See the full days events here.
Click here to view our registration hours.
The new wisdom is “everyone gets breached eventually,” so what’s the right balance of response, detection, and prevention? Share your lessons learned and best practices deploying alternative and complementary technologies.
Case studies of BYOD disappointments will frame a discussion of actionable strategies and tactics balancing the freedom of a personal device and the requirements of organizational policy.
Some companies get a knock on the door by a three-letter-agency to deliver the bad news 'You are owned.' Some of us have heard about it, others have experienced it. This discussion is about making lemonade, not wasting a compromise, and building a world class security team driven by actionable intelligence.
We must trust users. As the workforce and culture shifts, protecting our users from accidental compromise is considerably different than detecting and interrupting malice. This discussion is designed to discuss what we've seen, what we know is happening, and the considerations in detecting and responding to these issues.
Everyone wants to work in a startup culture. It's the land where access to source code, production systems, user data is as simple as access to the weekly chair massages and the 4pm Nerf Gun Fight. However, it's all fun and games until something bad happens, or if you're lucky, your customers start demanding more before it does.
We are not giving the business what it wants, a true indication of risk. How will you meet their needs and mature alongside the business? Discussion will cover successes and failures around these topics:
Securing our networks and patching our systems does nothing to ensure the integrity supplier provided hardware. We worry about espionage from China, and still build data centers on hardware sourced from there. Building trust into embedded systems, controllers and firmware confirming that they not been tampered with along the supply chain is a complicated problem.
Every security department is at a different stage of maturity, depending on where you are on a development path will indicate how capable you are to execute a robust security program.
Increasing instrumentation is fundamental in detecting compromise at the application, host, and network level. However, in reality it is only the beginning. This discussion will be an exploration of what works (and what doesn’t) with network traffic anomaly analysis, passively detecting vulnerabilities being discovered at the application level, and useful approaches for correlating weak and strong attack signals.
Integrating security into the software development process to achieve the right assurance level is hard. The degree of difficulty increases as you factor in active attacks by bad guys and aggressive customer questions slowing down the sales process.
You’ve probably heard of the famous Davos. In 2013, a group of ICT industry executives and policymakers gathered to explore cyber resiliency, seeking to define crucial capabilities, including sharing of information and protection of critical infrastructure.
The World Economic Forum is joining us to get a Black Hat perspective of current and future cyber security considerations, to aid in creating recommendations for companies and governments. Output from this working group will be included in the 2014 Annual Meeting in Davos.
Over the last 20 years, Java has found its place on billions of devices, desktops and servers, and is expanding rapidly into new application areas including embedded and edge devices. As a result of its success, Java is an attractive exploitation target, making java security a significant concern. In this session, Milton will shed light on Oracle’s Java security program, their progress and plans for Java security.
Milton Smith leads the strategic security program for Java platform products as Sr. Principal Security PM at Oracle. Milton is responsible for defining the security vision for Java and managing working relationships with security organizations, researchers, and the industry at large. Prior to Oracle, Milton led security for Yahoo’s User Data Analytics (UDA) property.
Qualys, Inc. (NASDAQ: QLYS), is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations, including Accuvant, BT, Dell SecureWorks, Fujitsu, NTT, Symantec, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
For more information, please visit www.qualys.com
Philippe Courtot, Chairman and CEO
Currently CEO of Qualys, Philippe has a distinguished career turning innovative companies into industry leaders, including Signio, Verity and cc:mail. In 2012, he launched the Trustworthy Internet Movement, a nonprofit, vendor-neutral organization committed to addressing Internet security. He holds a Masters degree in Physics from the University of Paris.
Amer Deeba, Chief Marketing Officer
Amer oversees branding, marketing, communications and product marketing at Qualys. Prior to Qualys, he was the GM for Verisign’s Payment Services Division. Prior to VeriSign, Amer held a variety of management roles at companies including Adobe, Verity and Amdahl. Amer earned master's and bachelor's degrees in computer science.
Wolfgang Kandek, Chief Technical Officer
Wolfgang is responsible for product direction and operational aspects of the QualysGuard platform and infrastructure. Wolfgang has over 20 years experience developing and managing information systems. He earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany, and is a frequent speaker at security events.
Andrew Wild, Chief Security Officer
Andrew oversees security, risk management and compliance for Qualys. His over 20 years experience includes leading network engineering and security teams at EMC, BT and Sprint. Andrew has a master's degree in electrical engineering from George Washington University and a bachelor's degree in electrical engineering from the US Military Academy.
John Wilson, Executive Vice President of World Wide Field Operations
John manages Qualys’ global field operations. Prior to Qualys, John held leadership roles at companies including Verizon, Ubizen and Johnson & Johnson. He served as an officer in the U.S. Army, and holds a bachelor’s degree from the US Military Academy at West Point and an MBA from Fordham University.
Vigilant by Deloitte is the cyber incident risk management solutions group of Deloitte & Touche LLP’s Security and Privacy Services, offering consulting services, managed services, and information services to help organizations protect their critical data and infrastructure from emerging cyber threats. In combination with Deloitte's larger portfolio of security services, we help companies with their information risk management initiatives, working to advance and evolve security solutions, improve enterprise security and value, and develop risk aware programs and processes. • Identity Access Management • Cyber Threat & Vulnerability Management • Governance, Risk & Compliance • Information & Technology Risk Management • Resiliency • Privacy & Data Protection • Enterprise Application Integrity www.deloitte.com
Ed Powers, the National Leader of Deloitte’s Security & Privacy practice, specializes in cyber security and IT risk management, and works with many leading financial institutions and other global organizations. Previously, he taught Technology Management and Information Security in the Marshall School of Business at the University of Southern California.
Joe Magee is a Director at Vigilant by Deloitte, where he oversees development of strategic services. He was a co-founder and CTO of Vigilant, where he led the development of security monitoring methodology, pioneered fraud monitoring solutions, and provided the vision behind the company’s managed services and threat intelligence offerings.
As Head of Intelligence, Lance James oversees Vigilant by Deloitte’s threat intelligence services. Previously CTO at Secure Science Corporation and senior threat analyst at Damballa, James is well-known in the intelligence community as an author, an expert witness in fraud and identity theft cases, and a contributor to security-related regulations.
BlackBerry Security, Research in Motion (RIM), is a world class organization providing end to end security focus including: driving the BlackBerry security message globally, security accreditations, development of security products, advanced threat research, building mitigations into BlackBerry products, and by rapidly responding to security incidents. More information: www.blackberry.com/security.
Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com or follow us @TripwireInc on Twitter.
Websense, Inc. (NASDAQ: WBSN) is a global leader in protecting organizations from the latest cyber attacks and data theft. Websense TRITON comprehensive security solutions unify web security, email security, mobile security and data loss prevention (DLP) at the lowest total cost of ownership. Tens of thousands of enterprises rely on Websense TRITON security intelligence to stop advanced persistent threats, targeted attacks and evolving malware. Websense prevents data breaches, intellectual property theft and enforces security compliance and best practices. A global network of channel partners distributes scalable, unified appliance- and cloud-based Websense TRITON solutions.
Websense TRITON stops more threats, visit www.websense.com/proveit to see proof. To access the latest Websense security insights and connect through social media, please visit www.social.websense.com. For more information, visit www.websense.com and www.websense.com/triton.