nairn, , WatchGuard
The Future of Information Risk Management and Security: What's Next?Thursday, November 19 — 2:30–3:15 PM
Location: Free Ed Room 1 - Expo Floor
Information risk management security has evolved from a technical specialty into a core business function. The people, processes, procedures, and technologies that are utilized to protect information infrastructure are changing and maturing at a rapid pace. So too are the capabilities of the adversaries from whom you need to protect your information infrastructure. This session will discuss how your adversaries and threats they pose are evolving, and the emerging trends in information risk management security designed to protect your information infrastructure and data assets from them. The areas that will be discussed current leading practices and concepts including governance and organizational models, threat and vulnerability management and compliance concepts, and technological advances.
Location: Free Ed Room 1 - Expo Floor
Information risk management security has evolved from a technical specialty into a core business function. The people, processes, procedures, and technologies that are utilized to protect information infrastructure are changing and maturing at a rapid pace. So too are the capabilities of the adversaries from whom you need to protect your information infrastructure. This session will discuss how your adversaries and threats they pose are evolving, and the emerging trends in information risk management security designed to protect your information infrastructure and data assets from them. The areas that will be discussed current leading practices and concepts including governance and organizational models, threat and vulnerability management and compliance concepts, and technological advances.
Speaker - John Pironti, Chief Information Risk Strategist, Archer Technologies
John P. Pironti is the Chief Information Risk Strategist for Archer Technologies. In this role, John consults with Fortune 1000 executives on IT-GRC and information security issues and initiatives, evangelizes product concepts in the marketplace to gather feedback, and collaborates with Archer's product experts to translate industry needs into technology solutions. John has been designing and implementing highly secure, mission-critical, globally oriented enterprise information infrastructure solutions for more than 18 years. He has worked extensively on a global basis in the aerospace, financial services, government, healthcare, hospitality, insurance, publishing, media and entertainment and telecommunications industries. He is a frequent speaker at industry conferences, both domestic and international, on electronic business and information security topics, and is also a published author and writer.
Preventing Downtime by Utilizing Predictive Monitoring Systems - Sponsored by Geist ManufacturingThursday, November 19 — 2:30–3:15 PM
Location: Free Ed Room 2 - Expo Floor
Downtime in the datacenter industry is very costly. This session will cover the causes and costs of downtime in facilities. We will evaluate ways that implementing best practices in a comprehensive management system can reduce downtime and ultimately save money. Join us for a discussion on intelligent facilities best practices.
Location: Free Ed Room 2 - Expo Floor
Downtime in the datacenter industry is very costly. This session will cover the causes and costs of downtime in facilities. We will evaluate ways that implementing best practices in a comprehensive management system can reduce downtime and ultimately save money. Join us for a discussion on intelligent facilities best practices.
Speaker - Matt Lane, trockemann@geistmfg.com, Geist Manufacturing
Security Exhibitors
( | A | B | C | D | E | F | G | I | L | N | O | P | Q | S | T | W | X
Click on a column header to re-sort the exhibitor list:
| Company | Booth |
|---|---|
| 816 |
| 547 |
| 710 |
| 328 |
| 436 |
| 727 |
| 717 |
| 137 |
| 537 |
| 242 |
| 922 |
| 611 |
| 232 |
| 228 |
| 221 |
| 221 |
| 236 |
| 930 |
| 823 |
| 442 |
| 124 |
| 147 |
| 932 |
| 827 |
| 935 |
| 743 |
| 636 |
| 635 |
| |
| 120 |
| 822 |
| 246 |
| 817 |
| 545 |
| 517 |
| 831 |
| 722 |
| 947 |
| 121 |
| 129 |
| 924 |
| 346 |
| 642 |
| 825 |
| 133 |
| 617 |
| 623 |
| 712 |
| 239 |
